These commands query the current state of the charon daemon without modifying any configuration or SAs.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/strongswan/strongswan/llms.txt
Use this file to discover all available pages before exploring further.
version
Return daemon and system version information. Input No input parameters. ResponseIKE daemon name (e.g.,
charon).strongSwan version string.
Operating system name (e.g.,
Linux).Operating system release string.
Hardware identifier (e.g.,
x86_64).stats
Return IKE daemon statistics and load information. Input No input parameters. ResponseJob queue depths by priority:
critical, high, medium, low.Number of jobs scheduled for future timed execution.
Names of all loaded plugins.
Available when built with leak-detective support or on Windows. Contains
total (bytes) and allocs (block count) fields.Available on systems with
mallinfo() support. Contains sbrk, mmap, used, and free fields.reload-settings
Reloadstrongswan.conf settings and reinitialize all plugins that support configuration reload.
Input
No input parameters.
Response
yes on success, no on failure.Human-readable error description on failure.
list-certs
Stream currently loaded certificates aslist-cert events. Includes all certificates known to the daemon, not only those loaded over VICI.
This is a streaming command. Register for the list-cert event before issuing this command.
Input
Filter by certificate type. One of:
X509, X509_AC, X509_CRL, OCSP_RESPONSE, PUBKEY, or ANY.Filter by X.509 certificate flag. One of:
NONE, CA, AA, OCSP, or ANY.Only list certificates that contain this subject.
{}). All certificate data arrives via list-cert events.
list-authorities
Stream currently loaded CA information aslist-authority events.
This is a streaming command. Register for the list-authority event before issuing this command.
Input
Only list the CA authority with this name.
{}). All authority data arrives via list-authority events.
get-authorities
Return a list of currently loaded CA authority names. Input No input parameters. ResponseList of certification authority names.
load-pool
Load an in-memory virtual IP and configuration attribute pool. Existing pools with the same name are updated in place if possible. InputA section named after the pool.
yes on success, no on failure.Human-readable error description on failure.
unload-pool
Unload a virtual IP pool. Unloading fails if the pool has any leases currently online. InputName of the virtual IP pool to delete.
yes on success, no on failure.Human-readable error description on failure.
get-pools
List currently loaded virtual IP pools, optionally including lease information. InputSet to
yes to include lease details in the response.Name of a specific pool to query. Omit to list all pools.
One section per pool.
get-algorithms
List all loaded cryptographic algorithms and the plugin that provides each implementation. Input No input parameters. ResponseOne section per algorithm category (e.g.,
encryption, integrity, dh). Each section maps algorithm names to the providing plugin name.get-counters
Retrieve IKE event counters, either globally or per connection. InputConnection name for per-connection counters. Omit to get global counters.
Set to
yes to retrieve counters for all connections. The name field is ignored when this is set.Contains one subsection per connection name (or an empty-named section for global counters). Each subsection maps counter names to 64-bit integer values encoded as strings.
yes on success, no on failure.Human-readable error description on failure.
reset-counters
Reset IKE event counters, either globally or per connection. InputConnection name to reset counters for. Omit to reset global counters.
Set to
yes to reset counters for all connections.yes on success, no on failure.Human-readable error description on failure.