[strongSwan] (Vici) How to disconnect a VPN connection on the server side?
houmie at gmail.com
Tue Oct 15 12:11:45 CEST 2019
Thank you, for your help on this. I have managed to utilise eap-radius
plugin to listen to disconnect messages from Freeradius.
I get strange reporting in the logs. It seems that StrongSwan rejects the
initial disconnect message with a NAK.
(4) Sent Disconnect-Request Id 11 from 0.0.0.0:42481 to 127.0.0.1:3799
(4) User-Name = "houman"
(4) Sent Accounting-Response Id 178 from 127.0.0.1:1813 to 127.0.0.1:51530
(4) Finished request
(4) Cleaning up request packet ID 178 with timestamp +6
Waking up in 2.1 seconds.
(4) Clearing existing &reply: attributes
(4) Received Disconnect-NAK Id 11 from 127.0.0.1:3799 to 127.0.0.1:42481
What attributes *should* be in the Disconnect-Request beside User-Name? Is
there anything else I need to avoid getting a NAK from StrongSwan?
On Tue, 10 Sep 2019 at 12:02, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Houman,
> > Do you think that is possible to do via FreeRadius?
> See .
> > Just to be
> > clear there is always a 1:1 relationship between IKE_SA and a user at a
> > time, correct?
> Probably, that is, if you don't allow multiple IKE_SAs per user identity.
> > If I end an IKE_SA, I won't be kicking several users by
> > mistake?
> Not if you do so by unique ID (by name wouldn't be a good idea because
> all IKE_SAs by roadwarriors will share the name of the connection).
> > So in other words what
> > I'm trying to achieve is possible with Vici right?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users