May Contain Blueberries

the sometimes journal of Jeremy Beker


Unrelated to the recent events showing that our data on the internet is even less secure than many thought, I’ve developed a certain fascination with having VPN connections available for my mobile devices. Most articles that discuss using mobile devices stress the importance of not doing sensitive (or any) work while on public WiFi networks. The ability of other to sniff your data is just too easy. As a result, I have configured my devices to connect to my home server which runs Strongswan so that all my traffic gets tunneled to my house before exiting onto the internet. (And yes, I know that my ISP has full access to the data once it leaves my home, but there is no general solution to avoiding that.)

I am by no means an expert at setting up VPNs, but I have gotten my setup down pretty well. But one frustration was that my OS (Fedora) did not have any facility to include information that Strongswan generated about connections in the system log files in my daily Logwatch reports. All I ended up with was a huge collections of lines like this:

charon: 05[IKE] IKE_SA vpn-ikev2[306] established between
   A.B.C.D[C=US, O=Confusticate, CN=bree]...
   W.X.Y.Z[C=US, O=Confusticate, CN=Thinkpad]
charon: 05[IKE] CHILD_SA vpn-ikev2{296} established with
   SPIs c7b686bf_i cc98f0a4_o and TS 0.0.0.0/0 ::/0 ===
   192.168.3.0/24 2001:340:e496:6::/64
charon: 15[IKE] CHILD_SA vpn-ikev2{296} established with
   SPIs c2f5678a_i cc8fbed8_o and TS 0.0.0.0/0 ::/0 ===
   192.168.3.0/24 2001:340:e496:6::/64
charon: 04[IKE] closing CHILD_SA vpn-ikev2{296} with
   SPIs c78fe56bf_i (26135 bytes) cc53191a4_o (48092 bytes) and
   TS 0.0.0.0/0 ::/0 === 192.168.3.0/24 2001:340:e496:6::/64

So after looking at those for a few months I finally wrote my own scripts for Logwatch to get me some prettier output:

--------------------- Strongswan Begin ------------------------
IKE_SA Connections Initiated:
   IKE_SA:
      A.B.C.D 10 Time(s)
   Main Mode IKE_SA:
      A.B.C.E 2 Time(s)

IKE_SA Connections:
    vpn-ikev2:
      A.B.C.D[C=US, O=Confusticate, CN=bree]...
         64.196.84.195[C=US, O=Confusticate, CN=Thinkpad]
         Established 10 Time(s)
         Destroyed 10 Time(s)

CHILD_SA Connections:
   vpn-ikev2:
      0.0.0.0/0 ::/0 ===
      192.168.3.0/24 2001:340:e496:6::/64
         Established 38 Time(s)
         Destroyed 38 Time(s)
         Data In 1.113M
         Data Out 3.015M

---------------------- Strongswan End -------------------------

I have attached the scripts and configuration files to the end of this post. There are a few configuration files and the script itself; the tar file is laid out just like they need to be placed in your Logwatch configuration directories (mine are in /etc/logwatch). I have only tested this on my system (a Fedora system) so your mileage may vary. I am happy to get any reactions or ideas (ideas with patches are even better).

Download: logwatch-strongswan-0.0.1.tgz

Update: Uploaded code to GitHub.