Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Swanctl --list-conn output does not match IPsec status.

    IPsec
    1
    1
    211
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      icewall
      last edited by

      When I set up the IPsec tunnel, I had rekeying disabled, as it was the default at the time. I have since unchecked the disable rekeying box. After a reboot I suspect rekeying is still disabled. The swanctl --list-conn output confims this.

      I also noticed the lifetimes in the swanclt output are off by 540sec for both the Phase 1 and Phase 2 lifetimes.

      0_1543421459995_swanctl --list-conn.png

      0_1543421487299_Phase1.png

      0_1543421495851_Phase2.png

      The tunnel functions as expected. however the IPSEC Overview Page lists multiple entries for the same tunnel?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post