https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Strongswan_swanctl_tool
Strongswan swanctl tool - Versionsgeschichte
2026-06-29T06:58:23Z
Versionsgeschichte dieser Seite in Xinux Wiki
MediaWiki 1.35.1
https://wiki.ixheim.de/index.php?title=Strongswan_swanctl_tool&diff=34593&oldid=prev
Thomas.will: Die Seite wurde neu angelegt: „=(re-)load connection configuration= *swanctl -c loaded connection 'net' successfully loaded 1 connections, 0 unloaded =(re-)load credentials= *swanctl -s l…“
2022-09-05T12:50:12Z
<p>Die Seite wurde neu angelegt: „=(re-)load connection configuration= *swanctl -c loaded connection 'net' successfully loaded 1 connections, 0 unloaded =(re-)load credentials= *swanctl -s l…“</p>
<p><b>Neue Seite</b></p><div>=(re-)load connection configuration=<br />
*swanctl -c<br />
loaded connection 'net'<br />
successfully loaded 1 connections, 0 unloaded<br />
=(re-)load credentials=<br />
*swanctl -s<br />
loaded ike secret 'ike-net'<br />
=load credentials, authorities, pools and connections=<br />
*swanctl -q<br />
<pre><br />
loaded ike secret 'ike-net'<br />
no authorities found, 0 unloaded<br />
no pools found, 0 unloaded<br />
loaded connection 'net'<br />
successfully loaded 1 connections, 0 unloaded<br />
</pre><br />
<br />
=initiate a connection=<br />
*swanctl --initiate --child net-1<br />
<pre><br />
[ENC] generating QUICK_MODE request 2770629131 [ HASH SA No KE ID ID ]<br />
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)<br />
[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)<br />
[ENC] parsed QUICK_MODE response 2770629131 [ HASH SA No KE ID ID ]<br />
[IKE] CHILD_SA net-1{2} established with SPIs cad409e6_i c02e7852_o and TS 10.83.40.0/24 === 10.83.32.0/24<br />
[ENC] generating QUICK_MODE request 2770629131 [ HASH ]<br />
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)<br />
initiate completed successfully<br />
</pre><br />
<br />
=terminate a connection=<br />
*swanctl --terminate --child net-1<br />
<pre><br />
[IKE] closing CHILD_SA net-1{1} with SPIs c2b81202_i (0 bytes) c817d05d_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24<br />
[IKE] sending DELETE for ESP CHILD_SA with SPI c2b81202<br />
[ENC] generating INFORMATIONAL_V1 request 328806429 [ HASH D ]<br />
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (92 bytes)<br />
[IKE] closing CHILD_SA net-1{2} with SPIs cad409e6_i (0 bytes) c02e7852_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24<br />
terminate completed successfully<br />
</pre><br />
<br />
=list loaded configurations=<br />
*swanctl --list-conn<br />
<pre><br />
net-net: IKEv1, reauthentication every 3600s<br />
local: 10.84.252.40<br />
remote: 10.84.252.32<br />
local pre-shared key authentication:<br />
id: 10.84.252.40<br />
remote pre-shared key authentication:<br />
id: 10.84.252.32<br />
net: TUNNEL, rekeying every 600s<br />
local: 10.83.40.0/24<br />
remote: 10.83.32.0/24<br />
</pre><br />
<br />
=rekey an SA=<br />
*swanctl --rekey --child net-1<br />
rekey completed successfully<br />
<br />
=log=<br />
*swanctl --log<br />
<pre><br />
09[CFG] vici rekey CHILD_SA 'net-1'<br />
09[ENC] generating QUICK_MODE request 2013598800 [ HASH SA No KE ID ID ]<br />
09[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)<br />
13[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)<br />
13[ENC] parsed QUICK_MODE response 2013598800 [ HASH SA No KE ID ID ]<br />
13[IKE] CHILD_SA net{23} established with SPIs c6c7ffed_i cf1d5f57_o and TS 10.83.40.0/24 === 10.83.32.0/24<br />
13[ENC] generating QUICK_MODE request 2013598800 [ HASH ]<br />
13[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)<br />
</pre><br />
<br />
=list currently active IKE_SA=<br />
*swanctl --list-sas<br />
<pre><br />
net: #3, ESTABLISHED, IKEv1, 41805ab3792c873b_i* 7f163baa33346484_r<br />
local '10.84.252.40' @ 10.84.252.40[500]<br />
remote '10.84.252.32' @ 10.84.252.32[500]<br />
AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048<br />
established 867s ago, rekeying in 13421s<br />
net-1: #3, reqid 2, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048<br />
installed 49s ago, rekeying in 3275s, expires in 3912s<br />
in ca334880, 0 bytes, 0 packets<br />
out c806412c, 0 bytes, 0 packets<br />
local 10.83.40.0/24<br />
remote 10.83.32.0/24<br />
net-1: #4, reqid 2, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048<br />
installed 47s ago, rekeying in 3404s, expires in 3913s<br />
in c5a10589, 0 bytes, 0 packets<br />
out c632c7bf, 0 bytes, 0 packets<br />
local 10.83.40.0/24<br />
remote 10.83.32.0/24<br />
</pre><br />
=Autostart=<br />
*/etc/strongswan/strongswan.conf<br />
<pre><br />
charon {<br />
...<br />
start-scripts {<br />
swanctl = /usr/sbin/swanctl -q<br />
}<br />
...<br />
}<br />
</pre></div>
Thomas.will