[Openswan Users] Tunnel status

Radek Antoniuk r.antoniuk at pixel.com.pl
Fri Jan 20 22:33:15 CET 2006

Paul Wouters wrote:
> On Thu, 19 Jan 2006, Radek Antoniuk wrote:
>>Is there a way to get a tunnel status using ipsec utility? Or the only
>>way is grepping ipsec auto --status?
>>I mean some similar thing to ipsec setup --status which gives
>>"X tunnels up".
>>But i'm interested in which are, and which are not.
> With KLIPS, you can do 'ipsec eroute' though it will not list the connection
> names.
> This is a much wanted item that is on our todo list, and we would gladly
> accept a patch :)

Well, I don't know if eroute.c is worth touching, but if You still want
it I can make a patch;-)
But in the meantime I've used a simple perl script(however, I don't know
about the tunnel codes, I've made some assumptions to the tunnel
codename structure). Maybe somebody will find it useful:

use strict;

my @a = qx{cat /proc/net/ipsec/eroute/all 2>/dev/null};
foreach my $e (@a){
        my $name;
        if ($e =~ /tun0x(.+)\@.+/){
                my $ret = qx{ipsec auto --status | grep "tun.$1"};
                if ($ret =~ /\"(.+)\"/){ $name = $1; } else { $name =
"($1)unknown "; }
                print "$name is up\n";


More information about the Users mailing list