[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-announce
Subject: [strongSwan-dev] How to dump the network traffic packets from StrongSwan
From: "Eric Chen" <eric201405 () mail ! com>
Date: 2014-04-22 3:19:23
Message-ID: 20140422031923.204010 () gmx ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I'm current working for a VPN solution that the client can connect to our VPN server \
and then access the internet, e.g. Google.com, Yahoo.com, ...
There is one requirement to dump all the network traffic into pcap format files, and \
we can want to trace back the traffic to specific VPN client, as we want to \
understand which website the client accessed, which kind info the client browsed, \
etc. Thus we want to use the the internal IP assigned by VPN server to VPN client to \
do this.
By using the TCPDump, we can get all the network traffic packet, but for all the HTTP \
response from remote web server to VPN client, we can only get the VPN server IP \
inside the HTPP reponse, not the client internal IP. But when we look at the HTTP \
request from VPN client, you can see the VPN client internal IP first, and it will be \
translated to VPN server IP. But there is no such translation for HTTP response.
So is there a way to get such kind of info from StongSwan?
We looked at the StrongSwan log file, and it looks like it didn't provide such info \
right now. Thus can anyone help us to provide some guidance about how/where to modify \
the code to dump those kind of info into log files?
Thanks a lot.
Eric
[Attachment #5 (text/html)]
<span style='font-family:Verdana'><span style='font-size:12px'>Hi,<div> \
</div><div>I'm current working for a VPN solution that the client can connect to our \
VPN server and then access the internet, e.g. Google.com, Yahoo.com, ...</div><div> \
</div><div>There is one requirement to dump all the network traffic into pcap format \
files, and we can want to trace back the traffic to specific VPN client, as we \
want to understand which website the client accessed, which kind info the client \
browsed, etc. Thus we want to use the the internal IP assigned by VPN server to VPN \
client to do this.</div><div> </div><div>By using the TCPDump, we can get all the \
network traffic packet, but for all the HTTP response from remote web server to VPN \
client, we can only get the VPN server IP inside the HTPP reponse, not the client \
internal IP. But when we look at the HTTP request from VPN client, you can see the \
VPN client internal IP first, and it will be translated to VPN server IP. But \
there is no such translation for HTTP response.</div><div> </div><div>So is there a \
way to get such kind of info from StongSwan?</div><div> </div><div>We looked at the \
StrongSwan log file, and it looks like it didn't provide such info right now. Thus \
can anyone help us to provide some guidance about how/where to modify the code to \
dump those kind of info into log files?</div><div> </div><div> </div><div>Thanks a \
lot.</div><div> </div><div>Eric</div><div> </div><div> </div></span></span>
_______________________________________________
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic