[strongSwan-dev] Monitoring certificate per ip

Andreas Steffen andreas.steffen at strongswan.org
Sun Aug 3 09:24:15 CEST 2014


Hi,

you could write your own monitoring plugin along the lines of the
"certexpire" plugin:

https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libcharon/plugins/certexpire

where a bus listener collects the certificates used and checks them
for the expiration date.

In your case you could store the received peer certificates together
with the corresponding IKE identities in a local file or send the
information over a network socket.to a proxy server.

Best regards

Andreas

On 08/02/2014 08:05 PM, The supervisor wrote:
> Hi,
> 
> 
> I'm new to strongswan and i am trying to achieve something that
> shouldn't be very hard, i have the following setup : 
> 
> Clients --> Strongswan VPN --> transparent proxy --> Internet.
> 
> 
> Clients connect to strongswan vpn using client certificate.
> 
> 
> I'm trying to find the simplest way (minimum code changes) to know which
> client uses which certificate (and then to send this information to my
> transparent proxy, or just print it to a file).​
> 
> For example, when client with ip 10.1.0.1 connected using certificate X,
> i want to send to my proxy a message about it.​
> 
> 
> I downloaded and compiled the code, but i don't know really where to
> start, If someone could point me to the relevant code modules i would
> very appreciate it,  also any general explanation about how to achieve
> my goal would be helpful also.
> 
> 
> Thanks in advanced,
> 
> DN
> 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140803/f2e55278/attachment.bin>


More information about the Dev mailing list