[strongSwan-dev] How to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA

Aaron Zhang azhang at SonicWALL.com
Wed Mar 31 07:12:24 CEST 2010


Thanks. I got it now.
But I have another question. With the ipsec.conf setting 
 
	charondebug="ike 4"
.There still has not any debug information in /var/log/secure.

Only use the command
ipsec stroke loglevel ike 4

There has debug information in /var/log/secure.

Anything I missed?

--Aaron

-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: 2010年3月31日 13:05
To: Aaron Zhang
Cc: dev at lists.strongswan.org
Subject: Re: [strongSwan-dev] How to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA

Hi Aaron,

with the ipsec.conf setting

  charondebug="ike 4"

SK_ei, SK_er, SK_ai, SK_ar are written to the log.
As an alternative the command

  ipsec stroke loglevel ike 4

achieves the same when the charon daemon is already running.

Best regards

Andreas

Aaron Zhang wrote:
> Hi all.
> 
>  
> 
> Are there any ways to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA
> which are useful to decrypt the IKE_AUTH packet with wireshark.
> 
> I set the debug as 4 for all debug type. But there are not such information.
> 
>  
> 
> thanks
> 
>   -Aaron

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==


More information about the Dev mailing list