README
¶
strongswan vici golang client
a golang implement of strongswan vici plugin client.
document
- http://godoc.org/github.com/bronze1man/goStrongswanVici
- https://github.com/strongswan/strongswan/tree/master/src/libcharon/plugins/vici
Implemented command list
- version()
- list-sas()
- get-shared()
- terminate()
- load-conn()
- load-cert()
- load-key()
- load-pool()
- load-shared()
- list-conns()
- unload-conn()
- unload-shared()
If you need some commands, but it is not here .you can implement yourself, and send a pull request to this project.
example
package main
import (
"fmt"
"github.com/bronze1man/goStrongswanVici"
)
func main(){
// create a client.
client, err := goStrongswanVici.NewClientConnFromDefaultSocket()
if err != nil {
panic(err)
}
defer client.Close()
// get strongswan version
v, err := client.Version()
if err != nil {
panic(err)
}
fmt.Printf("%#v\n", v)
childConfMap := make(map[string]goStrongswanVici.ChildSAConf)
childSAConf := goStrongswanVici.ChildSAConf{
Local_ts: []string{"10.10.59.0/24"},
Remote_ts: []string{"10.10.40.0/24"},
ESPProposals: []string{"aes256-sha256-modp2048"},
StartAction: "trap",
CloseAction: "restart",
Mode: "tunnel",
ReqID: "10",
RekeyTime: "10m",
InstallPolicy: "no",
}
childConfMap["test-child-conn"] = childSAConf
localAuthConf := goStrongswanVici.AuthConf{
AuthMethod: "psk",
}
remoteAuthConf := goStrongswanVici.AuthConf{
AuthMethod: "psk",
}
ikeConfMap := make(map[string] goStrongswanVici.IKEConf)
ikeConf := goStrongswanVici.IKEConf{
LocalAddrs: []string{"192.168.198.10"},
RemoteAddrs: []string{"192.168.198.11"},
Proposals: []string{"aes256-sha256-modp2048"},
Version: "1",
LocalAuth: localAuthConf,
RemoteAuth: remoteAuthConf,
Children: childConfMap,
Encap: "no",
}
ikeConfMap["test-connection"] = ikeConf
//load connenction information into strongswan
err = client.LoadConn(&ikeConfMap)
if err != nil {
fmt.Printf("error loading connection: %v")
panic(err)
}
sharedKey := &goStrongswanVici.Key{
Typ: "IKE",
Data: "this is the key",
Owners: []string{"192.168.198.10"}, //IP of the remote host
}
//load shared key into strongswan
err = client.LoadShared(sharedKey)
if err != nil {
fmt.Printf("error returned from loadsharedkey \n")
panic(err)
}
//list-conns
connList, err := client.ListConns("")
if err != nil {
fmt.Printf("error list-conns: %v \n", err)
}
for _, connection := range connList {
fmt.Printf("connection map: %v", connection)
}
// get all conns info from strongswan
connInfo, err := client.ListAllVpnConnInfo()
if err != nil {
panic(err)
}
fmt.Printf("found %d connections. \n", len(connInfo))
//unload connection from strongswan
unloadConnReq := &goStrongswanVici.UnloadConnRequest{
Name: "test-connection",
}
err = client.UnloadConn(unloadConnReq)
if err != nil {
panic(err)
}
// kill all conns in strongswan
for _, info := range connInfo {
fmt.Printf("kill connection id %s\n", info.Uniqueid)
err = client.Terminate(&goStrongswanVici.TerminateRequest{
Ike_id: info.Uniqueid,
})
if err != nil {
panic(err)
}
}
}
Documentation
¶
Overview ¶
a golang implement of strongswan vici plugin client. https://github.com/strongswan/strongswan/tree/master/src/libcharon/plugins/vici
Index ¶
- Constants
- func ConvertFromGeneral(general interface{}, concrete interface{}) (err error)
- func ConvertToGeneral(concrete interface{}, general interface{}) (err error)
- type AuthConf
- type ChildSAConf
- type Child_sas
- type Client
- func (c *Client) ListAllVpnConnInfo() (list []VpnConnInfo, err error)
- func (c *Client) ListSas(ike string, ike_id string) (sas []map[string]IkeSa, err error)
- func (c *Client) NewConn() (conn *ClientConn, err error)
- func (c *Client) Terminate(r *TerminateRequest) (err error)
- func (c *Client) Version() (out *Version, err error)
- type ClientConn
- func (c *ClientConn) Close() error
- func (c *ClientConn) GetShared() ([]string, error)
