[strongSwan] How to verify the actual IKE proposal

Dion Kant dion at concero.nl
Fri Mar 7 14:17:09 CET 2014

On 03/07/2014 12:11 PM, Pawel Grzesik wrote:
> Hi Dion,
> Maybe 
> # ip x s
> # ip x p
> will show you more info.
> Thanks,
> Pawel
Hi Pawel,

# ip x p does not show any cipher info
> src x.x.x.x/30 dst y.y.y.y/32
>         dir out priority 2144 ptype main
>         tmpl src z.z.z.z dst w.w.w.w
>                 proto esp reqid 16537 mode tunnel


# ip x s shows

src z.z.z.z dst w.w.w.w
        proto esp spi 0x2971e197 reqid 16537 mode tunnel
        replay-window 32 flag af-unspec
        auth hmac(sha1) 0x4e53...
        enc cbc(aes) 0xdda3c05...

Can I now conclude that, since ip x s shows the ip addresses left and
right, auth en enc is indeed about ike encryption?

Thanks, Dion

More information about the Users mailing list