Question

Hello:

I have having some IPSec tunnel duplication issues. I have a work around using ipsec stroke down THECONNECTION but this call take over 90 seconds to bring the offending SA down and must be followed by an ipsec update command which fixes everything.

According to Tobias from strongswan, the vici/swanctl command is much more versatile but I cannot find this command inside the RUT-950.

Do I need enable this plugin or was it excluded when strongswan was compiled?

Cheers,

John

Answer 1

Hello,

This one should help you, it will keep only the most recent SA:

/usr/sbin/ipsec statusall|grep INSTALLED|sed -e 's/:.*$//' -e '$d'|while read sa;do /usr/sbin/ipsec down $sa;done

Regards,