[Openswan Users] IKE status
paul at xelerance.com
Tue Dec 5 16:34:44 EST 2006
On Tue, 5 Dec 2006, Mike Horn wrote:
> Is there an easy way to get the list of IPsec peers and their IKE status?
> Right now I'm using the "ipsec auto --status" command and grep'ing for
> ISAKMP, but that gets painful with large number of peers and rekeys.
> I was hoping for something along the lines of Cisco's "show crypto isakmp
> sa" command (output below). Which shows all peers and their current ISAKMP
> state. Is there a command in Openswan that provides similar output?
If you are using klips, there is "ipsec eroute"
[root at tla root]# ipsec eroute
2 0.0.0.0/0 -> 0.0.0.0/0 => %trap
48278 18.104.22.168/32 -> 0.0.0.0/0 => %trap
6460 22.214.171.124/32 -> 126.96.36.199/32 => %pass
110 188.8.131.52/32 -> 184.108.40.206/32 => tun0x1256 at 220.127.116.11
0 18.104.22.168/32 -> 22.214.171.124/32 => tun0x123e at 126.96.36.199
18015 188.8.131.52/32 -> 184.108.40.206/24 => %hold
This however, does not know about the connection names. We are planning to add
that in the future, but it requires pushing the name from userland to kernel.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users