[strongSwan] How to obtain the user ID (EAP identity) in the updown script?

Peter Benko pbopbo at freemail.hu
Sat Apr 22 21:07:08 CEST 2017


Hi all,

I'm running an IKEv2 eap-mschapv2 IPsec VPN with strongswan 5.2.1. I'm using an updown script to log connections and for some housekeeping stuff. Everything works fine except that I'd like to know the "user ID" (EAP identity) of the client in the updown script. Currently I'm using PLUTO_PEER_ID which works fine for e.g. the strongswan android client (it gives e.g., 'test_user'). However, if I have a Windows 7 or Windows 10 client, it gives me the client-side private IP address (e.g. 192.168.1.4).

Is there a way to access the EAP identity for all clients in the updown script?

Some relevant parts of my ipsec.conf:

keyexchange=ikev2
rightauth=eap-mschapv2
eap_identity=%identity

Thanks,

Peter




More information about the Users mailing list