Thank Noel.
BTW, how does the attr/attr-sql plugin work? I tried to configure it and
failed.
A few days ago I sent the email "[strongSwan] Struggling to send custom
configuration payload between peers" and I quoted the ipsec.conf and
strongswan.conf files I was using.
I got messages "Dec 29 15:16:37 asus303 charon: 10[CFG] handling (20000)
attribute failed"
Am I missing something there ?
Regards.
On 2018-01-04 16:10, Noel Kuntze wrote:
It also relates to the responder.
You could patch strongSwan to do that.
On 04.01.2018 03:56, flyingrhino wrote:
Thanks Noel for the quick response.
I do have a question though -
You do that on the responder side via the attr/attr-sql plugins
(possibly by using `ipsec pool`, too).
The initiator has several variables that I need to pass to the
responder at connection time. The variables don't change AFTER
connection, but MAY change AT THE NEXT connection. The responder needs
to do firewall stuff based upon these variables.
Does your advice below also relate to the responder - that these
variables are NOT AVAILABLE to the updown script env ?
Either way, what is your advice on getting the variables to the updown
script?
A really dirty solution is the initiator uploads a variables file to
some location and the responder updown script accesses and parses it
for the values. Is there a better way?
Thanks.
On the initiator side, you need a plugin for charon to process the
custom attributes. They aren't available
in the updown script.
Kind regards
Noel
On 03.01.2018 22:51, flyingrhino wrote:
Hi,
Do we have an equivalent of the --push-peer-info command that
openvpn has?
Of most interest to me is the initiator pushing environment values
to the responder when it connects so that I can program the up/down
script to act upon this information.
Here are the useful bits from the openvpn man page:
Push additional information about the client to server.
UV_<name>=<value> -- client environment variables whose names
start with "UV_"
Thanks.
