On Tue, 24 Oct 2023, Brady Johnson wrote:
I am migrating from Libreswan 4.5 to the latest version, and I notice that the "ipsec show" command no longer exists in the latest version.
I looked at the code changes in that git commit, and saw that the "ipsec show" and other scripts were removed, and never added for linux only. Before I dig around more, is there a reason this was not added for Linux only? If needed, I can create a PR to add it. I find the IPs in the output of this command VERY useful when managing multiple tunnels. Maybe there is another way to get this info??
The output was useful, I agree. It was modeled after the ancient KLIPS "ipsec eroute" command. It would be worth it to make pluto spit out such output again. But the ipsec show was a bad linux wrapper causing a python runtime dependency. An "ipsec whack --showstatus" or similar, wrapped to "ipsec show" would be fine with me. In fact, I'd like it a lot! But I'd also want the connection name in it. like: 10.0.0.1/32 <=> 0.0.0.0/0 reqid XXX by vpn.nohats.ca. Note that with multiple traffic selectors per SA, this is also a bit more tricky do get right. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
