Paul,
That sounds like a good idea.
I have been digging around the whack code and found the following set of
status commands:
status: whack [--status] | [--briefstatus] | \
[--addresspoolstatus] | [--connectionstatus] [--fipsstatus] | \
[--processstatus] | [--shuntstatus] | [--trafficstatus] | \
[--showstates]
The "whack --connectionstatus" command shows what we are looking for, plus
about 22 more lines of information including everything in the kitchen sink
;) This command is wrapped by "ipsec connectionstatus".
How about I add "whack --briefconnectionstatus", which would be wrapped by
"ipsec briefconnectionstatus"? This would show (at least) what you listed
above.
Regards,
Brady
On Tue, Oct 24, 2023 at 6:51 PM Paul Wouters <[email protected]> wrote:
> On Tue, 24 Oct 2023, Brady Johnson wrote:
>
> > I am migrating from Libreswan 4.5 to the latest version, and I notice
> that the "ipsec show" command
> > no longer exists in the latest version.
>
> > I looked at the code changes in that git commit, and saw that the "ipsec
> show" and other scripts
> > were removed, and never added for linux only.
> >
> > Before I dig around more, is there a reason this was not added for Linux
> only? If needed, I can
> > create a PR to add it.
> >
> > I find the IPs in the output of this command VERY useful when managing
> multiple tunnels. Maybe there
> > is another way to get this info??
>
> The output was useful, I agree. It was modeled after the ancient KLIPS
> "ipsec eroute" command. It would be worth it to make pluto spit out
> such output again. But the ipsec show was a bad linux wrapper causing
> a python runtime dependency.
>
> An "ipsec whack --showstatus" or similar, wrapped to "ipsec show" would
> be fine with me. In fact, I'd like it a lot! But I'd also want the
> connection name in it. like:
>
> 10.0.0.1/32 <=> 0.0.0.0/0 reqid XXX by vpn.nohats.ca.
>
> Note that with multiple traffic selectors per SA, this is also a bit
> more tricky do get right.
>
> Paul
>
>
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
