[Swan-dev] What happened to "ipsec show" ?

Brady Johnson bradyjoh at redhat.com
Wed Oct 25 12:38:37 EEST 2023 

Paul,

That sounds like a good idea.

I have been digging around the whack code and found the following set of
status commands:

status: whack [--status] | [--briefstatus] | \
       [--addresspoolstatus] | [--connectionstatus] [--fipsstatus] | \
       [--processstatus] | [--shuntstatus] | [--trafficstatus] | \
[--showstates]

The "whack --connectionstatus" command shows what we are looking for, plus
about 22 more lines of information including everything in the kitchen sink
;) This command is wrapped by "ipsec connectionstatus".

How about I add "whack --briefconnectionstatus", which would be wrapped by
"ipsec briefconnectionstatus"? This would show (at least) what you listed
above.

Regards,

Brady


On Tue, Oct 24, 2023 at 6:51 PM Paul Wouters <paul at nohats.ca> wrote:

> On Tue, 24 Oct 2023, Brady Johnson wrote:
>
> > I am migrating from Libreswan 4.5 to the latest version, and I notice
> that the "ipsec show" command
> > no longer exists in the latest version.
>
> > I looked at the code changes in that git commit, and saw that the "ipsec
> show" and other scripts
> > were removed, and never added for linux only.
> >
> > Before I dig around more, is there a reason this was not added for Linux
> only? If needed, I can
> > create a PR to add it.
> >
> > I find the IPs in the output of this command VERY useful when managing
> multiple tunnels. Maybe there
> > is another way to get this info??
>
> The output was useful, I agree. It was modeled after the ancient KLIPS
> "ipsec eroute" command. It would be worth it to make pluto spit out
> such output again. But the ipsec show was a bad linux wrapper causing
> a python runtime dependency.
>
> An "ipsec whack --showstatus" or similar, wrapped to "ipsec show" would
> be fine with me. In fact, I'd like it a lot! But I'd also want the
> connection name in it. like:
>
> 10.0.0.1/32 <=> 0.0.0.0/0 reqid XXX by vpn.nohats.ca.
>
> Note that with multiple traffic selectors per SA, this is also a bit
> more tricky do get right.
>
> Paul
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20231025/020f0d84/attachment.htm>

More information about the Swan-dev mailing list