Find out which encryption and hash algorithm is used by strongswan ipsec

Question

I have multiple productive IPSec VPNs on a Debian-based Linux Server using StrongSwan. Currently I am busy updating my documentation with details about each VPN. Unfortunately the IKE encryption algorithm and hash algorithm is not set explicitly. I wonder if there is a way to find out for an active VPN which algorithms are currenlty used without re-establishing the VPN.

You can use the following command for VPNs where the algorithms are explicitly set:

ipsec statusall myVPNname | grep "IKE algo"

Example output:

IKE algorithm newest: 3DES_CBC_192-SHA-MODP1024

Unfortunately for the other VPNs, where the algorithms are not set explicitly the command mentioned above does not come up with the information.

Maybe someone of you guys knows how to find it out?

Regards,

Bob

score 1 · Answer 1 · answered Mar 05 '13 at 23:48

1

what about:

ipsec statusall conn_name | grep 'IKE proposal'

works for me on IKEv1 road-warrior scenario. if not that line, try others, but I've never had problem finding any relevant information in "ipsec statusall" output.

answered Mar 05 '13 at 23:48

mighq

355
1
3
11

Find out which encryption and hash algorithm is used by strongswan ipsec

1 Answers1