[strongSwan] StrongSwan reply to system in error case

Alexander.Camek at bmw.de Alexander.Camek at bmw.de
Wed Nov 22 15:12:13 CET 2017

Hi Noel, Hi all,

I am just looking for some replay action, such as:

a) Oh I could not generate my CHILD_SA, here you get a return code.
b) Oh I the certificate seems weird, here you get a return code.
c) Oh something specific happens in my code, here you get a return code.

What I know, I get a bunch of log entries, such as:
10[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
10[IKE] received AUTHENTICATION_FAILED notify error

15[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]

However, do I get such things outside the log information as a direct reply from the code or strongSwan command tools?
On the other hand, do I get such information only by vici?



> -----Original Message-----
> From: Noel Kuntze [mailto:noel.kuntze+strongswan-users-ml at thermi.consulting]
> Sent: Wednesday, November 22, 2017 1:00 AM
> To: Camek Alexander, EE-330 <Alexander.Camek at bmw.de>;
> users at lists.strongswan.org
> Subject: Re: [strongSwan] StrongSwan reply to system in error case
> * PGP Signed by an unknown key
> Hello,
> strongSwan can only be contacted via stroke (ipsec tool) or vici (swanctl tool, any
> third party lib that uses vici). You are well advised with using vici. stroke will be
> removed at some point (not determined).
> What exactly are you looking for? You can query strongSwan for logs via vici, too,
> but only for new logs. strongSwan doesn't cache any old ones or old events.
> Kind regards
> Noel
> On 20.11.2017 16:47, Alexander.Camek at bmw.de wrote:
> > Hi,
> >
> > Currently StrongSwan logs every information. Additionally, you can get a lot of
> information when you start ipsec with --nofork --all. But, is it possible to get a
> reply directly from strongswan? Especially, when there is a certificate error or
> mismatch, or if ipsec / ike has some other errors? Or is it only possible to get the
> information by using the vici Plugin, and not directly by strongswan itself?
> >
> > Thanks for your help.
> >
> > Kind regards
> >
> > Alexander Camek
> * Unknown Key
> * 0x0739AD6C

More information about the Users mailing list