IPsec login logs

josey

Hi guys,
can i get ip sec user logins ?
but only user logins.
if do can you guide me how?

thanks

also

what is maximum number of users connected over IPsec?
32? more?

if matters
link is 100/100mbps

jimp

@josey said in IPsec login logs:

Hi guys,
can i get ip sec user logins ?
but only user logins.
if do can you guide me how?

No. Unfortunately, strongSwan doesn't have a good way of marking just the login events so we can't filter them out in syslogd (See #9754). But if you have a central log system (off the firewall) to which pfSense can send logs you may be able to filter them on there.

what is maximum number of users connected over IPsec?
32? more?

There is no set limit. It's mostly up to your settings and hardware (CPU, etc). Someone posted a couple weeks ago that they had almost 1,000 clients connected.

josey

@jimp thanks

where is log file of ipsec?
is it /var/log/ipsec.log
is it logging more than 500 events which we can se under Status: System logs: IPsec VPN ?
i see there is 5000 lines but its only 1 day logged.
is it possible to log last for example 100 000 events?

regards

viktor_g

@josey you can change IPsec log file size on the Status / System Logs page:

josey

@viktor_g
thanks
set to 20000000
it will be for 35 days aprox

jimp

Since it's a binary circular log, there is no guarantee about how long any record will be there. They will be rotated out as new entries come in.

Storing large logs on the firewall is not a good practice. You should setup a dedicated syslog server and have pfSense deliver the logs there, where they can be properly stored/processed/archived.