Hi, if you want the virtual IP address[es] then you can use the following enumerator:
enumerator_t *enumerator;
host_t *vip;
size_t buf_len = 128;
char buf[buf_len];
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
if (enumerator->enumerate(enumerator, &vip))
{
/* Print the IPv4 or IPv6 address */
snprintf(buf, buf_len, "%H", vip);
}
enumerator->destroy(enumerator);
Since at the time of the ike_updown bus event the virtual IPs haven't
been assigned yet, your listener must subscribe to the assign_vips
bus event. As an example have a look at the tnc-ifmap plugin:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c;h=d2ba2e345b8d5de73b37c236822d1e32021b29b7;hb=HEAD#l108
Best regards
Andreas
On 18.08.2014 13:22, The supervisor wrote:
Thank you for the response, it was very helpful. I'm facing a small problem, i'm using the following code to get the ip and write it to a file : host_t* host = ike_sa->get_other_host(ike_sa); sockaddr_t* address = host->get_sockaddr(host); struct sockaddr_in* their_addr = (struct sockaddr_in*)address; char *ip = inet_ntoa(their_addr->sin_addr); But the ip is the real ip, i want to know the vpn ip that the strongswan gave the client, i couldn't find it. i tried to use : chunk_t* blabla = host->get_address(host); but i don't understand how to handle "chunk_t" how do i print the ip in blabla ? Thanks in advance. On Sun, Aug 3, 2014 at 10:24 AM, Andreas Steffen <[email protected] <mailto:[email protected]>> wrote: Hi, you could write your own monitoring plugin along the lines of the "certexpire" plugin: https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/show/src/libcharon/plugins/certexpire where a bus listener collects the certificates used and checks them for the expiration date. In your case you could store the received peer certificates together with the corresponding IKE identities in a local file or send the information over a network socket.to <http://socket.to> a proxy server. Best regards Andreas On 08/02/2014 08:05 PM, The supervisor wrote: > Hi, > > > I'm new to strongswan and i am trying to achieve something that > shouldn't be very hard, i have the following setup : > > Clients --> Strongswan VPN --> transparent proxy --> Internet. > > > Clients connect to strongswan vpn using client certificate. > > > I'm trying to find the simplest way (minimum code changes) to know which > client uses which certificate (and then to send this information to my > transparent proxy, or just print it to a file). > > For example, when client with ip 10.1.0.1 connected using certificate X, > i want to send to my proxy a message about it. > > > I downloaded and compiled the code, but i don't know really where to > start, If someone could point me to the relevant code modules i would > very appreciate it, also any general explanation about how to achieve > my goal would be helpful also. > > > Thanks in advanced, > > DN > ====================================================================== Andreas Steffen [email protected] <mailto:[email protected]> strongSwan - the Open Source VPN Solution! www.strongswan.org <http://www.strongswan.org> Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
-- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
