Openswan Wiki | Openswan / Ipsecwhack browse

ipsec whack --status retrieves the current state of pluto, the IKE daemon. The output is devided into six sections.

general info about pluto
list of ESP algorithms supported
list of IKE algorithms supported
memory allocation statistics
list of policies loaded
list of active states

Here is an example:

000 interface ipsec0/eth1 192.1.2.23
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=168, keysizemax=168
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_ID9, keysizemin=128, keysizemax=128
000
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "xauth-road--eastnet": 192.0.2.0/24===192.1.2.23[@east,XS+S=C]---192.1.2.45...192.1.3.254---192.1.3.194[@road.uml.freeswan.org,XC+S=C]; unrouted; eroute owner: #0
000 "xauth-road--eastnet":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "xauth-road--eastnet":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 32,24; interface: eth1;
000 "xauth-road--eastnet":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "xauth-road--eastnet":   IKE algorithms wanted: 5_000-1-5, 5_000-1-2, 5_000-2-5, 5_000-2-2, flags=-strict
000 "xauth-road--eastnet":   IKE algorithms found:  5_192-1_128-5, 5_192-1_128-2, 5_192-2_160-5, 5_192-2_160-2,
000 "xauth-road--eastnet":   ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "xauth-road--eastnet":   ESP algorithms loaded: 3_000-1, 3_000-2, flags=-strict
000
000