[strongSwan] ipsec statusall: missing number of packets output

Marco Berizzi pupilla at hotmail.com
Tue Jul 10 13:55:26 CEST 2018


Hi Tobias,
 
> Hi Marco,
> 
> > Kindly I would like to ask if there is any know reason
> > why ipsec statusall sometimes doesn't print the number
> > of packets for the child_sa.
> 
> The number of packets is printed if a last use time can be determined
> via the respective policy.  Check the log for errors regarding querying
> the inbound policy (you could increase the log level for knl to see a
> bit more about the interaction with the kernel).

After nearly 2 months it happened again:

ts-20.96.144.0{126302}:  INSTALLED, TUNNEL, reqid 244, ESP SPIs: cd63dff4_i 5215984b_o
ts-20.96.144.0{126302}:  AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 2988620 bytes_i (6591 pkts, 314s ago), 2048852 bytes_o, rekeying in 5 hours
ts-20.96.144.0{126302}:   10.28.155.0/24 === 20.96.144.0/23
ts-20.96.216.0{126305}:  INSTALLED, TUNNEL, reqid 246, ESP SPIs: c5504cbc_i 5d35c82a_o
ts-20.96.216.0{126305}:  AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 169442 bytes_i, 40867 bytes_o (169 pkts, 301s ago), rekeying in 6 hours
ts-20.96.216.0{126305}:   10.28.155.0/24 === 20.96.216.0/21ts-20.96.226.0{126325}:  INSTALLED, TUNNEL, reqid 247, ESP SPIs: c28f61dc_i e0a84ea4_o
ts-20.96.226.0{126325}:  AES_CBC_256/HMAC_SHA2_256_128/ECP_384, 58816 bytes_i, 61681 bytes_o (243 pkts, 261s ago), rekeying in 6 hours
ts-20.96.226.0{126325}:   10.28.155.0/24 === 20.96.226.0/24

Now, charon is logging to /var/log/charon.log (setup copied
and pasted from [1].

What should I grep? :-)

I have also the output from 'ip -s x p' and 'ip -s x s'

[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests)


More information about the Users mailing list