[strongSwan] How do dump additional data during IKEv2 AUTH verification

Tobias Brunner tobias at strongswan.org
Tue Sep 18 18:08:11 CEST 2012


Hi Dennis,

> in charon.log i see the following:
> 11[IKE] octets = message + nonce + prf(Sk_px, IDx') => 413 bytes @
> 0xaf004190
> 
> Is there any way for me to have strongswan dump or for me to otherwise
> access the entire 413 bytes generated by strongswan here for the AUTH
> signature validation?  

You mean you don't see output like this after the line you quoted above?

20[IKE] octets = message + nonce + prf(Sk_px, IDx') => 537 bytes @ 0x1837290
20[IKE]    0: 52 01 94 08 A5 7A F6 05 47 02 DC 30 AD D3 8C 98
R....z..G..0....
20[IKE]   16: 21 20 22 20 00 00 00 00 00 00 01 E5 22 00 00 30  ! "
........"..0
20[IKE]   32: 00 00 00 2C 01 01 00 04 03 00 00 0C 01 00 00 0C
...,............
Which strongSwan version do you use?  On what platform do you run it?
How did you configure the logging in strongswan.conf or ipsec.conf (also
see [1])?

Regards,
Tobias

[1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration








More information about the Users mailing list