[strongSwan] Logging traffic usage counters for an entire client session
flyingrhino
flyingrhino at orcon.net.nz
Mon Jul 16 03:26:17 CEST 2018
Hi fellow Swan'ers,
I'm trying to log traffic usage of vpn clients session when they
disconnect (how much traffic they used during their session). I can
trigger a script at the "down" easily with:
leftupdown=/usr/local/bin/updownScript.sh , but there are no usage stats
in the environment variables passed to the script.
Are the usage counters available somewhere else that I'm not aware of?
Perhaps a plugin that adds these vars to the "down" env?
My troubleshooting:
I know of the 'counters' plugin that exposes the IKE counters 'ipsec
listcounters', as well as the 'ipsec statusall' command that gives this
info under the relevant SA:
CertName{24}: AES_CBC_256/HMAC_SHA2_384_192, 315872 bytes_i (4002 pkts,
100s ago), 7933390 bytes_o (6414 pkts, 101s ago), rekeying in 3 minutes.
However, the counters reset when the rekeying happens again, so even if
I wanted to count the stats per SA I'd need to script a periodic check
and a state machine to track the SA's connection:
CertName{25}: AES_CBC_256/HMAC_SHA2_384_192, 127 bytes_i (2 pkts, 2s
ago), 120 bytes_o (3 pkts, 1s ago), rekeying in 14 minutes.
It could be possible to do this via iptables too, with a rule marked per
session, then read the counters from there. But it is as awkward as the
state machine above...
Thanks.
More information about the Users
mailing list