IPSEC Mobile doesn't show connected users
-
I have IPSEC mobile running fine but it doesn't show connected users in the Dashboard widget or in Status > IPsec tab.
It only shows in Status > IPsec > SAD tab.
The screen shots below were taken during established connection:
-
Are you using any authentication for these mobile users?
The mobile section will show only users connected with an username authentication.
-
Thanks ermal.
I'm using Pre-shared keys.
-
Can you show an output of racoonctl show-users?
-
@ermal:
Can you show an output of racoonctl show-users?
Yep, the next time I make a mobile connection I'll post an output of racoonctl show-users.
But I think I understand what you said before. The IPSEC mobile user must be registered in the System > User Manager, not only in the Pre-shared keys tab. That's right?
-
There we go:
[2.1-BETA0][root@xxxxxxxxxx.yyyyyyy.zzz]/root(1): racoonctl show-users
User|Source|Destination|CreatedOn|SPI
|187.64.217.245:4500|177.133.176.34:4500|2012-11-02 14:12:11|0
|187.64.217.245:500|189.47.177.102:500|2012-11-02 10:06:46|0
|187.64.217.245:500|200.153.143.119:500|2012-11-02 10:06:46|0
|187.64.217.245:500|187.106.26.249:500|2012-11-02 10:06:46|0
-
Using PSK's there are no usernames, which is what that mobile user bit was supposed to show (connected xauth users).
The function that dumps the mobile users ignores any line without a username set, which none of those have.
You can try to edit that check at line 553 of /etc/inc/ipsec.inc
Though killing those connections won't work, as the racoonctl command to kill mobile sessions only works by username.
-
Thanks jimp.
