Friday, July 10, 2015

A few openswan cmds you should get use to

In this post, we will look at some useful commands using the ispectool under openswan.

This  command is great for identification of ipsec support within linux.

ipsec verify

The next command barf is used  for dumping the configurations into a text file for  analysis. This a ipsec debugging dump


ipsec barf 


Next up we can use the look option to determine iptables status  & chains used.

ipsec look



The last command is for  ipsec auto status and simple to remember. It great for determining the ciphers supported and other various status for connections. It requires  sudo or root permission for execution.


ipsec auto --status



These are commonly used commands in the swan lineup that should be used for trouble shooting. Other useful tools are tcpdump/tshark for packet capturing of IKE and ESP data and for analyze of ph1/ph2 SPIs



Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       o 
      /  \






No comments:

Post a Comment