FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
590 views 0 comments
by anonymous
Hello:

I have having some IPSec tunnel duplication issues. I have a work around using ipsec stroke down THECONNECTION but this call take over 90 seconds to bring the offending SA down and must be followed by an ipsec update command which fixes everything.

According to Tobias from strongswan, the vici/swanctl command is much more versatile but I cannot find this command inside the RUT-950.

Do I need enable this plugin or was it excluded when strongswan was compiled?

Cheers,

John

1 Answer

0 votes
by anonymous

Hello,

This one should help you, it will keep only the most recent SA:

/usr/sbin/ipsec statusall|grep INSTALLED|sed -e 's/:.*$//' -e '$d'|while read sa;do /usr/sbin/ipsec down $sa;done

Regards,