MONITOR GETSA

Level

vpn_read

History

Format Appears in Netasq 9 0 0

Description

List IPsec SA

Implementation notes

Used by SMC, so report to them whenever changes

Returns

src=<ip> : source IP address
dst=<ip> : destination IP address
type=ah|esp : SA type
mode=any|transport|tunnel : SA mode
spi=<id> : identifier
reqid=<id> : identifier
comp=<algo> : compression algo in use
enc=<algo> : cypher algo in use
auth=<algo> : authentication in use
state=larval|mature|dying|dead : SA state
lifetime=<secs> : time count
bytes=<count> : byte count

Format

section_line

Example

101 begin
src=10 2 0 1 dst=10 2 0 2 type="esp" mode="tunnel" spi=6599678
peerspi=106673664 reqid=16385 enc="rijndael-cbc"
auth="hmac-sha1" state="mature" lifetime=465
bytes=101552 maxlifetime=600 maxbytes=0

src=10 2 0 2 dst=10 2 0 1 type="esp" mode="tunnel" spi=106673664
peerspi=6599678 reqid=16386 enc="rijndael-cbc" auth="hmac-sha1"
state="mature" lifetime=465 bytes=282280 maxlifetime=600 maxbytes=0