[strongSwan-dev] Best way to add a custom option per connection

[Emeric POUPON]

Hello,

For a custom validation plugin, we would like to add an option per connection.
What would be the best way to do this?

As it seems quite complicated and very intusive to add custom options to the ipsec.conf file, we were thinking about something like that:

strongswan.conf:

charon {
    ...
    plugins {
        custom-validation-plugin {
            **connection_1_name** {
                option_name = value;       
            }
            **connection_2_name** {
                option_name = value;       
            }
            ....
         }
    }
}

In the validation plugin, we would get the name of the connection using the peer_cfg_t of the current ike sa attached to the bus.
The option would be got thanks to lib->settings->get_str("%s.plugins.custom-validation-plugin.%s", def, lib->ns, conn_name);

There seems to be some restrictions though (dot cannot be used within a connection name, ... ?)

Sounds like a hack, maybe there is something better to handle this?
What do you think?

Emeric