[strongSwan-dev] Monitoring certificate per ip

Andreas Steffen andreas.steffen at strongswan.org
Sun Aug 3 09:24:15 CEST 2014


you could write your own monitoring plugin along the lines of the
"certexpire" plugin:


where a bus listener collects the certificates used and checks them
for the expiration date.

In your case you could store the received peer certificates together
with the corresponding IKE identities in a local file or send the
information over a network socket.to a proxy server.

Best regards


On 08/02/2014 08:05 PM, The supervisor wrote:
> Hi,
> I'm new to strongswan and i am trying to achieve something that
> shouldn't be very hard, i have the following setup : 
> Clients --> Strongswan VPN --> transparent proxy --> Internet.
> Clients connect to strongswan vpn using client certificate.
> I'm trying to find the simplest way (minimum code changes) to know which
> client uses which certificate (and then to send this information to my
> transparent proxy, or just print it to a file).​
> For example, when client with ip connected using certificate X,
> i want to send to my proxy a message about it.​
> I downloaded and compiled the code, but i don't know really where to
> start, If someone could point me to the relevant code modules i would
> very appreciate it,  also any general explanation about how to achieve
> my goal would be helpful also.
> Thanks in advanced,
> DN
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140803/f2e55278/attachment.bin>

More information about the Dev mailing list