[Swan] Accounting Data
Computerisms Corporation
bob at computerisms.ca
Sun Mar 12 08:23:13 UTC 2017
I use the iptables-addons feature called xtaccount and count packets as
they pass through iptables. I have never tested that it is accurate
enough for billing, but it certainly does the job for finding excessive
usage...
On 2017-03-10 02:04 PM, Paul Wouters wrote:
> On Thu, 9 Mar 2017, Dynastic Space wrote:
>
>> We need to obtain an accounting record for each vpn connection.We've
>> tried following the log file, specifically looking
>> for the following line:
>>
>> "xauth-psk"[694] 14.100.134.56 #875: ESP traffic information: in=0B
>> out=0B XAUTH user=someuser
>>
>> This line appears on connection disconnects, but we expected the
>> in/out parameters to specify the number of bytes
>> recorded, and they don't.
>>
>> 1. Is this a bug?
>
> The feature only works with NETKEY/XFRM, not with KLIPS. I think KLIPS
> does have the infor but we have no current API to pull it out of it.
> Basically, the call get_sa_info() needs to be (re?)implemented for
> KLIPS.
>
>> 2. Is there a better way to obtain accounting information?
>
> For IPsec traffic accounting with KLIPS, not that I know.
>
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list