[strongSwan-dev] Best way to add a custom option per connection

Emeric POUPON emeric.poupon at stormshield.eu
Tue May 23 16:47:45 CEST 2017


Hello,

For a custom validation plugin, we would like to add an option per connection.
What would be the best way to do this?

As it seems quite complicated and very intusive to add custom options to the ipsec.conf file, we were thinking about something like that:

strongswan.conf:

charon {
    ...
    plugins {
        custom-validation-plugin {
            **connection_1_name** {
                option_name = value;       
            }
            **connection_2_name** {
                option_name = value;       
            }
            ....
         }
    }
}

In the validation plugin, we would get the name of the connection using the peer_cfg_t of the current ike sa attached to the bus.
The option would be got thanks to lib->settings->get_str("%s.plugins.custom-validation-plugin.%s", def, lib->ns, conn_name);

There seems to be some restrictions though (dot cannot be used within a connection name, ... ?)

Sounds like a hack, maybe there is something better to handle this?
What do you think?

Emeric


More information about the Dev mailing list