[strongSwan-dev] kernel SPD/SAD tool
Andreas Steffen
andreas.steffen at strongswan.org
Mon May 30 11:50:21 CEST 2011
Hi Ido,
strongSwan manages the kernel SPD/SAD via the XFRM Netlink kernel
interface. The built-in "ipsec statusall" command can be used to
monitor the established IPsec SAs but if you want to see all the
details you can also use "setkey" or "ip xfrm state|policy".
If you manipulate SPD/SAD entries via "setkey" or "ip xfrm" then you
are on your own since strongSwan will not be aware of any such changes.
Regards
Andreas
On 05/30/2011 10:07 AM, Goshen, Ido (Ido) wrote:
> Hi,
>
> Does StrongSWAN supply a shell tool like “setkey” from ipsec-tools to
> monitor and/or manipulate the kernel’s SPD/SAD or it’s all done
> programmatically via hydra (netlink plugin in my case)?
>
> Thanx,
>
> -Ido
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Dev
mailing list