檢查strongswan中已建立連線的「新」方法是什麼

Question

即swanctl --list-sas，又名swanctl -l（小寫 L）簡稱：

star6: #1, ESTABLISHED, IKEv2, c87e1f22cf7e22a6_i* d3f4680ff0337849_r
  local  'ember.nullroute.lt' @ 2001:778:e27f:0:9618:82ff:fe38:e480[4500]
  remote 'star.nullroute.lt' @ 2a02:7b40:50d1:e466::1[4500]
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
  established 202176s ago, rekeying in 390602s
  gre: #7181, reqid 18, INSTALLED, TRANSPORT, ESP:AES_GCM_16-128
    installed 45150s ago, rekeying in 38337s, expires in 49890s
    in  c4b908f6,      0 bytes,     0 packets
    out c5d9c42b,    576 bytes,    12 packets,  2530s ago
    local  2001:778:e27f:0:9618:82ff:fe38:e480/128[gre]
    remote 2a02:7b40:50d1:e466::1/128[gre]
 ...

不過，如果您想提取此內容以用於腳本編寫，最好直接透過以下方式查詢間接IPC比解析 swanctl 輸出。

ip xfrm policy一些 ESP/AH 資訊也可以透過和ip xfrm state（帶有-s獲取統計資訊的選項）直接從核心檢索。

Answer 1

即swanctl --list-sas，又名swanctl -l（小寫 L）簡稱：

star6: #1, ESTABLISHED, IKEv2, c87e1f22cf7e22a6_i* d3f4680ff0337849_r
  local  'ember.nullroute.lt' @ 2001:778:e27f:0:9618:82ff:fe38:e480[4500]
  remote 'star.nullroute.lt' @ 2a02:7b40:50d1:e466::1[4500]
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
  established 202176s ago, rekeying in 390602s
  gre: #7181, reqid 18, INSTALLED, TRANSPORT, ESP:AES_GCM_16-128
    installed 45150s ago, rekeying in 38337s, expires in 49890s
    in  c4b908f6,      0 bytes,     0 packets
    out c5d9c42b,    576 bytes,    12 packets,  2530s ago
    local  2001:778:e27f:0:9618:82ff:fe38:e480/128[gre]
    remote 2a02:7b40:50d1:e466::1/128[gre]
 ...

不過，如果您想提取此內容以用於腳本編寫，最好直接透過以下方式查詢間接IPC比解析 swanctl 輸出。

ip xfrm policy一些 ESP/AH 資訊也可以透過和ip xfrm state（帶有-s獲取統計資訊的選項）直接從核心檢索。

檢查strongswan中已建立連線的「新」方法是什麼

答案1

相關內容