[strongSwan-dev] charon-cmd

Klaus Richter klaus.richter at ecos.de
Sun Sep 24 11:58:58 CEST 2017


Hi Timo,

sure, here you are:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: charon-cmd.patch
Type: application/octet-stream
Size: 23581 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20170924/28fc64f2/attachment.obj>
-------------- next part --------------


The code is based on strongswan-5.5.1. 

I have added another option '--virtual-ip' (~leftsourceip with a static IP) for gateways that cannot do modeconfig. The same IP has to be set as local traffic selector for this to work.

You will find some superfluous debug code and some crude test code (ifdefd) where I experimented with dumping connection status every now and then. This can probably done via plugin but I don't know my way around that well. I'd welcome any hints!

Kind regards,
Klaus


On Sep 22, 2017, at 07:55 , Timo Teras wrote:

> Hi,
> 
> On Sat, 9 Sep 2017 17:44:48 +0200
> Klaus Richter <klaus.richter at ecos.de> wrote:
> 
>> we are using charon-cmd on our clients mainly for its ability to
>> prompt for PINs and passwords on the command line.
>> 
>> I have added a few options to suit our needs:
>> 
>>  --local-pk <path>
>>                  local public key for authentication
>>  --remote-pk <path>
>>                  remote public key for authentication
>>  --modeconfig <modeconfig>
>>                  modeconfig mode (pull, push, off, default: pull)
>>  --transport
>>                  transport mode (default: tunnel)
>>  --l2tp
>>                  L2TP mode (sets UDP/L2TP port traffic selector)
>>  --fragmentation
>>                  turn on fragmentation (default is off)
>> 
>> I've also added smart card support and another authentication profile
>> 'ikev1-psk[-am]', which a few of our customers still require.
>> 
>> Is this interesting for upstream? I would gladly post patches.
> 
> While I'm not committed, I would be interested to see these patches.
> Could you share them in any case?
> 
> Thanks
> Timo




More information about the Dev mailing list