I use the iptables-addons feature called xtaccount and count packets as
they pass through iptables. I have never tested that it is accurate
enough for billing, but it certainly does the job for finding excessive
usage...
On 2017-03-10 02:04 PM, Paul Wouters wrote:
On Thu, 9 Mar 2017, Dynastic Space wrote:
We need to obtain an accounting record for each vpn connection.We've
tried following the log file, specifically looking
for the following line:
"xauth-psk"[694] 14.100.134.56 #875: ESP traffic information: in=0B
out=0B XAUTH user=someuser
This line appears on connection disconnects, but we expected the
in/out parameters to specify the number of bytes
recorded, and they don't.
1. Is this a bug?
The feature only works with NETKEY/XFRM, not with KLIPS. I think KLIPS
does have the infor but we have no current API to pull it out of it.
Basically, the call get_sa_info() needs to be (re?)implemented for
KLIPS.
2. Is there a better way to obtain accounting information?
For IPsec traffic accounting with KLIPS, not that I know.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
