Hi Zhiheng, > I have a sniffing and debugging need to examine the packets over the > wire. Does strongswan 5.0.1 support null ciphering? If yes, how can I > configure it?
You can use a NULL cipher in ESP packets by using the "null" encryption algorithm in the "esp" ipsec.conf keyword. NULL encryption in IKE packets is not supported, as it is considered insecure. > When checking the status, I need to be root in order to run the > command ipsec status. Would it be possible to run this status command > without being the root? I understand that the many options to the > ipsec command require root privilege, but is there a way to do the > status only as a normal user? The charon daemon can drop most of its capabilities and switch to a non-root user, see [1]. The Unix socket at /var/run/charon.ctl is set up with permissions for the same user. Alternatively, you can run charon as root, but change socket permissions just after startup to use it with a different user. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/ReducedPrivileges _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
