On Mon, 23 May 2022, Balaji Thoguluva wrote:
1) Is there any way (any parameter) so we can disable the IPsec processing in Libreswan and just use the IKE functionality in Libreswan?
libreswan allows a childless SA, but currently contains no configuration option to do so. That would not be too hard to add though.
2) Are there any user-level commands to get the IKE negotiated IPsec keys and parameters from Libreswan? If not, could you please point me to the API's that can be used to fetch the IPsec key information?
Those are logged when you enable plutodebug=private or run "ipsec whack --debug private" For IPsec keys, you can also run "ip xfrm state". Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
