On Mon, 9 Jan 2023, Praveen Chavan wrote:
With libreswan upgrade to 4.5.x, I've noticed changes in the output of 'ipsec whack --status' command. I relied on 'IPsec SA established' to verify the active tunnels. With the upgraded version this string is not present in the output. I rather notice 'STATE_V2_ESTABLISHED_CHILD_SA (established Child SA)' and 'STATE_V2_ESTABLISHED_IKE_SA (established IKE SA)'.
"ipsec trafficstatus" would be easier and better for you to use.
Also, please share details on different states for the tunnels ( STATE_V2_ESTABLISHED_CHILD_SA , STATE_V2_ESTABLISHED_IKE_SA etc etc ).
Child SA's are IPsec SA's, aka "phase 2" aka kernel state. The IKE SA is the Parent SA, aka "phase 1" aka userland/ike state. ipsec whack --status will be due to change once every couple of releases. We are looking at outputting this using a json or yang format in the future that would be easier to parse and use. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
