On Wed, 1 Apr 2020 08:50:41 -0000 (UTC) Stuart Henderson <s...@spacehopper.org> wrote:
> On 2020-04-01, Radek <r...@int.pl> wrote: > > Hi @misc, > > is there any equivalent of "npppctl sessions all/brief" for iked(8)? > > How can I get the list of currently connected roadwarriors? They use CA. > > "ipsecctl -sa" shows IPs only, but I need to know who is who. > > If you're not running recent -current, update (either the whole OS or > just iked+ikectl), something changed recently (possibly "Copy EAP ID to > new SA when rekeying IKE SA") that resulted in me seeing EAP-MSCHAPv2 > usernames in a typical ipsecctl -sa, hopefully it will help for CA client > certs too. (Perhaps not surprisingly there have been quite a lot of > recent improvements to iked in -current). > > Thank you Stuart. I'm running 6.6. Unfortunately, the VPN box became quite important because of recent remote work policy and I don't wan't to "touch" it now as it works as expected. I manage this box remotely and I can't take the risk that sth goes wrong with update. This box has recently got increase the number of iked(8) users and I just wanted to have a better view of them. That was the reason of my question. I will wait for the next release and replace the box in - hopefully - better circumstances. It is good to see that iked(8) improves regularly from one release to another. -- Radek