查看ipsec 狀態

ipsec status：

# ipsec status
Security Associations (1 up, 0 connecting):
           2[3]: ESTABLISHED 9 minutes ago, 172.16.5.102[CN=server, C=CN]...172.16.5.104[CN=client, C=CN]
           2{2}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: c795ec60_i cffb3f17_o
           2{2}:   10.10.100.0/24 === 10.10.10.0/24

ipsec statusall：

# ipsec statusall
Status of IKE charon daemon (strongSwan 5.8.1, Linux 2.6.32-754.el6.x86_64, x86_64):
  uptime: 47 minutes, since Sep 22 13:55:18 2021
  malloc: sbrk 405504, mmap 0, used 311584, free 93920
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 9
  loaded plugins: charon aes des sm4 rc2 sha2 sha1 md5 sm3 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic counters
Listening IP addresses:
  172.16.5.102
  10.10.100.102
Connections:
           2:  172.16.5.102...172.16.5.104  (3), dpddelay=30s
           2:   local:  [CN=server, C=CN] uses public key authentication
           2:    cert:  "CN=server, C=CN"
           2:    cert_enc:  "CN=server, C=CN"
           2:   remote: [%any] uses public key authentication
           2:   child:  10.10.100.0/24 === 10.10.10.0/24 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
           2[3]: ESTABLISHED 10 minutes ago, 172.16.5.102[CN=server, C=CN]...172.16.5.104[CN=client, C=CN]
           2[3]: (3) SPIs: 5c4cf152ea8b304b_i ace1f0f74df58228_r*, rekeying in 3 hours
           2[3]: IKE proposal: DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5
           2{2}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: c795ec60_i cffb3f17_o
           2{2}:  DES_CBC/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in 43 minutes
           2{2}:   10.10.100.0/24 === 10.10.10.0/24

ip xfrm state：

# ip xfrm state
src 172.16.5.102 dst 172.16.5.104
    proto esp spi 0xcffb3f17 reqid 2 mode tunnel
    replay-window 0 flag af-unspec
    auth-trunc hmac(md5) 0x64d96000f6c61de4ffd667a6282c58af 96
    enc cbc(des) 0xcb9a6e496d5e47b0
src 172.16.5.104 dst 172.16.5.102
    proto esp spi 0xc795ec60 reqid 2 mode tunnel
    replay-window 32 flag af-unspec
    auth-trunc hmac(md5) 0x0252266895dee29e58f43a9e2d7c0091 96
    enc cbc(des) 0x591ce130bf09a9ab

ip xfrm policy：

# ip xfrm policy
src 10.10.100.0/24 dst 10.10.10.0/24 
    dir out priority 375423 ptype main 
    tmpl src 172.16.5.102 dst 172.16.5.104
        proto esp spi 0xcffb3f17 reqid 2 mode tunnel
src 10.10.10.0/24 dst 10.10.100.0/24 
    dir fwd priority 375423 ptype main 
    tmpl src 172.16.5.104 dst 172.16.5.102
        proto esp reqid 2 mode tunnel
src 10.10.10.0/24 dst 10.10.100.0/24 
    dir in priority 375423 ptype main 
    tmpl src 172.16.5.104 dst 172.16.5.102
        proto esp reqid 2 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket out priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket in priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
    socket out priority 0 ptype main 
src ::/0 dst ::/0 
    socket in priority 0 ptype main 
src ::/0 dst ::/0 
    socket out priority 0 ptype main 
src ::/0 dst ::/0 
    socket in priority 0 ptype main 
src ::/0 dst ::/0 
    socket out priority 0 ptype main