[strongSwan] Strongswan equivalent of openvpn push-peer-info
flyingrhino at orcon.net.nz
Thu Jan 4 05:18:07 CET 2018
BTW, how does the attr/attr-sql plugin work? I tried to configure it and
A few days ago I sent the email "[strongSwan] Struggling to send custom
configuration payload between peers" and I quoted the ipsec.conf and
strongswan.conf files I was using.
I got messages "Dec 29 15:16:37 asus303 charon: 10[CFG] handling (20000)
Am I missing something there ?
On 2018-01-04 16:10, Noel Kuntze wrote:
> It also relates to the responder.
> You could patch strongSwan to do that.
> On 04.01.2018 03:56, flyingrhino wrote:
>> Thanks Noel for the quick response.
>> I do have a question though -
>>> You do that on the responder side via the attr/attr-sql plugins
>>> (possibly by using `ipsec pool`, too).
>> The initiator has several variables that I need to pass to the
>> responder at connection time. The variables don't change AFTER
>> connection, but MAY change AT THE NEXT connection. The responder needs
>> to do firewall stuff based upon these variables.
>> Does your advice below also relate to the responder - that these
>> variables are NOT AVAILABLE to the updown script env ?
>> Either way, what is your advice on getting the variables to the updown
>> A really dirty solution is the initiator uploads a variables file to
>> some location and the responder updown script accesses and parses it
>> for the values. Is there a better way?
>>> On the initiator side, you need a plugin for charon to process the
>>> custom attributes. They aren't available
>>> in the updown script.
>>> Kind regards
>>> On 03.01.2018 22:51, flyingrhino wrote:
>>>> Do we have an equivalent of the --push-peer-info command that
>>>> openvpn has?
>>>> Of most interest to me is the initiator pushing environment values
>>>> to the responder when it connects so that I can program the up/down
>>>> script to act upon this information.
>>>> Here are the useful bits from the openvpn man page:
>>>> Push additional information about the client to server.
>>>> UV_<name>=<value> -- client environment variables whose names
>>>> start with "UV_"
More information about the Users