[strongSwan-dev] Monitoring certificate per ip
andreas.steffen at strongswan.org
Mon Aug 18 14:13:31 CEST 2014
Hi, if you want the virtual IP address[es] then you can use the
size_t buf_len = 128;
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
if (enumerator->enumerate(enumerator, &vip))
/* Print the IPv4 or IPv6 address */
snprintf(buf, buf_len, "%H", vip);
Since at the time of the ike_updown bus event the virtual IPs haven't
been assigned yet, your listener must subscribe to the assign_vips
bus event. As an example have a look at the tnc-ifmap plugin:
On 18.08.2014 13:22, The supervisor wrote:
> Thank you for the response, it was very helpful.
> I'm facing a small problem, i'm using the following code to get the ip
> and write it to a file :
> host_t* host = ike_sa->get_other_host(ike_sa);
> sockaddr_t* address = host->get_sockaddr(host);
> struct sockaddr_in* their_addr = (struct sockaddr_in*)address;
> char *ip = inet_ntoa(their_addr->sin_addr);
> But the ip is the real ip, i want to know the vpn ip that the strongswan
> gave the client, i couldn't find it.
> i tried to use :
> chunk_t* blabla = host->get_address(host);
> but i don't understand how to handle "chunk_t" how do i print the ip in
> blabla ?
> Thanks in advance.
> On Sun, Aug 3, 2014 at 10:24 AM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> you could write your own monitoring plugin along the lines of the
> "certexpire" plugin:
> where a bus listener collects the certificates used and checks them
> for the expiration date.
> In your case you could store the received peer certificates together
> with the corresponding IKE identities in a local file or send the
> information over a network socket.to <http://socket.to> a proxy server.
> Best regards
> On 08/02/2014 08:05 PM, The supervisor wrote:
> > Hi,
> > I'm new to strongswan and i am trying to achieve something that
> > shouldn't be very hard, i have the following setup :
> > Clients --> Strongswan VPN --> transparent proxy --> Internet.
> > Clients connect to strongswan vpn using client certificate.
> > I'm trying to find the simplest way (minimum code changes) to
> know which
> > client uses which certificate (and then to send this information
> to my
> > transparent proxy, or just print it to a file).
> > For example, when client with ip 10.1.0.1 connected using
> certificate X,
> > i want to send to my proxy a message about it.
> > I downloaded and compiled the code, but i don't know really where to
> > start, If someone could point me to the relevant code modules i would
> > very appreciate it, also any general explanation about how to
> > my goal would be helpful also.
> > Thanks in advanced,
> > DN
> Andreas Steffen andreas.steffen at strongswan.org
> <mailto:andreas.steffen at strongswan.org>
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
More information about the Dev