- func (c *ClientConn) Initiate(child string, ike string) (err error)
- func (c *ClientConn) ListAllVpnConnInfo() (list []VpnConnInfo, err error)
- func (c *ClientConn) ListConns(ike string) ([]map[string]IKEConf, error)
- func (c *ClientConn) ListSas(ike string, ike_id string) (sas []map[string]IkeSa, err error)
- func (c *ClientConn) LoadCertificate(s string, typ string, flag string) (err error)
- func (c *ClientConn) LoadConn(conn *map[string]IKEConf) error
- func (c *ClientConn) LoadECDSAPrivateKey(key *ecdsa.PrivateKey) error
- func (c *ClientConn) LoadPool(ph Pool) error
- func (c *ClientConn) LoadRSAPrivateKey(key *rsa.PrivateKey) error
- func (c *ClientConn) LoadShared(key *Key) error
- func (c *ClientConn) MonitorSA(callback monitorCallBack, watchdog time.Duration) (err error)
- func (c *ClientConn) RegisterEvent(name string, handler func(response map[string]interface{})) (err error)
- func (c *ClientConn) Request(apiname string, request map[string]interface{}) (response map[string]interface{}, err error)
- func (c *ClientConn) Stats() (msg map[string]interface{}, err error)
- func (c *ClientConn) Terminate(r *TerminateRequest) (err error)
- func (c *ClientConn) UnloadConn(r *UnloadConnRequest) error
- func (c *ClientConn) UnloadShared(key *UnloadKeyRequest) error
- func (c *ClientConn) UnregisterEvent(name string) (err error)
- func (c *ClientConn) Version() (out *Version, err error)
- type ClientOptions
- type Connection
- type EventChildRekey
- type EventChildRekeyPair
- type EventChildRekeySA
- type EventChildSAUpDown
- type EventChildUpDown
- type EventIkeRekey
- type EventIkeRekeyPair
- type EventIkeRekeySA
- type EventIkeSAUpDown
- type EventIkeSa
- type EventIkeUpDown
- type EventInfo
- type IKEConf
- type IkeSa
- type Key
- type Pool
- type PoolMapping
- type TerminateRequest
- type UnloadConnRequest
- type UnloadKeyRequest
- type Version
- type VpnConnInfo
Constants ¶
View Source
const ( EVENT_IKE_UPDOWN = "ike-updown" EVENT_IKE_REKEY = "ike-rekey" EVENT_CHILD_UPDOWN = "child-updown" EVENT_CHILD_REKEY = "child-rekey" )
View Source
const (
DefaultReadTimeout = 15 * time.Second
)
Variables ¶
This section is empty.
Functions ¶
func ConvertFromGeneral ¶
func ConvertFromGeneral(general interface{}, concrete interface{}) (err error)
general data type to concrete data type concrete data type like *Version general data type include map[string]interface{} []string string TODO make it faster
func ConvertToGeneral ¶
func ConvertToGeneral(concrete interface{}, general interface{}) (err error)
concrete data type to general data type concrete data type like *Version general data type include map[string]interface{} []string string TODO make it faster
Types ¶
type ChildSAConf ¶
type ChildSAConf struct {
Local_ts []string `json:"local_ts"`
Remote_ts []string `json:"remote_ts"`
ESPProposals []string `json:"esp_proposals,omitempty"` //aes128-sha1_modp1024
StartAction string `json:"start_action"` //none,trap,start
CloseAction string `json:"close_action"`
ReqID string `json:"reqid,omitempty"`
RekeyTime string `json:"rekey_time"`
ReplayWindow string `json:"replay_window,omitempty"`
Mode string `json:"mode"`
InstallPolicy string `json:"policies"`
UpDown string `json:"updown,omitempty"`
Priority string `json:"priority,omitempty"`
MarkIn string `json:"mark_in,omitempty"`
MarkOut string `json:"mark_out,omitempty"`
DpdAction string `json:"dpd_action,omitempty"`
LifeTime string `json:"life_time,omitempty"`
}
type Child_sas ¶
type Child_sas struct {
Reqid string `json:"reqid"`
State string `json:"state"` //had saw: INSTALLED
Mode string `json:"mode"` //had saw: TUNNEL
Protocol string `json:"protocol"`
Encap string `json:"encap"`
Spi_in string `json:"spi-in"`
Spi_out string `json:"spi-out"`
Cpi_in string `json:"cpi-in"`
Cpi_out string `json:"cpi-out"`
Encr_alg string `json:"encr-alg"`
Encr_keysize string `json:"encr-keysize"`
