[strongSwan-dev] Embedded application integration - best practice

Jae Park jpark at 2wire.com
Thu Mar 4 18:59:49 CET 2010


I am building application that control Charon via SMP, so I had same
purpose and this is what I have done.

I added ike_state_change listener in smp.c so I can get event every
IKE_SA state changes.

But there is a problem when I make SMP message and send it to over TCP
socket (charon.xml), it generates error.

SMP socket is really based on send/ack based protocol as long as I
understand, so I decided to add another listening local 

Socket on my application to receive and handle any asynchronous event
from charon.

Hope this can help.


-----Original Message-----
From: dev-bounces+jpark=2wire.com at lists.strongswan.org
[mailto:dev-bounces+jpark=2wire.com at lists.strongswan.org] On Behalf Of
Ian Hailey
Sent: Thursday, March 04, 2010 9:17 AM
To: dev at lists.strongswan.org
Subject: [strongSwan-dev] Embedded application integration - best


I am hoping someone could offer some advice on how people "normally" go
about integrating a controlling app with StrongSwan, after a quick look
I can see a few ways are possible:

1.) Use the normal config files and invoke the ipsec script (no way of
getting indications?).
2.) Write a Charon plugin (like the NM plugin, I quite like this
3.) Use DBUS and the NM plugin (I have no idea about DBUS).
4.) Re-use the Stroke API (probably not a good idea).

My aim is to:

1.) Programatically configure StrongSwan (Charon).
2.) Be able to up/down connections.
3.) Get indications when connections go down (e.g. through DPD).

What are the GPL implications of writing a plugin, I assume it would
also become GPL?


Dev mailing list
Dev at lists.strongswan.org

More information about the Dev mailing list