Hello again Tobias,
Thank you for your kindly help, I'm using radiusDB now for accounting.
It is ok.
Last problem is; I still could not found a way to terminate an active
connection by it's username.
I looked swanctl help and see this : swanctl --terminate (-t)
terminate a connection
I dont know is it terminating an active user connection or not, i tried
: "swanctl -t testuser", it said: "terminate failed: missing terminate
selector"
How can I do that?
Thanks.
On 28/06/2017 15:49, Tobias Brunner wrote:
Hi Isa,
I want to log all user's bytes usage (received+sent) in my MySQL database,
I think I can get it from : "*strongswan statusall*" command, (I can't
find another command to achieve this, is there any?)
That's not the best approach. In particular because querying it often
is not ideal (locks the SAs) and the format is not that machine readable
(vici/swanctl [1] provides a better interface in regards to the latter,
but still not ideal when queried often). Rekeyings could also be a
problem, depending on the interval used to query the SAs. Have a look
at the eap-radius plugin, that does accumulate use stats for RADIUS
accounting.
According to this log, does "*511 by**tes_i*" and "*1111 bytes_o*"
represents the incoming and outgoing bytes count of *testu* user?
Yes, of one of the CHILD_SAs of an IKE_SA that was created by that user.
Also when I want to get only "testu" user statistics, according to docs
I'm typing this: *"**strongswan statusall test**u"*
There is no option to query SAs by remote identity. Only by IKE or
CHILD_SA name or their unique identifier (same goes with vici/swanctl).
Where did you see that in the docs?
And my last question; I will count bytes usage of users and if someone
exceed his quota I want to kick him, how can I do that?
You could enumerate SAs and find the ones with a matching remote
identity and then terminate those (using vici/swanctl). But you should
probably use RADIUS accounting and DAE [2] for all of this.
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/Vici
[2] https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius
