pfSense command to delete stale SAD

Posted by Justin Shin on Server Fault See other posts from Server Fault or by Justin Shin
Published on 2011-11-19T21:34:51Z Indexed on 2011/11/20 1:56 UTC
Read the original article Hit count: 527

Filed under:
|
|
|
|

I'm experiencing an issue with pfSense where duplicate SAD's are getting created after rekeying, forcing me to manually go ahead and delete the old SAD's. It's not a huge issue but it does get to be a problem once I let it go for a few days. I just installed the cron package for pfSense so I could run a script to identify stale SAD's and delete them but I am not that familiar with BSD or pfSense. Is there a command that enumerates SAD's and their properties, and another that can delete by ID? I can form the conditional parts of the script but I do not know the commands to run. I would imagine it would be something like:

  1. Enumerate SAD's
  2. Identify Duplicate ones by matching Source and destination IP's
  3. Find the one with the larger bytes transferred
  4. Delete

© Server Fault or respective owner

Related posts about vpn

Related posts about shell