[strongSwan] How to obtain the user ID (EAP identity) in the updown script?

Dusan Ilic dusan at comhem.se
Sat Apr 22 21:49:24 CEST 2017


Hi Peter,

This works for me, $PLUTO_XAUTH_ID

---- Peter Benko skrev ----

>Hi all,
>
>I'm running an IKEv2 eap-mschapv2 IPsec VPN with strongswan 5.2.1. I'm using an updown script to log connections and for some housekeeping stuff. Everything works fine except that I'd like to know the "user ID" (EAP identity) of the client in the updown script. Currently I'm using PLUTO_PEER_ID which works fine for e.g. the strongswan android client (it gives e.g., 'test_user'). However, if I have a Windows 7 or Windows 10 client, it gives me the client-side private IP address (e.g. 192.168.1.4).
>
>Is there a way to access the EAP identity for all clients in the updown script?
>
>Some relevant parts of my ipsec.conf:
>
>keyexchange=ikev2
>rightauth=eap-mschapv2
>eap_identity=%identity
>
>Thanks,
>
>Peter
>
>
>_______________________________________________
>Users mailing list
>Users at lists.strongswan.org
>https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170422/6e54a864/attachment.html>


More information about the Users mailing list