[strongSwan-dev] about user quota usage and terminating
Tobias Brunner
tobias at strongswan.org
Thu Jun 29 15:42:23 CEST 2017
Hi Isa,
> I dont know is it terminating an active user connection or not, i tried
> : "swanctl -t testuser", it said: "terminate failed: missing terminate
> selector"
Try swanctl -t --help
But as I said before, you currently can only terminate by IKE or
CHILD_SA name or an SA's unique identifier. You could, of course, look
for an IKE_SA with a specific user first and then use its unique ID to
terminate that specific IKE_SA.
> How can I do that?
As I mentioned before, you could use RADIUS's Dynamic Authorization
Extension (DAE), which allows you to terminate an active session with a
Disconnect-Request directly from the RADIUS server when the quote is
exceeded [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Session-Timeout-and-Dynamic-Authorization-Extension
More information about the Dev
mailing list