[Swan] pam_open_session(3) Re: SUCCESS Re: NEW PROBLEM Re: IKEv2 PAM auth failure - how it's done properly?
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Thu Jan 27 16:53:47 EET 2022
On 26.1.2022. 15:51, Paul Wouters wrote:
> On Wed, 26 Jan 2022, Mirsad Goran Todorovac wrote:
>
>> I did some research. It may be impossible to log IKEv2 sessions in
>> utmp and wtmp, for libreswan doesn't appear to be calling
>> pam_open_session(3) after authenticating the certificate and the user
>> and pam_close_session(3) after the connection is severed.
>
> We never worked with utmp/wtmp, which to me feels more like unix user
> login related ?
>
>> I would like to have some handy connection logging apart from
>> /var/log/pluto.log ...
>
> Have a look at
> https://github.com/libreswan/libreswan/blob/main/contrib/updown-example/example-terminate.py
>
> It shows how you can log the disconnect to a file, but you can replace
> the file with like your REST server call.
Did just that, but I see remote IP ($PLUTO_PEER), but not $PLUTO_USERNAME:
2022 Jan 27 15:49:02 magrf pluto: up-client remoteip=161.53.83.23
conn=MYCONN-ikev2-cp type=tunnel remoteuser=
2022 Jan 27 15:49:04 magrf pluto: down-client remoteip=161.53.83.23
conn=MYCONN-ikev2-cp type=tunnel remoteuser=
2022 Jan 27 15:49:07 magrf pluto: up-host remoteip=161.53.83.23
conn=L2TP-PSK-NAT type=tunnel remoteuser=
2022 Jan 27 15:49:12 magrf pluto: down-host remoteip=161.53.83.23
conn=L2TP-PSK-NAT type=tunnel remoteuser=
2022 Jan 27 15:49:58 magrf pluto: up-host remoteip=161.53.83.23
conn=L2TP-PSK-NAT type=tunnel remoteuser=
2022 Jan 27 15:50:22 magrf pluto: down-host remoteip=161.53.83.23
conn=L2TP-PSK-NAT type=tunnel remoteuser=
Could I possibly log the information which certificate was used when the
IKEv2 connection was established?
That way I could have user control ...
Thanks.
Mirsad
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
More information about the Swan
mailing list