Re: [strongSwan] How to determine how many connections are currently active?
Hi Houman, The CHILD SAs are the actual tunnels carrying encrypted data. The IKE SA is used for peer authentication and the setup of the CHILD SAs. In principle an IKE SA can define multiple CHILD SAs if you want to connect multiple subnets behind the two VPN gateways with each other. Regards Andreas On 31.07.19 12:43, Houman wrote: > Hi Andreas, > > Thank you very much. That worked nicely, much easier than I thought it > would be. > > The difference between INSTALLED (519) and ESTABLISHED (520) was nearly > the same in my case. What is the main difference between them in this > context? > > Many Thanks, > Houman > > On Wed, 31 Jul 2019 at 11:14, Andreas Steffen > mailto:andreas.stef...@strongswan.org>> > wrote: > > Hi Houman, > > you can get the number of active IKE SAs via > > swanctl --list-sas | grep ESTABLISHED | wc -l > > if you are using the vici interface or > > ipsec statusall | grep ESTABLISHED | wc -l > > if you are using the legacy whack interface. > > For the total number of active CHILD SAs replace ESTABLISHED > by INSTALLED in the grep query. > > Best regards > > Andreas > > On 31.07.19 10:05, Houman wrote: > > Good morning, > > > > > > What is the best way to determine how many connections are currently > > active on the StrongSwan server? > > > > > > Maybe there is a simpler way but I thought of one way. I’m using > > FreeRadius with Mysql DB as storage. > > > > > > There are three fields that capture the start (acctstarttime), ongoing > > (acctupdatetime) and the end (acctstoptime) of a connection. > > > > > > I could theoretically filter for all acctupdatetime that start from > > today and have a acctstoptime that is null. The count of these > records > > would be the approximate number of active connections to the server. > > > > > > Is there a better way to achieve this or do you agree to this > approach? > > > > > > > > Many Thanks, > > > > Houman > > > > -- > == > Andreas Steffen > andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org> > strongSwan - the Open Source VPN Solution! > www.strongswan.org <http://www.strongswan.org> > Institute for Networked Solutions > HSR University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===[INS-HSR]== > -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions HSR University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[INS-HSR]==
Re: [strongSwan] How to determine how many connections are currently active?
Hi Andreas, Thank you very much. That worked nicely, much easier than I thought it would be. The difference between INSTALLED (519) and ESTABLISHED (520) was nearly the same in my case. What is the main difference between them in this context? Many Thanks, Houman On Wed, 31 Jul 2019 at 11:14, Andreas Steffen < andreas.stef...@strongswan.org> wrote: > Hi Houman, > > you can get the number of active IKE SAs via > > swanctl --list-sas | grep ESTABLISHED | wc -l > > if you are using the vici interface or > > ipsec statusall | grep ESTABLISHED | wc -l > > if you are using the legacy whack interface. > > For the total number of active CHILD SAs replace ESTABLISHED > by INSTALLED in the grep query. > > Best regards > > Andreas > > On 31.07.19 10:05, Houman wrote: > > Good morning, > > > > > > What is the best way to determine how many connections are currently > > active on the StrongSwan server? > > > > > > Maybe there is a simpler way but I thought of one way. I’m using > > FreeRadius with Mysql DB as storage. > > > > > > There are three fields that capture the start (acctstarttime), ongoing > > (acctupdatetime) and the end (acctstoptime) of a connection. > > > > > > I could theoretically filter for all acctupdatetime that start from > > today and have a acctstoptime that is null. The count of these records > > would be the approximate number of active connections to the server. > > > > > > Is there a better way to achieve this or do you agree to this approach? > > > > > > > > Many Thanks, > > > > Houman > > > > -- > == > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Networked Solutions > HSR University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===[INS-HSR]== >
[strongSwan] How to determine how many connections are currently active?
Good morning, What is the best way to determine how many connections are currently active on the StrongSwan server? Maybe there is a simpler way but I thought of one way. I’m using FreeRadius with Mysql DB as storage. There are three fields that capture the start (acctstarttime), ongoing (acctupdatetime) and the end (acctstoptime) of a connection. I could theoretically filter for all acctupdatetime that start from today and have a acctstoptime that is null. The count of these records would be the approximate number of active connections to the server. Is there a better way to achieve this or do you agree to this approach? Many Thanks, Houman