Disable/Enable IPSEC VPN via CLI?

  • Hi, quick question in case this is possible.. is there a way to enable or disable IPSEC VPN tunnels via CLI? Thanks!

  • @thund3rsh0ck

    ipsec up <name>

    tells the IKE daemon to start up connection <name>. Implemented by calling the ipsec stroke up <name> command.

    ipsec down <name>

    tells the IKE daemon to terminate connection <name>. Implemented by calling the ipsec stroke down <name> command.

  • LAYER 8 Netgate

    Look at swanctl instead. It is the path forward.

    strongSwan 5.7.1 swanctl
    loaded plugins: unbound aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac curl
      swanctl --reload-settings  (-r)  reload daemon strongswan.conf
      swanctl --stats            (-S)  show daemon stats information
      swanctl --version          (-v)  show version information
      swanctl --log              (-T)  trace logging output
      swanctl --load-pools       (-a)  (re-)load pool configuration
      swanctl --load-creds       (-s)  (re-)load credentials
      swanctl --load-conns       (-c)  (re-)load connection configuration
      swanctl --load-authorities (-b)  (re-)load authority configuration
      swanctl --load-all         (-q)  load credentials, authorities, pools and connections
      swanctl --flush-certs      (-f)  flush cached certificates
      swanctl --list-algs        (-g)  show loaded algorithms
      swanctl --list-pools       (-A)  list loaded pool configurations
      swanctl --list-certs       (-x)  list stored certificates
      swanctl --list-conns       (-L)  list loaded configurations
      swanctl --list-authorities (-B)  list loaded authority configurations
      swanctl --list-pols        (-P)  list currently installed policies
      swanctl --monitor-sa       (-m)  monitor for IKE_SA and CHILD_SA changes
      swanctl --list-sas         (-l)  list currently active IKE_SAs
      swanctl --install          (-p)  install a trap or shunt policy
      swanctl --uninstall        (-u)  uninstall a trap or shunt policy
      swanctl --redirect         (-d)  redirect an IKE_SA
      swanctl --rekey            (-R)  rekey an SA
      swanctl --terminate        (-t)  terminate a connection
      swanctl --initiate         (-i)  initiate a connection
      swanctl --counters         (-C)  list or reset IKE event counters
      swanctl --help             (-h)  show usage information

  • Thanks for the help @Derelict and @Konstanti
    What ended up working for me is

    pfSsh.php playback svc start ipsec

    along with some of the ipsec down and up commands. Hadn't tried swanctl but definitely appreciate all of the suggestions!

Log in to reply