[strongSwan] log IKE SPIs after rekeying
masoudi1983 at gmail.com
Wed Jun 11 11:42:37 CEST 2014
you can set "log options" in strongswan.conf
take a look at this:
On Mon, Jun 9, 2014 at 11:07 PM, Joern Mewes <joern.mewes at gmx.net> wrote:
> Hi all,
> I am trying to decrypt the IKEv2 message exchanged between strongswan
> 5.0.4 and a 3rd party VPN device for troubleshooting purposes. To get
> the needed SPIs and keys I enabled log level 4 for IKE by running
> “ipsec stroke loglevel ike 4” before bringing up the tunnel.
> After starting the tunnel I am able to get all need keys and SPIs to
> decode the IKE packets however after IKE-rekeying (without reauth)
> charon logs just “Sk_ei", "Sk_er", Sk_ai" and "Sk_ar". For some reason
> I could not find the new SPIs I need to insert into wireshark. Is there
> any special log or configuration option I need to enable to get these
> SPIs logged as well?
> Best regards,
> Users mailing list
> Users at lists.strongswan.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users