[strongSwan] How to verify the actual IKE proposal
Dion Kant
dion at concero.nl
Fri Mar 7 14:17:09 CET 2014
On 03/07/2014 12:11 PM, Pawel Grzesik wrote:
> Hi Dion,
>
> Maybe
>
> # ip x s
> # ip x p
> will show you more info.
>
> Thanks,
> Pawel
Hi Pawel,
# ip x p does not show any cipher info
> src x.x.x.x/30 dst y.y.y.y/32
> dir out priority 2144 ptype main
> tmpl src z.z.z.z dst w.w.w.w
> proto esp reqid 16537 mode tunnel
and
# ip x s shows
src z.z.z.z dst w.w.w.w
proto esp spi 0x2971e197 reqid 16537 mode tunnel
replay-window 32 flag af-unspec
auth hmac(sha1) 0x4e53...
enc cbc(aes) 0xdda3c05...
Can I now conclude that, since ip x s shows the ip addresses left and
right, auth en enc is indeed about ike encryption?
Thanks, Dion
More information about the Users
mailing list