[Swan-dev] Libreswan basic questions

Balaji Thoguluva tbbalaji at gmail.com
Wed May 25 03:34:12 EEST 2022


Thanks Paul.

Further question.

Suppose I have a socket descriptor already created for a local interface
which can be used to send and receive IKE packets to an external IKE peer.

Can pluto daemon be configured with the specific socket descriptor (per
IPsec connection configuration) that can be used by pluto to send and
receive IKE packets?

Thanks,
Balaji

On Tue, May 24, 2022 at 8:20 PM Paul Wouters <paul at nohats.ca> wrote:

> On Mon, 23 May 2022, Balaji Thoguluva wrote:
>
> > 1) Is there any way (any parameter) so we can disable the IPsec
> processing in Libreswan and just use the IKE functionality in Libreswan?
>
> libreswan allows a childless SA, but currently contains no configuration
> option to do so. That would not be too hard to add though.
>
> > 2) Are there any user-level commands to get the IKE negotiated IPsec
> keys and parameters from Libreswan? If not, could you please point me to the
> > API's that can be used to fetch the IPsec key information?
>
> Those are logged when you enable plutodebug=private or run "ipsec whack
> --debug private"
>
> For IPsec keys, you can also run "ip xfrm state".
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20220524/dd12495f/attachment.htm>


More information about the Swan-dev mailing list