[Openswan Users] IKE status

Paul Wouters paul at xelerance.com
Tue Dec 5 16:34:44 EST 2006

On Tue, 5 Dec 2006, Mike Horn wrote:

> Is there an easy way to get the list of IPsec peers and their IKE status?
> Right now I'm using the "ipsec auto --status" command and grep'ing for
> ISAKMP, but that gets painful with large number of peers and rekeys.
> I was hoping for something along the lines of Cisco's "show crypto isakmp
> sa" command (output below).  Which shows all peers and their current ISAKMP
> state.  Is there a command in Openswan that provides similar output?

If you are using klips, there is "ipsec eroute"

[root at tla root]# ipsec eroute
2          ->          => %trap
48278 ->          => %trap
6460 ->   => %pass
110 -> => tun0x1256 at
0 -> => tun0x123e at
18015 ->    => %hold

This however, does not know about the connection names. We are planning to add
that in the future, but it requires pushing the name from userland to kernel.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list