[strongSwan] ipsec statusall: missing number of packets output
Marco Berizzi
pupilla at hotmail.com
Tue Jul 10 13:55:26 CEST 2018
Hi Tobias,
> Hi Marco,
>
> > Kindly I would like to ask if there is any know reason
> > why ipsec statusall sometimes doesn't print the number
> > of packets for the child_sa.
>
> The number of packets is printed if a last use time can be determined
> via the respective policy. Check the log for errors regarding querying
> the inbound policy (you could increase the log level for knl to see a
> bit more about the interaction with the kernel).
After nearly 2 months it happened again:
ts-20.96.144.0{126302}: INSTALLED, TUNNEL, reqid 244, ESP SPIs: cd63dff4_i 5215984b_o
ts-20.96.144.0{126302}: AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 2988620 bytes_i (6591 pkts, 314s ago), 2048852 bytes_o, rekeying in 5 hours
ts-20.96.144.0{126302}: 10.28.155.0/24 === 20.96.144.0/23
ts-20.96.216.0{126305}: INSTALLED, TUNNEL, reqid 246, ESP SPIs: c5504cbc_i 5d35c82a_o
ts-20.96.216.0{126305}: AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 169442 bytes_i, 40867 bytes_o (169 pkts, 301s ago), rekeying in 6 hours
ts-20.96.216.0{126305}: 10.28.155.0/24 === 20.96.216.0/21ts-20.96.226.0{126325}: INSTALLED, TUNNEL, reqid 247, ESP SPIs: c28f61dc_i e0a84ea4_o
ts-20.96.226.0{126325}: AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 58816 bytes_i, 61681 bytes_o (243 pkts, 261s ago), rekeying in 6 hours
ts-20.96.226.0{126325}: 10.28.155.0/24 === 20.96.226.0/24
Now, charon is logging to /var/log/charon.log (setup copied
and pasted from [1].
What should I grep? :-)
I have also the output from 'ip -s x p' and 'ip -s x s'
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests)
More information about the Users
mailing list