[strongSwan] How to obtain the user ID (EAP identity) in the updown script?

Peter Benko pbopbo at freemail.hu
Sun Apr 23 11:00:52 CEST 2017


Hi Dusan,

Thanks for the answer, this was exactly what I needed!

Now I see that this is also used for IKEv2 EAP ( see also http://users.strongswan.narkive.com/lrqZAZG7/how-to-find-out-the-eap-username-of-the-client-in-the-updown-script-hi ). However, the "official" Strongswan updown script template only mentions XAUTH.

Thank again!

Peter

On Sat, 22 Apr 2017 21:49:24 +0200
Dusan Ilic <dusan at comhem.se> wrote:

> Hi Peter,
> 
> This works for me, $PLUTO_XAUTH_ID
> 
> ---- Peter Benko skrev ----
> 
> >Hi all,
> >
> >I'm running an IKEv2 eap-mschapv2 IPsec VPN with strongswan 5.2.1.
> >I'm using an updown script to log connections and for some
> >housekeeping stuff. Everything works fine except that I'd like to
> >know the "user ID" (EAP identity) of the client in the updown
> >script. Currently I'm using PLUTO_PEER_ID which works fine for e.g.
> >the strongswan android client (it gives e.g., 'test_user'). However,
> >if I have a Windows 7 or Windows 10 client, it gives me the
> >client-side private IP address (e.g. 192.168.1.4).
> >
> >Is there a way to access the EAP identity for all clients in the
> >updown script?
> >
> >Some relevant parts of my ipsec.conf:
> >
> >keyexchange=ikev2
> >rightauth=eap-mschapv2
> >eap_identity=%identity
> >
> >Thanks,
> >
> >Peter
> >
> >
> >_______________________________________________
> >Users mailing list
> >Users at lists.strongswan.org
> >https://lists.strongswan.org/mailman/listinfo/users



More information about the Users mailing list