On 2020-04-01, Radek <rdk@int.pl> wrote:
> Hi @misc,
> is there any equivalent of "npppctl sessions all/brief" for iked(8)?
> How can I get the list of currently connected roadwarriors? They use CA.
> "ipsecctl -sa" shows IPs only, but I need to know who is who.
If you're not running recent -current, update (either the whole OS or
just iked+ikectl), something changed recently (possibly "Copy EAP ID to
new SA when rekeying IKE SA") that resulted in me seeing EAP-MSCHAPv2
usernames in a typical ipsecctl -sa, hopefully it will help for CA client
certs too. (Perhaps not surprisingly there have been quite a lot of
recent improvements to iked in -current).
No comments:
Post a Comment