[strongSwan] Strongswan5 logging possibilities?
Azfar Hashmi
azfar.hashmi at cloudways.com
Mon Mar 18 13:58:35 CET 2013
Can anyone say something. Below are my current conf but still unble to
assign virtual IP via mysql (sql-attr)
######################################################
> ipsec pool --status
dns servers: 8.8.8.8 8.8.4.4
no nbns servers found.
name start end timeout size
online usage
rightpool 10.0.0.1 10.0.0.100 8h 100 0 (
0%) 0 ( 0%)
> cat strongswan.conf
charon {
threads = 16
load = attr-sql sql curl aes des sha1 sha2 md5 pem pkcs1 gmp random
nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf
eap-radius eap-md5 xauth-eap updown
plugins {
eap-radius {
secret = secret
server = 127.0.0.1
}
pool {
load = mysql
}
}
syslog {
identifier = charon-custom
daemon {
}
auth {
default = 1
ike = 1
}
}
}
libstrongswan {
}
libhydra {
plugins {
attr-sql {
database = mysql://strongswan:StrongSwan@127.0.0.1/strongswan
}
}
}
> cat ipsec.conf
config setup
uniqueids=no
conn ios
keyexchange=ikev1
rightauth=pubkey
rightauth2=xauth
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=10.0.0.0/24
rightsourceip=%rightpool
auto=add
include /var/lib/strongswan/ipsec.conf.inc
###############################################
But I am still getting "no virtual IP found for %any requested by 'user'"
What I am doing wrong.
Martin where are you :(
On 3/12/2013 9:06 PM, Azfar Hashmi wrote:
> Okay I have compiled v5.0.2 with following options.
>
> ./configure --prefix=/root/strongswan5 --enable-eap-radius
> --enable-xauth-eap --enable-curl --enable-eap-md5 --enable-mysql
> --enable-sql
>
> Then put below in strongswan.conf
>
> charon {
>
> load = sql mysql ...............................................
>
> plugins {
>
> eap-radius {
> secret = xxxxxx
> server = 127.0.0.1
> }
>
> sql {
> loglevel = 1
> database =
> mysql://strongswanuser:StrongSwanpassword@localhost/strongswandb
> }
> }
> }
>
> Created above mysql db and put mysql schema
>
> http://wiki.strongswan.org/projects/strongswan/repository/revisions/master/raw/src/libcharon/plugins/sql/mysql.sql
>
> Left ipsec.conf as previously which include connection and client
> credentials properties (certificates, xauth etc .....).
>
> I can connect as I was before (via RSA and xauth-eap) but I can not
> see any thing in mysql "logs" table!
>
> What I am missing?
>
> On 3/12/2013 2:42 PM, Azfar Hashmi wrote:
>> Hi,
>>
>> I am using 5.0.2 with radius-eap auth. In 4.5 (Pluto) I was able to
>> get which private ip is assigned to which public ip like below.
>> "xx.48.49.xxx:4500 #141345: assigning virtual IP 10.0.0.68 to peer"
>>
>> But In v5 (Charon) I am getting only private ip.
>> "assigning virtual IP 10.0.0.2 to peer 'test'"
>>
>> Is there a way I can get this value even by modifying code etc.
>> Similarly I want to put logs only in sql and keep configuration,
>> certificates etc in files, is it possible?
>>
>> --
>>
>> AzfarHashmi
>>
>> Cloudways
>>
>> Your Managed Cloud
>>
>>
>>
>> e: azfar.hashmi at cloudways.com
>>
>> w: www.cloudways.com <http://www.cloudways.com>
>>
>>
>>
>> PGP keyid: 0xF42034B0F915D729
>>
>> http://keyserver.pgp.com
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
> --
>
> AzfarHashmi
>
> Cloudways
>
> Your Managed Cloud
>
>
>
> e: azfar.hashmi at cloudways.com
>
> w: www.cloudways.com <http://www.cloudways.com>
>
>
>
> PGP keyid: 0xF42034B0F915D729
>
> http://keyserver.pgp.com
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
AzfarHashmi
Cloudways
Your Managed Cloud
e: azfar.hashmi at cloudways.com
w: www.cloudways.com <http://www.cloudways.com>
PGP keyid: 0xF42034B0F915D729
http://keyserver.pgp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130318/c59a7080/attachment.html>
More information about the Users
mailing list