[Swan-dev] Libreswan basic questions
Antony Antony
antony at phenome.org
Mon May 23 21:37:14 EEST 2022
Hi,
On Fri, May 20, 2022 at 05:52:02PM -0400, Balaji Thoguluva wrote:
> Hi All,
>
> I have a couple of basic questions.
>
> 1) Is there any way (any parameter) so we can disable the IPsec processing
> in Libreswan and just use the IKE functionality in Libreswan?
There was an option no-kernel or something.
In Git master it removed. Look at commit a9e050ee905. I think "none" is what
you are looking for. I am not 100% sure this would complete IKE negotiation.
It was used for startup.
To bring "none" feature back look at ./programs/pluto/kernel_nokernel.c Git
commit a9e050ee905bdf0341e377ccc40d2d314fe63768~1
> 2) Are there any user-level commands to get the IKE negotiated IPsec keys
> and parameters from Libreswan? If not, could you please point me to the
> API's that can be used to fetch the IPsec key information?
For IKEv2 take look at ikev2_derive_child_keys()
or setup_half_ipsec_sa "ESP enckey".
-antony
More information about the Swan-dev
mailing list