[strongSwan-dev] does connection definition via sql work only for Ikev2?
Martin Willi
martin at strongswan.org
Thu May 8 09:01:17 CEST 2014
Hi,
> I noticed in src/libcharon/plugins/sql/sql_config.c, when the database is
> queried to create a peer_config, the where clause specifically mentions
> ike_version=2. When I removed this clause, the connection appeared in the
> ipsec statusall output (but still as a ikev2, so there might be more
> changes i will have to do).
As the sql plugin is not used very widely, we have not updated it yet to
support IKEv1 connections as we introduced them in charon with the 5.x
releases.
> I am trying to find an easy way to add connection definitions to
> strongswan from an external program, like a bash script. [...] Is there
> another way to add and delete connections to strongswan, from an
> external program, where I can specify all the connection parameters?
Just yesterday I've merged the vici plugin to our master branch. There
is no release yet, so you'd have to build from git.
vici provides a stable IPC socket and is designed to provide exactly
that kind of interface you probably need. Currently there is a libvici C
client library you can use. The swanctl utility is a first user of that
interface and should serve as a good example how to write your own
client.
More information about the new plugin is available at [1]. Please be
aware that this is all very fresh and might have some minor issues here
and there. But it definitely will be the interface we want to push for
these kind of things starting with the upcoming 5.2.0.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/vici
More information about the Dev
mailing list