Hi Ido, strongSwan manages the kernel SPD/SAD via the XFRM Netlink kernel interface. The built-in "ipsec statusall" command can be used to monitor the established IPsec SAs but if you want to see all the details you can also use "setkey" or "ip xfrm state|policy".
If you manipulate SPD/SAD entries via "setkey" or "ip xfrm" then you are on your own since strongSwan will not be aware of any such changes. Regards Andreas On 05/30/2011 10:07 AM, Goshen, Ido (Ido) wrote: > Hi, > > Does StrongSWAN supply a shell tool like “setkey” from ipsec-tools to > monitor and/or manipulate the kernel’s SPD/SAD or it’s all done > programmatically via hydra (netlink plugin in my case)? > > Thanx, > > -Ido > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
