Hi Houman, > Is there is a way to disconnect a specific strongswan user from the > command line?
Not directly (at least not via vici, it might be possible via RADIUS, depending on the RADIUS server). > I have found the Vici plugin, but there is no documentation whatsoever. What do you mean? [1] provides an overview and has a link to the README.md file that describes the available commands and even contains simple code examples. The Python bindings are basically a wrapper that provides a convenient interface for these commands. > import vici > s = vici.Session() >>>> s.list_conns() > <generator object Session.streamed_request at 0x7ff658411ed0> That returns the configured connections, so that's not really useful to you. More interesting will be the list of established IKE_SAs (s.list_sas). > Looking at the code there is a "filters" as an argument to pass in: That argument can be used to pass information to the command (check the README for what the options are). For example, with list-sas you can filter based on the name or unique ID of an SA and/or pass a flag that determines if the command operates in non-blocking mode (blocked SAs are skipped). There is no option to filter by remote/user ID, so you have to enumerate the established SAs (list-sa documents the returned information) and check remote-(eap-)id yourself. > But I'm stuck as I don't know how to set that. There must be some kind > of documentation for this right? As I said, the README file documents the commands and arguments. > I suppose once I have the actual SA, I could pass it to terminate(). Get the unique ID of the SA and then terminate it using that. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/Vici