[strongSwan-dev] How to dump the network traffic packets from StrongSwan

Eric Chen eric201405 at mail.com
Tue Apr 22 05:19:23 CEST 2014


I'm current working for a VPN solution that the client can connect to our VPN server and then access the internet, e.g. Google.com, Yahoo.com, ...

There is one requirement to dump all the network traffic into pcap format files, and we can want to trace back the traffic to specific VPN client, as we want to understand which website the client accessed, which kind info the client browsed, etc. Thus we want to use the the internal IP assigned by VPN server to VPN client to do this.

By using the TCPDump, we can get all the network traffic packet, but for all the HTTP response from remote web server to VPN client, we can only get the VPN server IP inside the HTPP reponse, not the client internal IP. But when we look at the HTTP request from VPN client, you can see the VPN client internal IP first, and it will be translated to VPN server IP. But there is no such translation for HTTP response.

So is there a way to get such kind of info from StongSwan?

We looked at the StrongSwan log file, and it looks like it didn't provide such info right now. Thus can anyone help us to provide some guidance about how/where to modify the code to dump those kind of info into log files?

Thanks a lot.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140421/10037c45/attachment.html>

More information about the Dev mailing list