On Wed, 1 Apr 2020 08:50:41 -0000 (UTC)
Stuart Henderson <stu@spacehopper.org> wrote:
> On 2020-04-01, Radek <rdk@int.pl> wrote:
> > Hi @misc,
> > is there any equivalent of "npppctl sessions all/brief" for iked(8)?
> > How can I get the list of currently connected roadwarriors? They use CA.
> > "ipsecctl -sa" shows IPs only, but I need to know who is who.
>
> If you're not running recent -current, update (either the whole OS or
> just iked+ikectl), something changed recently (possibly "Copy EAP ID to
> new SA when rekeying IKE SA") that resulted in me seeing EAP-MSCHAPv2
> usernames in a typical ipsecctl -sa, hopefully it will help for CA client
> certs too. (Perhaps not surprisingly there have been quite a lot of
> recent improvements to iked in -current).
>
>
Thank you Stuart. I'm running 6.6. Unfortunately, the VPN box became quite important because of recent remote work policy and I don't wan't to "touch" it now as it works as expected. I manage this box remotely and I can't take the risk that sth goes wrong with update.
This box has recently got increase the number of iked(8) users and I just wanted to have a better view of them. That was the reason of my question.
I will wait for the next release and replace the box in - hopefully - better circumstances.
It is good to see that iked(8) improves regularly from one release to another.
--
Radek
No comments:
Post a Comment