[strongSwan] Strongswan equivalent of openvpn push-peer-info

flyingrhino flyingrhino at orcon.net.nz
Thu Jan 4 03:56:07 CET 2018

Thanks Noel for the quick response.
I do have a question though -

> You do that on the responder side via the attr/attr-sql plugins
> (possibly by using `ipsec pool`, too).

The initiator has several variables that I need to pass to the responder 
at connection time. The variables don't change AFTER connection, but MAY 
change AT THE NEXT connection. The responder needs to do firewall stuff 
based upon these variables.

Does your advice below also relate to the responder - that these 
variables are NOT AVAILABLE to the updown script env ?

Either way, what is your advice on getting the variables to the updown 
A really dirty solution is the initiator uploads a variables file to 
some location and the responder updown script accesses and parses it for 
the values. Is there a better way?


> On the initiator side, you need a plugin for charon to process the
> custom attributes. They aren't available
> in the updown script.
> Kind regards
> Noel
> On 03.01.2018 22:51, flyingrhino wrote:
>> Hi,
>> Do we have an equivalent of the --push-peer-info command that openvpn 
>> has?
>> Of most interest to me is the initiator pushing environment values to 
>> the responder when it connects so that I can program the up/down 
>> script to act upon this information.
>> Here are the useful bits from the openvpn man page:
>>   Push additional information about the client to server.
>>   UV_<name>=<value> -- client environment variables whose names start 
>> with "UV_"
>> Thanks.

More information about the Users mailing list