[Version - 2.4.4-RELEASE-p3(amd64)]Changing Phase 1 Key Exchange version to IKEv2 messes up ipsec status command output



  • Recently I changed version of Phase 1 KEY-EXCHANGE to IKEv2 and all my tunnel connection output have been concatenated into one line
    238c48d3-2f15-42b5-b7c3-109fd90729f0-image.png

    It worked fine previously in version IKEv1, as shown by the output below:
    e05b9b36-4e30-4a3b-a359-4828e1247b4b-image.png

    I am using this command to scrape logs for my prometheus server using a bash script.

    Is there any way I could get all child entries on different lines keeping Key exchange version to IKEv2, since IKEv2 is critical to our project.

    Here's the tunnel setup :
    41c0e204-d8ec-4206-b1be-fabe8c42a46a-image.png



  • Figured it out, you need to edit phase 1 and check 'Split Connections' box
    46e860ae-4c6c-4363-a7c3-5038bc2298b3-image.png


  • Rebel Alliance Developer Netgate

    You don't have to check that box, but you can. IKEv2 is more efficient there, it doesn't need to separate all those out. Some other equipment (notably Cisco) doesn't like that, though.


Log in to reply