[strongSwan-dev] How to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA

Aaron Zhang azhang at SonicWALL.com
Wed Mar 31 07:38:23 CEST 2010 

Hi,Steffen,

Yes, I put the charondebug directive in the "config setup" section of ipsec.conf.
And I input the command 

ipsec restart

I believe this command will restart the Charon daemon. But there are not any result.
I doubt I should load some plugins?


--Aaron

-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: 2010年3月31日 13:18
To: Aaron Zhang
Cc: dev at lists.strongswan.org
Subject: Re: [strongSwan-dev] How to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA

Hi Aaron,

did you put the charondebug directive into the
"config setup" section of ipsec.conf as in the following example

http://www.strongswan.org/uml/testresults43/ikev2/alg-blowfish/moon.ipsec.conf

and did you restart the charon daemon?

Andreas

Aaron Zhang wrote:
> Thanks. I got it now.
> But I have another question. With the ipsec.conf setting 
>  
> 	charondebug="ike 4"
> .There still has not any debug information in /var/log/secure.
> 
> Only use the command
> ipsec stroke loglevel ike 4
> 
> There has debug information in /var/log/secure.
> 
> Anything I missed?
> 
> --Aaron
> 
> -----Original Message-----
> From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
> Sent: 2010年3月31日 13:05
> To: Aaron Zhang
> Cc: dev at lists.strongswan.org
> Subject: Re: [strongSwan-dev] How to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA
> 
> Hi Aaron,
> 
> with the ipsec.conf setting
> 
>   charondebug="ike 4"
> 
> SK_ei, SK_er, SK_ai, SK_ar are written to the log.
> As an alternative the command
> 
>   ipsec stroke loglevel ike 4
> 
> achieves the same when the charon daemon is already running.
> 
> Best regards
> 
> Andreas
> 
> Aaron Zhang wrote:
>> Hi all.
>>
>>  
>>
>> Are there any ways to dump the SK_ei, SK_er, SK_ai, SK_ar of the IKE_SA
>> which are useful to decrypt the IKE_AUTH packet with wireshark.
>>
>> I set the debug as 4 for all debug type. But there are not such information.
>>
>>  
>>
>> thanks
>>
>>   -Aaron

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Dev mailing list