On 2020-04-01, Radek <r...@int.pl> wrote: > Hi @misc, > is there any equivalent of "npppctl sessions all/brief" for iked(8)? > How can I get the list of currently connected roadwarriors? They use CA. > "ipsecctl -sa" shows IPs only, but I need to know who is who.
If you're not running recent -current, update (either the whole OS or just iked+ikectl), something changed recently (possibly "Copy EAP ID to new SA when rekeying IKE SA") that resulted in me seeing EAP-MSCHAPv2 usernames in a typical ipsecctl -sa, hopefully it will help for CA client certs too. (Perhaps not surprisingly there have been quite a lot of recent improvements to iked in -current).