Integ_alg string `json:"integ-alg"`
Integ_keysize string `json:"integ-keysize"`
Prf_alg string `json:"prf-alg"`
Dh_group string `json:"dh-group"`
Esn string `json:"esn"`
Bytes_in string `json:"bytes-in"` //bytes into this machine
Packets_in string `json:"packets-in"`
Use_in string `json:"use-in"`
Bytes_out string `json:"bytes-out"` // bytes out of this machine
Packets_out string `json:"packets-out"`
Use_out string `json:"use-out"`
Rekey_time string `json:"rekey-time"`
Life_time string `json:"life-time"`
Install_time string `json:"install-time"`
Local_ts []string `json:"local-ts"`
Remote_ts []string `json:"remote-ts"`
}
func (*Child_sas) GetBytesIn ¶
func (*Child_sas) GetBytesOut ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶
func NewClient(options ClientOptions) (client *Client)
func NewClientFromDefaultSocket ¶
func NewClientFromDefaultSocket() (client *Client)
func (*Client) ListAllVpnConnInfo ¶
func (c *Client) ListAllVpnConnInfo() (list []VpnConnInfo, err error)
func (*Client) NewConn ¶
func (c *Client) NewConn() (conn *ClientConn, err error)
func (*Client) Terminate ¶
func (c *Client) Terminate(r *TerminateRequest) (err error)
type ClientConn ¶
type ClientConn struct {
// ReadTimeout specifies a time limit for requests made
// by this client.
ReadTimeout time.Duration
// contains filtered or unexported fields
}
This object is not thread safe. if you want concurrent, you need create more clients.
func NewClientConn ¶
func NewClientConn(conn net.Conn) (client *ClientConn)
func NewClientConnFromDefaultSocket ¶
func NewClientConnFromDefaultSocket() (client *ClientConn, err error)
it dial from unix:///var/run/charon.vici
func (*ClientConn) Close ¶
func (c *ClientConn) Close() error
func (*ClientConn) GetShared ¶
func (c *ClientConn) GetShared() ([]string, error)
get a the names of the shared secrets currently loaded
func (*ClientConn) Initiate ¶
func (c *ClientConn) Initiate(child string, ike string) (err error)
Initiate is used to initiate an SA. This is the equivalent of `swanctl --initiate -c childname`
func (*ClientConn) ListAllVpnConnInfo ¶
func (c *ClientConn) ListAllVpnConnInfo() (list []VpnConnInfo, err error)
a helper method to avoid complex data struct in ListSas if it only have one child_sas ,it will put it into info.Child_sas
func (*ClientConn) ListConns ¶
func (c *ClientConn) ListConns(ike string) ([]map[string]IKEConf, error)
func (*ClientConn) ListSas ¶
To be simple, list all clients that are connecting to this server . A client is a sa. Lists currently active IKE_SAs
func (*ClientConn) LoadCertificate ¶
func (c *ClientConn) LoadCertificate(s string, typ string, flag string) (err error)
func (*ClientConn) LoadECDSAPrivateKey ¶
func (c *ClientConn) LoadECDSAPrivateKey(key *ecdsa.PrivateKey) error
LoadECDSAPrivateKey encodes a *ecdsa.PrivateKey as a PEM block before sending it to the Vici interface
func (*ClientConn) LoadPool ¶
func (c *ClientConn) LoadPool(ph Pool) error
func (*ClientConn) LoadRSAPrivateKey ¶
func (c *ClientConn) LoadRSAPrivateKey(key *rsa.PrivateKey) error
LoadRSAPrivateKey encodes a *rsa.PrivateKey as a PEM block before sending it to the Vici interface
func (*ClientConn) LoadShared ¶
func (c *ClientConn) LoadShared(key *Key) error
load a shared secret into the IKE daemon
func (*ClientConn) MonitorSA ¶
func (c *ClientConn) MonitorSA(callback monitorCallBack, watchdog time.Duration) (err error)
func (*ClientConn) RegisterEvent ¶
func (c *ClientConn) RegisterEvent(name string, handler func(response map[string]interface{})) (err error)
func (*ClientConn) Request ¶
func (c *ClientConn) Request(apiname string, request map[string]interface{}) (response map[string]interface{}, err error)
func (*ClientConn) Stats ¶
func (c *ClientConn) Stats() (msg map[string]interface{}, err error)
Stats returns IKE daemon statistics and load information.
