[strongSwan-dev] kernel SPD/SAD tool

Andreas Steffen andreas.steffen at strongswan.org
Mon May 30 11:50:21 CEST 2011

Hi Ido,

strongSwan manages the kernel SPD/SAD via the XFRM Netlink kernel
interface. The built-in "ipsec statusall" command can be used to
monitor the established IPsec SAs but if you want to see all the
details you can also use "setkey" or "ip xfrm state|policy".

If you manipulate SPD/SAD entries via "setkey" or "ip xfrm" then you
are on your own since strongSwan will not be aware of any such changes.



On 05/30/2011 10:07 AM, Goshen, Ido (Ido) wrote:
> Hi,
> Does StrongSWAN supply a shell tool like “setkey” from ipsec-tools to
> monitor and/or manipulate the kernel’s SPD/SAD or it’s all done
> programmatically via hydra (netlink plugin in my case)?
> Thanx,
> -Ido

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Dev mailing list