Thanks Noel for the quick response.
I do have a question though -
You do that on the responder side via the attr/attr-sql plugins
(possibly by using `ipsec pool`, too).
The initiator has several variables that I need to pass to the responder
at connection time. The variables don't change AFTER connection, but MAY
change AT THE NEXT connection. The responder needs to do firewall stuff
based upon these variables.
Does your advice below also relate to the responder - that these
variables are NOT AVAILABLE to the updown script env ?
Either way, what is your advice on getting the variables to the updown
script?
A really dirty solution is the initiator uploads a variables file to
some location and the responder updown script accesses and parses it for
the values. Is there a better way?
Thanks.
On the initiator side, you need a plugin for charon to process the
custom attributes. They aren't available
in the updown script.
Kind regards
Noel
On 03.01.2018 22:51, flyingrhino wrote:
Hi,
Do we have an equivalent of the --push-peer-info command that openvpn
has?
Of most interest to me is the initiator pushing environment values to
the responder when it connects so that I can program the up/down
script to act upon this information.
Here are the useful bits from the openvpn man page:
Push additional information about the client to server.
UV_<name>=<value> -- client environment variables whose names start
with "UV_"
Thanks.
