Disconnect IPsec connection from CLI
-
Let me clear up the title. Much like in the GUI - Status - IPsec, when you have an active connection, to the far right you have the red button Disconnect. I would like to initiate that connection from the CLI. Is there a direct command?
I am asking because one of my IPsec connections is to an older Sonicwall at a client site but their Sonicwall keeps dropping the P2, so currently my only option is to go to GUI - Status - IPsec then click Disconnect and it re-establishes the P2 immediately. I have written a monitoring script in Powershell that will notify of a P2 disconnect but it would be better if the script can perform the Disconnect action forcing PFS to reinitialize the P1 and P2.
Thanks.
-
ipsec down <name> tells the IKE daemon to terminate connection <name>. Implemented by calling the ipsec stroke down <name> command. ipsec down <name>{n} terminates CHILD_SA instance n of connection <name>. Since {n} uniquely identifis a CHILD_SA the name is optional. ipsec down <name>{*} terminates all CHILD_SA instances of connection <name>. ipsec down <name>[n] terminates IKE_SA instance n of connection <name> plus dependent CHILD_SAs. Since [n] uniquely identifis an IKE_SA the name is optional. ipsec down <name>[*] terminates all IKE_SA instances of connection <name>.
or
[2.4.4-RELEASE][admin@pfSense.localdomain]/root: swanctl --terminate --help strongSwan 5.7.1 swanctl usage: swanctl --terminate --child <name> | --ike <name | --child-id <id> | --ike-id <id> [--timeout <s>] [--raw|--pretty] --help (-h) show usage information --child (-c) terminate by CHILD_SA name --ike (-i) terminate by IKE_SA name --child-id (-C) terminate by CHILD_SA reqid --ike-id (-I) terminate by IKE_SA unique identifier