[strongSwan] [strongSwan-dev] Verbose log : need info about algorithm negotiation

Andreas Steffen andreas.steffen at strongswan.org
Tue Jul 14 13:24:12 CEST 2015

If you want to know which crypto algorithms are proposed
and supported then either increase the debug level
in ipsec.conf

   charondebug="cfg 2"

or change the log level dynamically during runtime with

  sudo ipsec stroke loglevel cfg 2

Best regards


On 07/14/2015 12:36 PM, Giulio Ambrogi wrote:
> Dear community,
> is there any way to find what does strongSwan really do  when
> negotiating encryption and authentication algorithms (e.g.using
> field/conn> *esp=encr-auth-[dh]*/*)* , expecially I would like to know
> which algorithms are chosen as result of the negotiation.
> The log printed out on the terminal when using "*ipsec up <conn_name>*"
> doesn't show those information.
> Is there any way to make this log more verbose? Or is there any useful
> log file ?
> Thanks ,
> Giulio
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150714/f8ef100e/attachment.bin>

More information about the Users mailing list