Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC Mobile doesn't show connected users

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    8 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnnybe
      last edited by

      I have IPSEC mobile running fine but it doesn't show connected users in the Dashboard widget or in Status > IPsec tab.
      It only shows in Status > IPsec > SAD tab.
      The screen shots below were taken during established connection:

      dashboard.png
      dashboard.png_thumb
      status.png
      status.png_thumb
      sad.png
      sad.png_thumb

      you would not believe the view up here

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        Are you using any authentication for these mobile users?
        The mobile section will show only users connected with an username authentication.

        1 Reply Last reply Reply Quote 0
        • J
          johnnybe
          last edited by

          Thanks ermal.
          I'm using Pre-shared keys.

          you would not believe the view up here

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by

            Can you show an output of racoonctl show-users?

            1 Reply Last reply Reply Quote 0
            • J
              johnnybe
              last edited by

              @ermal:

              Can you show an output of racoonctl show-users?

              Yep, the next time I make a mobile connection I'll post an output of racoonctl show-users.
              But I think I understand what you said before. The IPSEC mobile user must be registered in the System > User Manager, not only in the Pre-shared keys tab. That's right?

              you would not believe the view up here

              1 Reply Last reply Reply Quote 0
              • J
                johnnybe
                last edited by

                There we go:

                [2.1-BETA0][root@xxxxxxxxxx.yyyyyyy.zzz]/root(1): racoonctl show-users
                User|Source|Destination|CreatedOn|SPI
                |187.64.217.245:4500|177.133.176.34:4500|2012-11-02 14:12:11|0
                |187.64.217.245:500|189.47.177.102:500|2012-11-02 10:06:46|0
                |187.64.217.245:500|200.153.143.119:500|2012-11-02 10:06:46|0
                |187.64.217.245:500|187.106.26.249:500|2012-11-02 10:06:46|0

                you would not believe the view up here

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Using PSK's there are no usernames, which is what that mobile user bit was supposed to show (connected xauth users).

                  The function that dumps the mobile users ignores any line without a username set, which none of those have.

                  You can try to edit that check at line 553 of /etc/inc/ipsec.inc

                  Though killing those connections won't work, as the racoonctl command to kill mobile sessions only works by username.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    johnnybe
                    last edited by

                    Thanks jimp.

                    you would not believe the view up here

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.