Hello misc,
I'm trying to delete individual tunnels with ipsecctl:
This is on the 4.1 snapshots from April 6.
# uname -a
OpenBSD localhost 4.1 GENERIC#1466 i386
First I delete the flows:
# ipsecctl -sf
flow esp in from 10.0.0.0/29 to 0.0.0.0/0 peer 192.168.5.12 srcid
[EMAIL PROTECTED] dstid test type use
flow esp out from 0.0.0.0/0 to 10.0.0.0/29 peer 192.168.5.12 srcid
[EMAIL PROTECTED] dstid test type require
# ipsecctl -sf | ipsecctl -d -f-
# ipsecctl -sf
That works fine.
Then I try to delete the SAs:
# ipsecctl -ss
esp tunnel from 192.168.5.5 to 192.168.5.12 spi 0x17661dae auth hmac-
sha2-256 enc aes
esp tunnel from 192.168.5.12 to 192.168.5.5 spi 0x268063a2 auth hmac-
sha2-256 enc aes
# ipsecctl -ss | ipsecctl -d -f-
stdin: 1: no authentication key specified
stdin: 2: no authentication key specified
ipsecctl: Syntax error in config file: ipsec rules not loaded
#
What authentication key is needed? How can I remove a specific SA?
I should add that this is on a passive IPsec aggregator with many
dynamic tunnels from "road warrior" type peers.
-martin
