When you configure an IKEv2/IPsec client on iOS or macOS using the built-in VPN client, you can’t configure which crypto the client uses (unless you are using deployment profiles). So how can you know which crypto is used to encrypt the VPN traffic?
Asked
Active
Viewed 696 times
1 Answers
0
If you have access to the server, you can start strongSwan using the sudo ipsec restart --nofork command (great for debugging).
This will start strongSwan without forking it to the background as a daemon.
Then, open another window and run sudo ipsec stroke loglevel cfg 2.
This will enable strongSwan config logging with just enough debugging.
Go back to the first window and connect your iOS or macOS VPN client.
Look for the selected proposal line.
Another option is to run ipsec statusall on the server as suggested by @ecdsa.
sunknudsen
- 701
- 3
- 14
- 28
-
1On the server you can just use `ipsec statusall` or `swanctl --list-sas` to get information about the established SAs, including the negotiated algorithms. – ecdsa Mar 17 '19 at 19:37