[strongSwan] How to verify the actual IKE proposal
Pawel Grzesik
pawel.grzesik at brainstorm.co.uk
Fri Mar 7 12:11:01 CET 2014
On 7 Mar 2014, at 10:52, Dion Kant <dion at concero.nl> wrote:
>
> Hello all,
>
> On a running tunnel (IKEV1), I can easily verify the ESP proposal by
> using ipsec statusall lable-xxx
>
> ipsec statusall lable-xxx
>
> ...
> 000 "lable-xxx": newest ISAKMP SA: #0; newest IPsec SA: #173651;
> 000 "lable-xxx": ESP proposal: AES_CBC_256/HMAC_SHA1/MODP_1536
> ...
>
> Is there also a means to verify the selected IKE cipher stuff ?
>
> Regards, Dion
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
Hi Dion,
Maybe
# ip x s
# ip x p
will show you more info.
Thanks,
Pawel
More information about the Users
mailing list