[strongSwan-dev] Monitoring certificate per ip
Andreas Steffen
andreas.steffen at strongswan.org
Sun Aug 3 09:24:15 CEST 2014
Hi,
you could write your own monitoring plugin along the lines of the
"certexpire" plugin:
https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libcharon/plugins/certexpire
where a bus listener collects the certificates used and checks them
for the expiration date.
In your case you could store the received peer certificates together
with the corresponding IKE identities in a local file or send the
information over a network socket.to a proxy server.
Best regards
Andreas
On 08/02/2014 08:05 PM, The supervisor wrote:
> Hi,
>
>
> I'm new to strongswan and i am trying to achieve something that
> shouldn't be very hard, i have the following setup :
>
> Clients --> Strongswan VPN --> transparent proxy --> Internet.
>
>
> Clients connect to strongswan vpn using client certificate.
>
>
> I'm trying to find the simplest way (minimum code changes) to know which
> client uses which certificate (and then to send this information to my
> transparent proxy, or just print it to a file).
>
> For example, when client with ip 10.1.0.1 connected using certificate X,
> i want to send to my proxy a message about it.
>
>
> I downloaded and compiled the code, but i don't know really where to
> start, If someone could point me to the relevant code modules i would
> very appreciate it, also any general explanation about how to achieve
> my goal would be helpful also.
>
>
> Thanks in advanced,
>
> DN
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140803/f2e55278/attachment.bin>
More information about the Dev
mailing list