It also relates to the responder. You could patch strongSwan to do that. On 04.01.2018 03:56, flyingrhino wrote: > Thanks Noel for the quick response. > I do have a question though - > >> You do that on the responder side via the attr/attr-sql plugins >> (possibly by using `ipsec pool`, too). > > The initiator has several variables that I need to pass to the responder at > connection time. The variables don't change AFTER connection, but MAY change > AT THE NEXT connection. The responder needs to do firewall stuff based upon > these variables. > > Does your advice below also relate to the responder - that these variables > are NOT AVAILABLE to the updown script env ? > > Either way, what is your advice on getting the variables to the updown script? > A really dirty solution is the initiator uploads a variables file to some > location and the responder updown script accesses and parses it for the > values. Is there a better way? > > > Thanks. > >> On the initiator side, you need a plugin for charon to process the >> custom attributes. They aren't available >> in the updown script. >> >> Kind regards >> >> Noel >> >> On 03.01.2018 22:51, flyingrhino wrote: >>> Hi, >>> >>> Do we have an equivalent of the --push-peer-info command that openvpn has? >>> Of most interest to me is the initiator pushing environment values to the >>> responder when it connects so that I can program the up/down script to act >>> upon this information. >>> >>> Here are the useful bits from the openvpn man page: >>> Push additional information about the client to server. >>> UV_<name>=<value> -- client environment variables whose names start with >>> "UV_" >>> >>> Thanks. >>> >
signature.asc
Description: OpenPGP digital signature