[Swan-dev] Libreswan basic questions
Paul Wouters
paul at nohats.ca
Wed May 25 03:20:30 EEST 2022
On Mon, 23 May 2022, Balaji Thoguluva wrote:
> 1) Is there any way (any parameter) so we can disable the IPsec processing in Libreswan and just use the IKE functionality in Libreswan?
libreswan allows a childless SA, but currently contains no configuration
option to do so. That would not be too hard to add though.
> 2) Are there any user-level commands to get the IKE negotiated IPsec keys and parameters from Libreswan? If not, could you please point me to the
> API's that can be used to fetch the IPsec key information?
Those are logged when you enable plutodebug=private or run "ipsec whack --debug private"
For IPsec keys, you can also run "ip xfrm state".
Paul
More information about the Swan-dev
mailing list