bash-4.1# strongswan statusall Status of IKE charon daemon (strongSwan 5.2.0, Linux 2.6.32-504.1.3.el6.x86_64, x86_64): uptime: 56 minutes, since Mar 04 14:44:51 2015 malloc: sbrk 532480, mmap 0, used 397856, free 134624 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1 loaded plugins: charon curl aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp Virtual IP pools (size/online/offline): 10.255.252.0/22: 1022/0/1 Listening IP addresses: 10.8.64.4 10.8.95.244 Connections: endpoints: 10.8.95.244...%any IKEv1 endpoints: local: [secgw.cz-dev.com] uses public key authentication endpoints: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=secgw.cz-dev.com, E=support@cazena.com" endpoints: remote: [C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com] uses public key authentication endpoints: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com" endpoints: child: 10.8.64.0/23 === dynamic TUNNEL remote-access-ikev1-krb: 10.8.95.244...%any IKEv1 remote-access-ikev1-krb: local: [secgw.cz-dev.com] uses public key authentication remote-access-ikev1-krb: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=secgw.cz-dev.com, E=support@cazena.com" remote-access-ikev1-krb: remote: [C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com] uses public key authentication remote-access-ikev1-krb: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com" remote-access-ikev1-krb: remote: uses XAuth authentication: pam remote-access-ikev1-krb: child: 10.8.64.0/23 === dynamic TUNNEL remote-access-ikev1-xauth: 10.8.95.244...%any IKEv1 remote-access-ikev1-xauth: local: [secgw.cz-dev.com] uses public key authentication remote-access-ikev1-xauth: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=secgw.cz-dev.com, E=support@cazena.com" remote-access-ikev1-xauth: remote: [C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com] uses public key authentication remote-access-ikev1-xauth: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com" remote-access-ikev1-xauth: remote: uses XAuth authentication: generic remote-access-ikev1-xauth: child: 10.8.64.0/23 === dynamic TUNNEL remote-access-ikev2-krb: 10.8.95.244...%any IKEv2 remote-access-ikev2-krb: local: [secgw.cz-dev.com] uses public key authentication remote-access-ikev2-krb: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=secgw.cz-dev.com, E=support@cazena.com" remote-access-ikev2-krb: remote: [C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com] uses public key authentication remote-access-ikev2-krb: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com" remote-access-ikev2-krb: remote: uses EAP_GTC authentication remote-access-ikev2-krb: child: 10.8.64.0/23 === dynamic TUNNEL remote-access-ikev2-xauth: 10.8.95.244...%any IKEv2 remote-access-ikev2-xauth: local: [secgw.cz-dev.com] uses public key authentication remote-access-ikev2-xauth: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=secgw.cz-dev.com, E=support@cazena.com" remote-access-ikev2-xauth: remote: [C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com] uses public key authentication remote-access-ikev2-xauth: cert: "C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com" remote-access-ikev2-xauth: remote: uses XAuth authentication: generic remote-access-ikev2-xauth: child: 10.8.64.0/23 === dynamic TUNNEL Security Associations (1 up, 0 connecting): remote-access-ikev1-krb[2]: ESTABLISHED 7 minutes ago, 10.8.95.244[secgw.cz-dev.com]...w.x.y.z[C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com] remote-access-ikev1-krb[2]: Remote XAuth identity: knelson remote-access-ikev1-krb[2]: IKEv1 SPIs: 0eb1c8011ced0f92_i a7aecf836db904a9_r*, rekeying disabled remote-access-ikev1-krb[2]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 remote-access-ikev1-krb{1}: REKEYING, TUNNEL, expires in 29 days remote-access-ikev1-krb{1}: 10.8.64.0/23 === 10.255.252.1/32 remote-access-ikev1-krb{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: ce72ece0_i 093414c1_o remote-access-ikev1-krb{1}: AES_CBC_128/HMAC_SHA1_96, 672 bytes_i (8 pkts, 33s ago), 672 bytes_o (8 pkts, 33s ago), rekeying disabled remote-access-ikev1-krb{1}: 10.8.64.0/23 === 10.255.252.1/32 bash-4.1# strongswan status Security Associations (1 up, 0 connecting): remote-access-ikev1-krb[2]: ESTABLISHED 20 minutes ago, 10.8.95.244[secgw.cz-dev.com]...w.x.y.z[C=US, ST=Massachusetts, L=Waltham, O=CZ, CN=CZ SecGW Client, E=support@cazena.com] remote-access-ikev1-krb{1}: REKEYING, TUNNEL, expires in 29 days remote-access-ikev1-krb{1}: 10.8.64.0/23 === 10.255.252.1/32 remote-access-ikev1-krb{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: ce72ece0_i 093414c1_o remote-access-ikev1-krb{1}: 10.8.64.0/23 === 10.255.252.1/32