ipsec_show - Man Page

ipsec show IP-address

The ipsec show show if the target IP address would get encrypted. Currently requires the XFRM/NETKEY stack root access. If no target IP is given, show all active source - dest tunnels.

Written originally for the Libreswan Project by Paul Wouters

It's pretty simplistic, so there might be cases where it is wrong. There is also obviously a race condition if you run this show and right afterwards the tunnel goes down.

Paul Wouters