Quick background, on our client devices, authentication is done via a separate program, which returns a session ID. Our clients then their client ID & that session ID via IKEv1 xauth, as the username and "password". We need to get it passed out of Libreswan to track session up/down, and so (locally) we've patched Libreswan to add the "password" to the updown script environment.
Our local patch isn't something that can be upstreamed, but I'm wondering if a cleaned up version, controlled by a config option (default do not export it, of course), could be. https://github.com/Telmate/libreswan/commit/1f5cd32f22e00ef6ce7ce091977079b2fc15975f We also track if the connection was shut down due to Libreswan's DPD detecting the client dead, and export that to the updown script as well: https://github.com/Telmate/libreswan/commit/960533723fb6c7666636251679ddf22195a2e1b2 This electronic mail transmission is intended for the use of the individual or entity to which it is addressed and may contain confidential information belonging to the sender. If you have received this transmission in error, please notify the sender immediately and delete the original message. Unless explicitly noted above, this e-mail should not, in any way, be considered evidence of the sender’s intent to be bound to any agreement. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
