Hi Noel, Hi all, I am just looking for some replay action, such as:
a) Oh I could not generate my CHILD_SA, here you get a return code. b) Oh I the certificate seems weird, here you get a return code. Or c) Oh something specific happens in my code, here you get a return code. What I know, I get a bunch of log entries, such as: 10[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] 10[IKE] received AUTHENTICATION_FAILED notify error 15[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] However, do I get such things outside the log information as a direct reply from the code or strongSwan command tools? On the other hand, do I get such information only by vici? Thanks, Alexander > -----Original Message----- > From: Noel Kuntze [mailto:[email protected]] > Sent: Wednesday, November 22, 2017 1:00 AM > To: Camek Alexander, EE-330 <[email protected]>; > [email protected] > Subject: Re: [strongSwan] StrongSwan reply to system in error case > > * PGP Signed by an unknown key > > Hello, > > strongSwan can only be contacted via stroke (ipsec tool) or vici (swanctl > tool, any > third party lib that uses vici). You are well advised with using vici. stroke > will be > removed at some point (not determined). > What exactly are you looking for? You can query strongSwan for logs via vici, > too, > but only for new logs. strongSwan doesn't cache any old ones or old events. > > Kind regards > > Noel > > On 20.11.2017 16:47, [email protected] wrote: > > Hi, > > > > Currently StrongSwan logs every information. Additionally, you can get a > > lot of > information when you start ipsec with --nofork --all. But, is it possible to > get a > reply directly from strongswan? Especially, when there is a certificate error > or > mismatch, or if ipsec / ike has some other errors? Or is it only possible to > get the > information by using the vici Plugin, and not directly by strongswan itself? > > > > Thanks for your help. > > > > Kind regards > > > > Alexander Camek > > > * Unknown Key > * 0x0739AD6C
