[strongSwan] TSi, TSr narrow down by external authorization process

SunilVasanta v.sunil at sawridgesystems.com
Fri Nov 8 12:52:51 CET 2013


Hi ,

Is it possible to send out traffic selectors  values TSi,TSr   to other 
process (Authorization process) for TS narrow down.

I'm trying to modify Charon code to send out TSi, TSr values received in 
create child SA  to a authorization process to narrow down traffic 
selectors. The authentication process will receive
configured/allow traffic selector value for a user from policy server .

Authorization process will match the TSi and TSr values proposed against 
TSi, TSr value received from policy server, matched traffic selectors 
are sent back to Charon process so that it can configure Security policy 
datebase(SPD)  and send matched traffic selector to client.

Is there any way to configure strongswan charon process to achieve above 
functionality.


Thanks,
Sunil Vasanta
Sawridgesystems




More information about the Users mailing list