Swanctl
Zur Navigation springen
Zur Suche springen
(re-)load connection configuration
- swanctl -c
loaded connection 'net' successfully loaded 1 connections, 0 unloaded
(re-)load credentials
- swanctl -s
loaded ike secret 'ike-net'
load credentials, authorities, pools and connections
- swanctl -q
loaded ike secret 'ike-net' no authorities found, 0 unloaded no pools found, 0 unloaded loaded connection 'net' successfully loaded 1 connections, 0 unloaded
initiate a connection
- swanctl --initiate --child net-1
[ENC] generating QUICK_MODE request 2770629131 [ HASH SA No KE ID ID ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)
[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)
[ENC] parsed QUICK_MODE response 2770629131 [ HASH SA No KE ID ID ]
[IKE] CHILD_SA net-1{2} established with SPIs cad409e6_i c02e7852_o and TS 10.83.40.0/24 === 10.83.32.0/24
[ENC] generating QUICK_MODE request 2770629131 [ HASH ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)
initiate completed successfully
terminate a connection
- swanctl --terminate --child net-1
[IKE] closing CHILD_SA net-1{1} with SPIs c2b81202_i (0 bytes) c817d05d_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24
[IKE] sending DELETE for ESP CHILD_SA with SPI c2b81202
[ENC] generating INFORMATIONAL_V1 request 328806429 [ HASH D ]
[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (92 bytes)
[IKE] closing CHILD_SA net-1{2} with SPIs cad409e6_i (0 bytes) c02e7852_o (0 bytes) and TS 10.83.40.0/24 === 10.83.32.0/24
terminate completed successfully
list loaded configurations
- swanctl --list-conn
net-net: IKEv1, reauthentication every 3600s
local: 10.84.252.40
remote: 10.84.252.32
local pre-shared key authentication:
id: 10.84.252.40
remote pre-shared key authentication:
id: 10.84.252.32
net: TUNNEL, rekeying every 600s
local: 10.83.40.0/24
remote: 10.83.32.0/24
rekey an SA
- swanctl --rekey --child net-1
rekey completed successfully
log
- swanctl --log
09[CFG] vici rekey CHILD_SA 'net-1'
09[ENC] generating QUICK_MODE request 2013598800 [ HASH SA No KE ID ID ]
09[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (460 bytes)
13[NET] received packet: from 10.84.252.32[500] to 10.84.252.40[500] (460 bytes)
13[ENC] parsed QUICK_MODE response 2013598800 [ HASH SA No KE ID ID ]
13[IKE] CHILD_SA net{23} established with SPIs c6c7ffed_i cf1d5f57_o and TS 10.83.40.0/24 === 10.83.32.0/24
13[ENC] generating QUICK_MODE request 2013598800 [ HASH ]
13[NET] sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (76 bytes)
list currently active IKE_SA
- swanctl --list-sas
net: #3, ESTABLISHED, IKEv1, 41805ab3792c873b_i* 7f163baa33346484_r
local '10.84.252.40' @ 10.84.252.40[500]
remote '10.84.252.32' @ 10.84.252.32[500]
AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
established 867s ago, rekeying in 13421s
net-1: #3, reqid 2, REKEYED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
installed 49s ago, rekeying in 3275s, expires in 3912s
in ca334880, 0 bytes, 0 packets
out c806412c, 0 bytes, 0 packets
local 10.83.40.0/24
remote 10.83.32.0/24
net-1: #4, reqid 2, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA2_256_128/MODP_2048
installed 47s ago, rekeying in 3404s, expires in 3913s
in c5a10589, 0 bytes, 0 packets
out c632c7bf, 0 bytes, 0 packets
local 10.83.40.0/24
remote 10.83.32.0/24
Autostart
- /etc/strongswan/strongswan.conf
charon {
...
start-scripts {
swanctl = /usr/sbin/swanctl -q
}
...
}
Modern vici-based Scenarios
- strongswan Installation swanctl
- strongswan Dateien und Verzeichnisse swanctl
- strongswan swanctl tool
- strongswan workshop setup