[strongSwan-dev] Monitoring certificate per ip
thenightman at gmail.com
Mon Aug 18 13:22:20 CEST 2014
Thank you for the response, it was very helpful.
I'm facing a small problem, i'm using the following code to get the ip and
write it to a file :
host_t* host = ike_sa->get_other_host(ike_sa);
sockaddr_t* address = host->get_sockaddr(host);
struct sockaddr_in* their_addr = (struct sockaddr_in*)address;
char *ip = inet_ntoa(their_addr->sin_addr);
But the ip is the real ip, i want to know the vpn ip that the strongswan
gave the client, i couldn't find it.
i tried to use :
chunk_t* blabla = host->get_address(host);
but i don't understand how to handle "chunk_t" how do i print the ip in
Thanks in advance.
On Sun, Aug 3, 2014 at 10:24 AM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> you could write your own monitoring plugin along the lines of the
> "certexpire" plugin:
> where a bus listener collects the certificates used and checks them
> for the expiration date.
> In your case you could store the received peer certificates together
> with the corresponding IKE identities in a local file or send the
> information over a network socket.to a proxy server.
> Best regards
> On 08/02/2014 08:05 PM, The supervisor wrote:
> > Hi,
> > I'm new to strongswan and i am trying to achieve something that
> > shouldn't be very hard, i have the following setup :
> > Clients --> Strongswan VPN --> transparent proxy --> Internet.
> > Clients connect to strongswan vpn using client certificate.
> > I'm trying to find the simplest way (minimum code changes) to know which
> > client uses which certificate (and then to send this information to my
> > transparent proxy, or just print it to a file).
> > For example, when client with ip 10.1.0.1 connected using certificate X,
> > i want to send to my proxy a message about it.
> > I downloaded and compiled the code, but i don't know really where to
> > start, If someone could point me to the relevant code modules i would
> > very appreciate it, also any general explanation about how to achieve
> > my goal would be helpful also.
> > Thanks in advanced,
> > DN
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev