Re: [strongSwan] How to determine how many connections are currently active?

2019-07-31 Thread Andreas Steffen
Hi Houman,

The CHILD SAs are the actual tunnels carrying encrypted data. The
IKE SA is used for peer authentication and the setup of the
CHILD SAs. In principle an IKE SA can define multiple CHILD SAs
if you want to connect multiple subnets behind the two VPN gateways
with each other.

Regards

Andreas

On 31.07.19 12:43, Houman wrote:
> Hi Andreas,
> 
> Thank you very much.  That worked nicely, much easier than I thought it
> would be.
> 
> The difference between INSTALLED (519) and ESTABLISHED (520) was nearly
> the same in my case.   What is the main difference between them in this
> context?
> 
> Many Thanks,
> Houman
> 
> On Wed, 31 Jul 2019 at 11:14, Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>
> wrote:
> 
> Hi Houman,
> 
> you can get the number of active IKE SAs via
> 
>   swanctl --list-sas | grep ESTABLISHED | wc -l
> 
> if you are using the vici interface or
> 
>   ipsec statusall | grep ESTABLISHED | wc -l
> 
> if you are using the legacy whack interface.
> 
> For the total number of active CHILD SAs replace ESTABLISHED
> by INSTALLED in the grep query.
> 
> Best regards
> 
> Andreas
> 
>     On 31.07.19 10:05, Houman wrote:
> > Good morning,
> >
> >
> > What is the best way to determine how many connections are currently
> > active on the StrongSwan server? 
> >
> >
> > Maybe there is a simpler way but I thought of one way. I’m using
> > FreeRadius with Mysql DB as storage.
> >
> >
> > There are three fields that capture the start (acctstarttime), ongoing
> > (acctupdatetime) and the end (acctstoptime) of a connection.
> >
> >
> > I could theoretically filter for all acctupdatetime that start from
> > today and have a acctstoptime that is null.  The count of these
> records
> > would be the approximate number of active connections to the server.
> >
> >
> > Is there a better way to achieve this or do you agree to this
> approach?
> >
> >
> >
> > Many Thanks,
> >
> > Houman
> >
> 
> -- 
> ==
> Andreas Steffen                       
>  andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org>
> strongSwan - the Open Source VPN Solution!         
> www.strongswan.org <http://www.strongswan.org>
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===[INS-HSR]==
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] How to determine how many connections are currently active?

2019-07-31 Thread Houman
Hi Andreas,

Thank you very much.  That worked nicely, much easier than I thought it
would be.

The difference between INSTALLED (519) and ESTABLISHED (520) was nearly the
same in my case.   What is the main difference between them in this context?

Many Thanks,
Houman

On Wed, 31 Jul 2019 at 11:14, Andreas Steffen <
andreas.stef...@strongswan.org> wrote:

> Hi Houman,
>
> you can get the number of active IKE SAs via
>
>   swanctl --list-sas | grep ESTABLISHED | wc -l
>
> if you are using the vici interface or
>
>   ipsec statusall | grep ESTABLISHED | wc -l
>
> if you are using the legacy whack interface.
>
> For the total number of active CHILD SAs replace ESTABLISHED
> by INSTALLED in the grep query.
>
> Best regards
>
> Andreas
>
> On 31.07.19 10:05, Houman wrote:
> > Good morning,
> >
> >
> > What is the best way to determine how many connections are currently
> > active on the StrongSwan server?
> >
> >
> > Maybe there is a simpler way but I thought of one way. I’m using
> > FreeRadius with Mysql DB as storage.
> >
> >
> > There are three fields that capture the start (acctstarttime), ongoing
> > (acctupdatetime) and the end (acctstoptime) of a connection.
> >
> >
> > I could theoretically filter for all acctupdatetime that start from
> > today and have a acctstoptime that is null.  The count of these records
> > would be the approximate number of active connections to the server.
> >
> >
> > Is there a better way to achieve this or do you agree to this approach?
> >
> >
> >
> > Many Thanks,
> >
> > Houman
> >
>
> --
> ==
> Andreas Steffen andreas.stef...@strongswan.org
> strongSwan - the Open Source VPN Solution!  www.strongswan.org
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===[INS-HSR]==
>


[strongSwan] How to determine how many connections are currently active?

2019-07-31 Thread Houman
Good morning,


What is the best way to determine how many connections are currently active
on the StrongSwan server?


Maybe there is a simpler way but I thought of one way. I’m using FreeRadius
with Mysql DB as storage.


There are three fields that capture the start (acctstarttime), ongoing
(acctupdatetime) and the end (acctstoptime) of a connection.


I could theoretically filter for all acctupdatetime that start from today
and have a acctstoptime that is null.  The count of these records would be
the approximate number of active connections to the server.


Is there a better way to achieve this or do you agree to this approach?



Many Thanks,

Houman