Hi Isa, > I dont know is it terminating an active user connection or not, i tried > : "swanctl -t testuser", it said: "terminate failed: missing terminate > selector"
Try swanctl -t --help But as I said before, you currently can only terminate by IKE or CHILD_SA name or an SA's unique identifier. You could, of course, look for an IKE_SA with a specific user first and then use its unique ID to terminate that specific IKE_SA. > How can I do that? As I mentioned before, you could use RADIUS's Dynamic Authorization Extension (DAE), which allows you to terminate an active session with a Disconnect-Request directly from the RADIUS server when the quote is exceeded [1]. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Session-Timeout-and-Dynamic-Authorization-Extension