func (*ClientConn) Terminate ¶
func (c *ClientConn) Terminate(r *TerminateRequest) (err error)
To be simple, kill a client that is connecting to this server. A client is a sa. Terminates an SA while streaming control-log events.
func (*ClientConn) UnloadConn ¶
func (c *ClientConn) UnloadConn(r *UnloadConnRequest) error
func (*ClientConn) UnloadShared ¶
func (c *ClientConn) UnloadShared(key *UnloadKeyRequest) error
unload (delete) a shared secret from the IKE daemon
func (*ClientConn) UnregisterEvent ¶
func (c *ClientConn) UnregisterEvent(name string) (err error)
func (*ClientConn) Version ¶
func (c *ClientConn) Version() (out *Version, err error)
type ClientOptions ¶
type Connection ¶
type EventChildRekey ¶
type EventChildRekey struct {
Ike map[string]*EventIkeRekeySA
}
type EventChildRekeyPair ¶
type EventChildRekeyPair struct {
New EventChildRekeySA `json:"new"`
Old EventChildRekeySA `json:"old"`
}
type EventChildRekeySA ¶
type EventChildRekeySA struct {
Bytes_in string `json:"bytes-in"`
Bytes_out string `json:"bytes-out"`
Encap string `json:"encap"`
Encr_alg string `json:"encr-alg"`
Encr_keysize string `json:"encr-keysize"`
Integ_alg string `json:"integ-alg"`
Install_time string `json:"install-time"`
Life_time string `json:"life-time"`
Local_ts []string `json:"local-ts"`
Mode string `json:"mode"`
Name string `json:"name"`
Packets_in string `json:"packets-in"`
Packets_out string `json:"packets-out"`
Protocol string `json:"protocol"`
Remote_ts []string `json:"remote-ts"`
Rekey_time string `json:"rekey-time"`
Reqid string `json:"reqid"`
Spi_in string `json:"spi-in"`
Spi_out string `json:"spi-out"`
State string `json:"state"`
Use_in string `json:"use-in"`
Use_out string `json:"use-out"`
UniqueId string `json:"uniqueid"`
}
type EventChildSAUpDown ¶
type EventChildSAUpDown struct {
Bytes_in string `json:"bytes-in"`
Bytes_out string `json:"bytes-out"`
Encap string `json:"encap"`
Encr_alg string `json:"encr-alg"`
Encr_keysize string `json:"encr-keysize"`
Integ_alg string `json:"integ-alg"`
Install_time string `json:"install-time"`
Life_time string `json:"life-time"`
Local_ts []string `json:"local-ts"`
Mode string `json:"mode"`
Name string `json:"name"`
Protocol string `json:"protocol"`
Packets_out string `json:"packets-out"`
Packets_in string `json:"packets-in"`
Rekey_time string `json:"rekey-time"`
Remote_ts []string `json:"remote-ts"`
Reqid string `json:"reqid"`
Spi_in string `json:"spi-in"`
Spi_out string `json:"spi-out"`
State string `json:"state"`
UniqueId string `json:"uniqueid"`
}
type EventChildUpDown ¶
type EventChildUpDown struct {
Up bool
Ike map[string]*EventIkeSAUpDown
}
type EventIkeRekey ¶
type EventIkeRekey struct {
Ike map[string]*EventIkeRekeyPair
}
type EventIkeRekeyPair ¶
type EventIkeRekeyPair struct {
New EventIkeRekeySA `json:"new"`
Old EventIkeRekeySA `json:"old"`
}
type EventIkeRekeySA ¶
type EventIkeRekeySA struct {
Child_sas map[string]*EventChildRekeyPair `json:"child-sas"`
Dh_group string `json:"dh-group"`
Encr_alg string `json:"encr-alg"`
Encr_keysize string `json:"encr-keysize"`
Established string `json:"established"`
Initiator_spi string `json:"initiator-spi"`
Integ_alg string `json:"integ-alg"`
Local_host string `json:"local-host"`
Local_port string `json:"local-port"`
Local_id string `json:"local-id"`
Nat_any string `json:"nat-any"`
Nat_remote string `json:"nat-remote"`
Prf_alg string `json:"prf-alg"`
Rekey_time string `json:"rekey-time"`
Remote_id string `json:"remote-id"`
Remote_host string `json:"remote-host"`
Remote_port string `json:"remote-port"`
