[strongSwan] Debug CFG_* messages (especially TSr and TSi)

Thomas Egerer hakke_007 at gmx.de
Sun Apr 7 20:55:44 CEST 2019


Hi IL Ka,




On 4/7/19 4:49 PM, IL Ka wrote:
> Hello.
>
> What is the best way to debug TSi and TSr messages?
> I want to see CFG_REQUEST/CFR_REPLY conversation between server and client (I am interested in TS and INTERNAL_IP4_* messages), but did not find any option for that in charondebug
try loglevel 'enc = 3', this gives you tons of output from
the packets parsed by charon.

>
> I wish there were an option to show debug like it is written in RFC5996:
By the way 5996 has been obsoleted by RFC 7296.
>    CP(CFG_REPLY) =
>      INTERNAL_IP4_ADDRESS(198.51.100.234)
>      INTERNAL_IP4_SUBNET(198.51.100.0/255.255.255.192 <http://198.51.100.0/255.255.255.192>)
>      INTERNAL_IP4_SUBNET(192.0.2.0/255.255.255.0 <http://192.0.2.0/255.255.255.0>)
>    TSi = (0, 0-65535, 198.51.100.234-198.51.100.234)
>    TSr = ((0, 0-65535, 198.51.100.0-198.51.100.63),
>           (0, 0-65535, 192.0.2.0-192.0.2.255))
>
> Could be very useful both for debugging and understanding IKEv2.
>
>
> Thank you in advance,
> Ilya.
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> 	Без вирусов. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

hth
Thomas


More information about the Users mailing list