[strongSwan-dev] Monitoring certificate per ip

The supervisor thenightman at gmail.com
Mon Aug 18 13:22:20 CEST 2014


Thank you for the response, it was very helpful.

I'm facing a small problem, i'm using the following code to get the ip and
write it to a file :
host_t* host = ike_sa->get_other_host(ike_sa);
sockaddr_t* address = host->get_sockaddr(host);
struct sockaddr_in* their_addr = (struct sockaddr_in*)address;
char *ip = inet_ntoa(their_addr->sin_addr);

But the ip is the real ip, i want to know the vpn ip that the strongswan
gave the client, i couldn't find it.
i tried to use :
chunk_t* blabla = host->get_address(host);

but i don't understand how to handle "chunk_t" how do i print the ip in
blabla ?

Thanks in advance.



On Sun, Aug 3, 2014 at 10:24 AM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi,
>
> you could write your own monitoring plugin along the lines of the
> "certexpire" plugin:
>
>
> https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libcharon/plugins/certexpire
>
> where a bus listener collects the certificates used and checks them
> for the expiration date.
>
> In your case you could store the received peer certificates together
> with the corresponding IKE identities in a local file or send the
> information over a network socket.to a proxy server.
>
> Best regards
>
> Andreas
>
> On 08/02/2014 08:05 PM, The supervisor wrote:
> > Hi,
> >
> >
> > I'm new to strongswan and i am trying to achieve something that
> > shouldn't be very hard, i have the following setup :
> >
> > Clients --> Strongswan VPN --> transparent proxy --> Internet.
> >
> >
> > Clients connect to strongswan vpn using client certificate.
> >
> >
> > I'm trying to find the simplest way (minimum code changes) to know which
> > client uses which certificate (and then to send this information to my
> > transparent proxy, or just print it to a file).​
> >
> > For example, when client with ip 10.1.0.1 connected using certificate X,
> > i want to send to my proxy a message about it.​
> >
> >
> > I downloaded and compiled the code, but i don't know really where to
> > start, If someone could point me to the relevant code modules i would
> > very appreciate it,  also any general explanation about how to achieve
> > my goal would be helpful also.
> >
> >
> > Thanks in advanced,
> >
> > DN
> >
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140818/080c2cdd/attachment.html>


More information about the Dev mailing list