RUTC50 - unable to check ipsec status via CLI

Networking Solutions
1

Hi team,

Am having this same issue here

How to check this ? and what is swanctl -l ?

thank you

3

Hello,

The ipsec command was a legacy tool, while swanctl is the more modern tool. This is why IPsec functionality has been migrated to swanctl.

Could you please confirm whether swanctl -l does not show the IPsec status, or if you are experiencing a different issue?

Best regards,

4

rut
rut650×477 62.6 KB

nothing on this command

5

2551 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 15[NET] <123|6> sending packet: from 10.141.2.175[500] to 20.28.41.87[500] (1112 bytes)
2552 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[NET] <123|6> received packet: from 20.28.41.87[500] to 10.141.2.175[500] (517 bytes)
2553 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[ENC] <123|6> parsed IKE_SA_INIT response 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V CERTREQ ]
2554 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[IKE] <123|6> received MS NT5 ISAKMPOAKLEY v9 vendor ID
2555 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[IKE] <123|6> received MS-Negotiation Discovery Capable vendor ID
2556 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> selecting proposal:
2557 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> no acceptable ENCRYPTION_ALGORITHM found
2558 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> selecting proposal:
2559 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> no acceptable ENCRYPTION_ALGORITHM found
2560 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> selecting proposal:
2561 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> proposal matches
2562 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_2048
2563 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
2564 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_2048
2565 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[IKE] <123|6> local host is behind NAT, sending keep alives
2566 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[IKE] <123|6> received cert request for “C=AU, ST=NSW, L=SYD, O=IT, OU=IT, CN=IT”
2567 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[IKE] <123|6> sending cert request for “C=AU, ST=NSW, L=SYD, O=IT, OU=IT, CN=IT”
2568 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[CFG] <123|6> no IDi configured, fall back on IP address
2569 Mon Oct 27 21:09:10 2025 daemon.info ipsec: 10[IKE] <123|6> no private key found for ‘10.141.2.175’

rut
rut1453×258 55.6 KB

btw.. the cert im using was created for windows and it works fine with native windows vpn client.

client.pfx with a password protected..
and on RUT i selected this:

rut
rut638×454 71.8 KB

6

rut
rut1284×481 101 KB

now im getting this

7

Hello,

From the screenshot you provided, I can see that the status is displayed as Connected. Could you please confirm if the issue with the swanctl -l command is now resolved?

Best regards,

8

rut
rut1235×274 43.4 KB

rut2
rut21429×279 61.7 KB

rut4
rut41217×640 132 KB

rut3
rut31332×343 73.6 KB

not much luck, unsure if its misconfigured or what.. its working fine on windows thou..

the issue is it keeps dropping and even when it connects slightly for 1-3seconds i cant ping my VM on 172.16.0.4

any ideas from reading the logs ?

9

Hello,

The original question was regarding the command to check IPSEC status. If you are experiencing any connectivity issues with IPSEC, I kindly ask you to create a separate topic for that.

Thank you!

Best regards,

10

This topic was automatically closed after 60 days. New replies are no longer allowed.