[strongSwan-dev] about user quota usage and terminating

Isa YETER isa at teknasyon.com
Wed Jun 28 09:06:04 CEST 2017 

Hello there,

I want to log all user's bytes usage (received+sent) in my MySQL database,

I think I can get it from : "*strongswan statusall*" command, (I can't 
find another command to achieve this, is there any?)

This is the output:

    Status of IKE charon daemon (strongSwan 5.4.0, Linux
    3.10.0-514.6.1.el7.x86_64, x86_64):
       uptime: 4 days, since Jun 24 00:50:59 2017
       malloc: sbrk 2703360, mmap 0, used 572240, free 2131120
       worker threads: 11 of 16 idle, 5/0/0/0 working, job queue:
    0/0/0/0, scheduled: 4
       loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce
    x509 revocation constraints acert pubkey pkcs1 pkcs8 pkcs12 pgp
    dnskey sshkey pem openssl gcrypt fips-prf gmp xcbc cmac hmac ctr ccm
    gcm curl attr kernel-netlink resolve socket-default farp stroke vici
    updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls
    eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp
    Virtual IP pools (size/online/offline):
       10.86.86.0/24: 254/1/0
    Listening IP addresses:
       138.68.247.27
       10.46.0.7
    Connections:
      IPSec-IKEv2:  %any...%any  IKEv2, dpddelay=300s
      IPSec-IKEv2:   local:  [C=US, O=VpnTest, CN=vpn-test.com] uses
    public key authentication
      IPSec-IKEv2:    cert:  "C=US, O=VpnTest, CN=vpn-test.com"
      IPSec-IKEv2:   remote: uses public key authentication
      IPSec-IKEv2:   child:  0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
    IPSec-IKEv2-EAP:  %any...%any  IKEv2, dpddelay=300s
    IPSec-IKEv2-EAP:   local:  [vpn-test.com] uses public key authentication
    IPSec-IKEv2-EAP:    cert:  "C=US, O=VpnTest, CN=vpn-test.com"
    IPSec-IKEv2-EAP:   remote: uses EAP_MSCHAPV2 authentication with EAP
    identity '%any'
    IPSec-IKEv2-EAP:   child:  0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
       CiscoIPSec:  %any...%any  IKEv1, dpddelay=300s
       CiscoIPSec:   local:  [C=US, O=VpnTest, CN=vpn-test.com] uses
    public key authentication
       CiscoIPSec:    cert:  "C=US, O=VpnTest, CN=vpn-test.com"
       CiscoIPSec:   remote: uses public key authentication
       CiscoIPSec:   remote: uses XAuth authentication: any
       CiscoIPSec:   child:  0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
    *Security Associations (1 up, 0 connecting):**
    **  CiscoIPSec[8]: ESTABLISHED 7 seconds ago, 138.68.247.27[C=US,
    O=VpnTest, CN=vpn-test.com]...178.247.243.133[C=US, O=VpnTest,
    CN=client at vpn-test.com]**
    **  CiscoIPSec[8]: Remote XAuth identity: testu**
    **  CiscoIPSec[8]: IKEv1 SPIs: ecea85f05ddf6333_i
    3c1f0c592ea2372f_r*, rekeying disabled**
    **  CiscoIPSec[8]: IKE proposal:
    AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048**
    **  CiscoIPSec{3}:  INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs:
    ce1d218e_i 06491def_o**
    **  CiscoIPSec{3}:  AES_CBC_256/HMAC_SHA1_96, 511 bytes_i (8 pkts,
    6s ago), 1111 bytes_o (7 pkts, 6s ago), rekeying disabled**
    **  CiscoIPSec{3}:   0.0.0.0/0 === 10.86.86.1/32*

    *
    *

Do I need to look "Security Associations" part of the output?

According to this log, does "*511 by**tes_i*" and "*1111 bytes_o*" 
represents the incoming and outgoing bytes count of *testu* user?

Also when I want to get only "testu" user statistics, according to docs 
I'm typing this: *"**strongswan statusall test**u"*


But I'm getting no statistics:

    Connections:
    Security Associations (1 up, 0 connecting):
       no match



And my last  question; I will count bytes usage of users and if someone 
exceed his quota I want to kick him, how can I do that?

Thank you!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20170628/c2c88885/attachment.html>

More information about the Dev mailing list