pfSense command to delete stale SAD

Posted by Justin Shin on Server Fault See other posts from Server Fault or by Justin Shin
Published on 2011-11-19T21:34:51Z Indexed on 2011/11/20 1:56 UTC
Read the original article Hit count: 493

Filed under:

vpn

|

shell

|

cron

|

ipsec

|

pfsense

I'm experiencing an issue with pfSense where duplicate SAD's are getting created after rekeying, forcing me to manually go ahead and delete the old SAD's. It's not a huge issue but it does get to be a problem once I let it go for a few days. I just installed the cron package for pfSense so I could run a script to identify stale SAD's and delete them but I am not that familiar with BSD or pfSense. Is there a command that enumerates SAD's and their properties, and another that can delete by ID? I can form the conditional parts of the script but I do not know the commands to run. I would imagine it would be something like:

Enumerate SAD's
Identify Duplicate ones by matching Source and destination IP's
Find the one with the larger bytes transferred
Delete

© Server Fault or respective owner

Related posts about vpn

Problem with setup VPN in Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Problem with setup VPN on Ubuntu Server 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
l2tp / ipsec debian Openswan U2.6.38 does not connect

as seen on Server Fault - Search for 'Server Fault'
i am trying to get ipsec/l2tp running on a debian server with an iphone as a client but always get: Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received Vendor ID payload [RFC 3947] method set to=115 Dec 2 21:00:04 vpn pluto[22711]: packet from <clientip>:43598: received… >>> More
Setup VPN issue on Ubuntu Server 12.04

as seen on Server Fault - Search for 'Server Fault'
I have a problem with setup VPN server on my Ubuntu VPS, here is my server environments: Ubuntu Server 12.04 x86_64 xl2tpd 1.3.1+dfsg-1 pppd 2.4.5-5ubuntu1 openswan 1:2.6.38-1~precise1 After install software and configuration: ipsec verify Checking your system to see if IPsec got installed and… >>> More
Cannot connect with Cisco VPN but can connect with ShrewSoft VPN

as seen on Server Fault - Search for 'Server Fault'
EDIT: We connected an air card to the computer to use a different Internet connection and using the Cisco software, we were able to successfully connect to our VPN server. I just don't understand why the ShrewSoft VPN client would connect but the Cisco connection won't. I'm not our network admin… >>> More

Related posts about shell

How to restrict the users' shell allowing to execute shell programs

as seen on Server Fault - Search for 'Server Fault'
Is it possible to prevent any user to not use commands like ls, rm and other system commands which could harm the system. But the users should be able to execute shell programs. >>> More
Shell extension installation not recognized by Windows 7 64-bit shell

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a Copy Hook Handler shell extension that I'm trying to install on Windows 7 64-bit. The shell extension DLL is compiled in two separate versions for 32-bit and 64-bit Windows. The DLL implements DLLRegisterServer which adds the necessary registry entries. After adding the registry entries… >>> More
Running shell commands without a shell window

as seen on Stack Overflow - Search for 'Stack Overflow'
With either subprocess.call or subprocess.Popen, executing a shell command makes a shell window quicky appear and disappear. How can I run the shell command without the shell window? >>> More
Why can't I reinstall MySQL?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've been looking all around the Internet for an answer but didn't find anything. I hope you can help me now. I have a server with MySQL. From one day to another, MySQL didn't let me enter with my root password anymore (accsess denied for user 'root'@'localhost' using password: 'YES'). So I tried… >>> More
Bash/shell script - shell output redirection inside a function

as seen on Stack Overflow - Search for 'Stack Overflow'
function grabSourceFile { cd /tmp/lmpsource wget $1 > $LOG baseName=$(basename $1) tar -xvf $baseName > $LOG cd $baseName } When I call this function The captured output is not going to the log file. The output redirection works fine until I call the… >>> More