[strongSwan] How to find encryption key for ikev1
hakke_007 at gmx.de
Thu Jul 16 13:12:46 CEST 2020
the loglevel 3 will never reveal any keys to you. You'd need
to enable loglevel 4. An easier way is to use the save-keys
plugin. It even creates the appropriate output files to use
in wireshark. See  how to enable and configure it.
On 7/16/20 7:02 AM, Yogesh Purohit wrote:
> I was intending to decrypt isakmp packets for ike version 1 using wireshark.
> In wireshark it needs the Initiator cookie and encryption key to decrypt the packets.
> I have enabled debug logs by adding: enc = 3 in strongswan.conf file.
> I followed this link https://osqa-ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets
> But this was used when strongswan used Pluto daemon but now Charon is being used.
> So how to identify the initiator cookie and encryption key from logs for ike version 1.
> Best Regards,
> Yogesh Purohit
More information about the Users