[Swan-commit] Changes to ref refs/heads/master
New commits: commit d7eb264d9c1923c8d1e911490445198d1ee8d582 Author: D. Hugh Redelmeier Date: Tue Aug 14 01:53:11 2018 -0400 pluto: ikev2_parent.c: simplify and add some ??? ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit dc6ac663e220b3e801730e5a4b256a3a33108a96 Author: Paul Wouters Date: Mon Aug 13 22:36:49 2018 -0400 testing: removed unused/obsoleted testing/attacks, testing/crypto ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 26bed0b792070e52851f9e2b54b56f9eadf737f4 Author: Paul Wouters Date: Mon Aug 13 17:37:50 2018 -0400 testing: strongswan certs add serverAuth ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0728fb37bf95eab766b74ed6c1223a90d4940256 Author: Paul Wouters Date: Mon Aug 13 17:27:49 2018 -0400 testing: add SAN to strongswan pki generated ecdsa certs ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0d63ca83e965a29c676905ac55c6e5238c8dc97a Author: D. Hugh Redelmeier Date: Mon Aug 13 13:08:25 2018 -0400 pluto: negotiate_hash_algo_from_notification() prevent buffer overrun; tidy - if the Other Side sent a payload listing too many hash algorithms, an internal buffer would overflow. Now a diagnostic will be issued. Is the diagnotic emitted via the correct routine? - reduced the scope of local variables - eliminated pointless initialization - moved common code outside the switch cases - fixed typo in comment ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
Re: [Swan] About to the Libreswan project
On Mon, 13 Aug 2018, Peyman Ghorbani wrote: First thank you for taking the time and reading my letter. I found your email address from Google. Please use the swan mailing list. I don't scale at internet sizes. I'll start talking very quickly. I was able to launch the IPSec Cisco service on the my VPS by following the link below. https://github.com/hwdsl2/setup-ipsec-vpn Very convenient and fast in less than a few minutes, my quality service was delivered. But now I have a problem. This Shell script has provided me with just one account (Username/password and IPSec PSK) without any limitations. I need to set a time limit for accounts. In short, I want this service to be connected to the accounting via PAM RADIUS. You can set IPsec SA and IKE SA time limits via ikelifetime= and salifetime= The user then has to re-authenticate to continue. For IKEv1, you can use xauthby=pam and create an appropriate /etc/pam.d/pluto configuration file. For IKEv2, you can set pam-authorize=yes and do something similar. For example, ou can use pam with radius or you can use the pam_url module to run your own REST based API to make custom decisions. Usually however, people limit the users by amount of traffic, not by amount of time. The updown scripts log the traffic and can be modified to report the traffic to a monitor/audit server for keeping count. For existing connections, "ipsec whack --trafficstatus" shows all connections/users and their currently used traffic (that has not yet been reported via updown since the connection is still up) Paul ___ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 5cecaafc89167260c8aa4fbc937b867343a502ae Author: D. Hugh Redelmeier Date: Mon Aug 13 11:46:48 2018 -0400 pluto: sprinkle "static"; formatting tweaks ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit