[Swan-dev] Libreswan basic questions

Balaji Thoguluva tbbalaji at gmail.com
Wed May 25 01:59:35 EEST 2022


Thank you Antony.

Further question.

Can pluto daemon be configured with a specific socket descriptor (per IPsec
connection configuration) that can be used by pluto to send and receive IKE
packets?

Thanks,
Balaji

On Mon, May 23, 2022 at 2:37 PM Antony Antony <antony at phenome.org> wrote:

> Hi,
>
> On Fri, May 20, 2022 at 05:52:02PM -0400, Balaji Thoguluva wrote:
> > Hi All,
> >
> > I have a couple of basic questions.
> >
> > 1) Is there any way (any parameter) so we can disable the IPsec
> processing
> > in Libreswan and just use the IKE functionality in Libreswan?
>
> There was an option no-kernel or something.
> In Git master it removed. Look at commit a9e050ee905. I think "none" is
> what
> you are looking for. I am not 100% sure this would complete IKE
> negotiation.
> It was used for startup.
>
> To bring "none" feature back look at ./programs/pluto/kernel_nokernel.c
> Git
> commit a9e050ee905bdf0341e377ccc40d2d314fe63768~1
>
> > 2) Are there any user-level commands to get the IKE negotiated IPsec keys
> > and parameters from Libreswan? If not, could you please point me to the
> > API's that can be used to fetch the IPsec key information?
>
> For IKEv2 take look at ikev2_derive_child_keys()
> or setup_half_ipsec_sa "ESP enckey".
>
> -antony
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20220524/1f7cff4a/attachment.htm>


More information about the Swan-dev mailing list