Did you define any loggers in strongswan.conf which would replace the defaults defined by ipsec.conf:
http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration Regards Andreas Aaron Zhang wrote: > Hi,Steffen, > > Yes, I put the charondebug directive in the "config setup" section of > ipsec.conf. > And I input the command > > ipsec restart > > I believe this command will restart the Charon daemon. But there are not any > result. > I doubt I should load some plugins? > > > --Aaron > > -----Original Message----- > From: Andreas Steffen [mailto:[email protected]] > Sent: 2010年3月31日 13:18 > To: Aaron Zhang > Cc: [email protected] > Subject: Re: [strongSwan-dev] How to dump the SK_ei, SK_er, SK_ai, SK_ar of > the IKE_SA > > Hi Aaron, > > did you put the charondebug directive into the > "config setup" section of ipsec.conf as in the following example > > http://www.strongswan.org/uml/testresults43/ikev2/alg-blowfish/moon.ipsec.conf > > and did you restart the charon daemon? > > Andreas > > Aaron Zhang wrote: >> Thanks. I got it now. >> But I have another question. With the ipsec.conf setting >> >> charondebug="ike 4" >> .There still has not any debug information in /var/log/secure. >> >> Only use the command >> ipsec stroke loglevel ike 4 >> >> There has debug information in /var/log/secure. >> >> Anything I missed? >> >> --Aaron >> >> -----Original Message----- >> From: Andreas Steffen [mailto:[email protected]] >> Sent: 2010年3月31日 13:05 >> To: Aaron Zhang >> Cc: [email protected] >> Subject: Re: [strongSwan-dev] How to dump the SK_ei, SK_er, SK_ai, SK_ar of >> the IKE_SA >> >> Hi Aaron, >> >> with the ipsec.conf setting >> >> charondebug="ike 4" >> >> SK_ei, SK_er, SK_ai, SK_ar are written to the log. >> As an alternative the command >> >> ipsec stroke loglevel ike 4 >> >> achieves the same when the charon daemon is already running. >> >> Best regards >> >> Andreas >> >> Aaron Zhang wrote: >>> Hi all. >>> >>> >>> >>> Are there any ways to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA >>> which are useful to decrypt the IKE_AUTH packet with wireshark. >>> >>> I set the debug as 4 for all debug type. But there are not such information. >>> >>> >>> >>> thanks >>> >>> -Aaron ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
