[strongSwan] Strongswan equivalent of openvpn push-peer-info

[Noel Kuntze]

It also relates to the responder.
You could patch strongSwan to do that.

On 04.01.2018 03:56, flyingrhino wrote:
> Thanks Noel for the quick response.
> I do have a question though -
> 
>> You do that on the responder side via the attr/attr-sql plugins
>> (possibly by using `ipsec pool`, too).
> 
> The initiator has several variables that I need to pass to the responder at connection time. The variables don't change AFTER connection, but MAY change AT THE NEXT connection. The responder needs to do firewall stuff based upon these variables.
> 
> Does your advice below also relate to the responder - that these variables are NOT AVAILABLE to the updown script env ?
> 
> Either way, what is your advice on getting the variables to the updown script?
> A really dirty solution is the initiator uploads a variables file to some location and the responder updown script accesses and parses it for the values. Is there a better way?
> 
> 
> Thanks.
> 
>> On the initiator side, you need a plugin for charon to process the
>> custom attributes. They aren't available
>> in the updown script.
>>
>> Kind regards
>>
>> Noel
>>
>> On 03.01.2018 22:51, flyingrhino wrote:
>>> Hi,
>>>
>>> Do we have an equivalent of the --push-peer-info command that openvpn has?
>>> Of most interest to me is the initiator pushing environment values to the responder when it connects so that I can program the up/down script to act upon this information.
>>>
>>> Here are the useful bits from the openvpn man page:
>>>   Push additional information about the client to server.
>>>   UV_<name>=<value> -- client environment variables whose names start with "UV_"
>>>
>>> Thanks.
>>>
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180104/54732418/attachment.sig>