[strongSwan] Strongswan equivalent of openvpn push-peer-info
flyingrhino
flyingrhino at orcon.net.nz
Thu Jan 4 03:56:07 CET 2018
Thanks Noel for the quick response.
I do have a question though -
> You do that on the responder side via the attr/attr-sql plugins
> (possibly by using `ipsec pool`, too).
The initiator has several variables that I need to pass to the responder
at connection time. The variables don't change AFTER connection, but MAY
change AT THE NEXT connection. The responder needs to do firewall stuff
based upon these variables.
Does your advice below also relate to the responder - that these
variables are NOT AVAILABLE to the updown script env ?
Either way, what is your advice on getting the variables to the updown
script?
A really dirty solution is the initiator uploads a variables file to
some location and the responder updown script accesses and parses it for
the values. Is there a better way?
Thanks.
> On the initiator side, you need a plugin for charon to process the
> custom attributes. They aren't available
> in the updown script.
>
> Kind regards
>
> Noel
>
> On 03.01.2018 22:51, flyingrhino wrote:
>> Hi,
>>
>> Do we have an equivalent of the --push-peer-info command that openvpn
>> has?
>> Of most interest to me is the initiator pushing environment values to
>> the responder when it connects so that I can program the up/down
>> script to act upon this information.
>>
>> Here are the useful bits from the openvpn man page:
>> Push additional information about the client to server.
>> UV_<name>=<value> -- client environment variables whose names start
>> with "UV_"
>>
>> Thanks.
>>
More information about the Users
mailing list