[strongSwan] How to find encryption key for ikev1

Thomas Egerer hakke_007 at gmx.de
Thu Jul 16 13:12:46 CEST 2020

Hi Yogesh,

the loglevel 3 will never reveal any keys to you. You'd need
to enable loglevel 4. An easier way is to use the save-keys
plugin. It even creates the appropriate output files to use
in wireshark. See [1] how to enable and configure it.


[1] https://wiki.strongswan.org/issues/3258

On 7/16/20 7:02 AM, Yogesh Purohit wrote:
> Hi,
> I was intending to decrypt isakmp packets for ike version 1 using wireshark.
> In wireshark it needs the Initiator cookie and encryption key to decrypt the packets.
> I have enabled debug logs by adding: enc = 3 in strongswan.conf file.
> I followed this link https://osqa-ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets 
> But this was used when strongswan used Pluto daemon but now Charon is being used. 
> So how to identify the initiator cookie and encryption key from logs for ike version 1.
> Thanks  
> --
> Best Regards,
> Yogesh Purohit

More information about the Users mailing list