[strongSwan-dev] about user quota usage and terminating

Tobias Brunner tobias at strongswan.org
Thu Jun 29 15:42:23 CEST 2017


Hi Isa,

> I dont know is it terminating an active user connection or not, i tried
> : "swanctl -t testuser", it said: "terminate failed: missing terminate
> selector"

Try swanctl -t --help

But as I said before, you currently can only terminate by IKE or
CHILD_SA name or an SA's unique identifier.  You could, of course, look
for an IKE_SA with a specific user first and then use its unique ID to
terminate that specific IKE_SA.

> How can I do that?

As I mentioned before, you could use RADIUS's Dynamic Authorization
Extension (DAE), which allows you to terminate an active session with a
Disconnect-Request directly from the RADIUS server when the quote is
exceeded [1].

Regards,
Tobias

[1]
https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Session-Timeout-and-Dynamic-Authorization-Extension


More information about the Dev mailing list