[Swan-dev] What happened to "ipsec show" ?
Paul Wouters
paul at nohats.ca
Tue Oct 24 19:50:53 EEST 2023
On Tue, 24 Oct 2023, Brady Johnson wrote:
> I am migrating from Libreswan 4.5 to the latest version, and I notice that the "ipsec show" command
> no longer exists in the latest version.
> I looked at the code changes in that git commit, and saw that the "ipsec show" and other scripts
> were removed, and never added for linux only.
>
> Before I dig around more, is there a reason this was not added for Linux only? If needed, I can
> create a PR to add it.
>
> I find the IPs in the output of this command VERY useful when managing multiple tunnels. Maybe there
> is another way to get this info??
The output was useful, I agree. It was modeled after the ancient KLIPS
"ipsec eroute" command. It would be worth it to make pluto spit out
such output again. But the ipsec show was a bad linux wrapper causing
a python runtime dependency.
An "ipsec whack --showstatus" or similar, wrapped to "ipsec show" would
be fine with me. In fact, I'd like it a lot! But I'd also want the
connection name in it. like:
10.0.0.1/32 <=> 0.0.0.0/0 reqid XXX by vpn.nohats.ca.
Note that with multiple traffic selectors per SA, this is also a bit
more tricky do get right.
Paul
More information about the Swan-dev
mailing list