Responder_spi string `json:"responder-spi"`
State string `json:"state"`
Task_Active []string `json:"tasks-active"`
Task_Passive []string `json:"tasks-passive"`
Uniqueid string `json:"uniqueid"`
Version string `json:"version"`
}
type EventIkeSAUpDown ¶
type EventIkeSAUpDown struct {
Child_sas map[string]*EventChildSAUpDown `json:"child-sas"`
Dh_group string `json:"dh-group"`
Encr_keysize string `json:"encr-keysize"`
Encr_alg string `json:"encr-alg"`
Established string `json:"established"`
Initiator_spi string `json:"initiator-spi"`
Integ_alg string `json:"integ-alg"`
Local_id string `json:"local-id"`
Local_host string `json:"local-host"`
Local_port string `json:"local-port"`
Nat_any string `json:"nat-any"`
Nat_remote string `json:"nat-remote"`
Prf_alg string `json:"prf-alg"`
Rekey_time string `json:"rekey-time"`
Remote_id string `json:"remote-id"`
Remote_host string `json:"remote-host"`
Remote_port string `json:"remote-port"`
Responder_spi string `json:"responder-spi"`
State string `json:"state"`
Task_Active []string `json:"tasks-active"`
Uniqueid string `json:"uniqueid"`
Version string `json:"version"`
}
type EventIkeSa ¶
type EventIkeUpDown ¶
type EventIkeUpDown struct {
Up bool
Ike map[string]*EventIkeSAUpDown
}
type EventInfo ¶
type EventInfo struct {
Up bool
Ike map[string]*EventIkeSa
}
type IKEConf ¶
type IKEConf struct {
LocalAddrs []string `json:"local_addrs"`
RemoteAddrs []string `json:"remote_addrs,omitempty"`
Proposals []string `json:"proposals,omitempty"`
Version string `json:"version"` //1 for ikev1, 0 for ikev1 & ikev2
Encap string `json:"encap"` //yes,no
KeyingTries string `json:"keyingtries"`
RekeyTime string `json:"rekey_time"`
DPDDelay string `json:"dpd_delay,omitempty"`
LocalAuth AuthConf `json:"local"`
RemoteAuth AuthConf `json:"remote"`
Pools []string `json:"pools,omitempty"`
Children map[string]ChildSAConf `json:"children"`
}
type IkeSa ¶
type IkeSa struct {
Uniqueid string `json:"uniqueid"` //called ike_id in terminate() argument.
Version string `json:"version"`
State string `json:"state"` //had saw: ESTABLISHED
Local_host string `json:"local-host"`
Local_id string `json:"local-id"`
Remote_host string `json:"remote-host"`
Remote_id string `json:"remote-id"`
Remote_xauth_id string `json:"remote-xauth-id"` //client username
Initiator string `json:"initiator"`
Initiator_spi string `json:"initiator-spi"`
Responder_spi string `json:"responder-spi"`
Encr_alg string `json:"encr-alg"`
Encr_keysize string `json:"encr-keysize"`
Integ_alg string `json:"integ-alg"`
Integ_keysize string `json:"integ-keysize"`
Prf_alg string `json:"prf-alg"`
Dh_group string `json:"dh-group"`
Established string `json:"established"`
Rekey_time string `json:"rekey-time"`
Reauth_time string `json:"reauth-time"`
Remote_vips []string `json:"remote-vips"`
Child_sas map[string]Child_sas `json:"child-sas"` //key means child-sa-name(conn name in ipsec.conf)
}
from list-sa event
type PoolMapping ¶
type TerminateRequest ¶
type UnloadConnRequest ¶
type UnloadConnRequest struct {
Name string `json:"name"`
}
type UnloadKeyRequest ¶
type UnloadKeyRequest struct {
ID string `json:"id"`
}
type VpnConnInfo ¶
type VpnConnInfo struct {
IkeSa
Child_sas
IkeSaName string //looks like conn name in ipsec.conf, content is same as ChildSaName
ChildSaName string //looks like conn name in ipsec.conf
}
a vpn conn in the strongswan server
func (*VpnConnInfo) GuessUserName ¶
func (c *VpnConnInfo) GuessUserName() string
Source Files
Click to show internal directories.
Click to hide internal directories.