[Swan] About to the Libreswan project

Peyman Ghorbani peymanghorbani at icloud.com
Tue Aug 14 06:42:39 UTC 2018 

Hi Paul

> >> Please use the swan mailing list. I don't scale at internet sizes.

Sorry, typed wrong. I've taken your email from the project site. (https://libreswan.org/wiki/Support)


> >> You can set IPsec SA and IKE SA time limits via ikelifetime= and
> >> salifetime=
> 
> >> The user then has to re-authenticate to continue.
> 
> >> For IKEv1, you can use xauthby=pam and create an appropriate
> >> /etc/pam.d/pluto configuration file.
> 
> >> For IKEv2, you can set pam-authorize=yes and do something similar.
> 
> >> For example, ou can use pam with radius or you can use the pam_url
> >> module to run your own REST based API to make custom decisions.
> 
> >> Usually however, people limit the users by amount of traffic, not by
> >> amount of time. The updown scripts log the traffic and can be modified
> >> to report the traffic to a monitor/audit server for keeping count.
> >> For existing connections, "ipsec whack --trafficstatus" shows all
> >> connections/users and their currently used traffic (that has not yet
> >> been reported via updown since the connection is still up)

Thanks for the help you.
Where are these parameters?
 pam-authorize
 salifetime
 ikelifetime

I have a request and request from you, and I hope you do not refuse it.
I'm really tired of trying hard.
I'll give you a raw server.
Can you start the IPSec and ikev2 with pam_radius_auth service on my server?
I really need your help and cooperation.
Thank you very much

> On Aug 13, 2018, at 9:24 PM, Paul Wouters <paul at nohats.ca> wrote:
> 
>> On Mon, 13 Aug 2018, Peyman Ghorbani wrote:
>> 
>> First thank you for taking the time and reading my letter.
>> I found your email address from Google.
> 
> Please use the swan mailing list. I don't scale at internet sizes.
> 
>> I'll start talking very quickly.
>> I was able to launch the IPSec Cisco service on the my VPS by following the link below.
>> https://github.com/hwdsl2/setup-ipsec-vpn
>> Very convenient and fast in less than a few minutes, my quality service was delivered. But now I have a problem.
>> This Shell script has provided me with just one account (Username/password and IPSec PSK) without any limitations.
>> I need to set a time limit for accounts.
>> In short, I want this service to be connected to the accounting via PAM RADIUS.
> 
> You can set IPsec SA and IKE SA time limits via ikelifetime= and
> salifetime=
> 
> The user then has to re-authenticate to continue.
> 
> For IKEv1, you can use xauthby=pam and create an appropriate
> /etc/pam.d/pluto configuration file.
> 
> For IKEv2, you can set pam-authorize=yes and do something similar.
> 
> For example, ou can use pam with radius or you can use the pam_url
> module to run your own REST based API to make custom decisions.
> 
> Usually however, people limit the users by amount of traffic, not by
> amount of time. The updown scripts log the traffic and can be modified
> to report the traffic to a monitor/audit server for keeping count.
> For existing connections, "ipsec whack --trafficstatus" shows all
> connections/users and their currently used traffic (that has not yet
> been reported via updown since the connection is still up)
> 
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180814/938c7015/attachment-0001.html>

More information about the Swan mailing list