Skip to content

a golang implement of strongswan vici plugin client.

License

Notifications You must be signed in to change notification settings

perimeter-81/goStrongswanVici

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

strongswan vici golang client

Build Status GoDoc docs examples Total views GitHub issues GitHub stars GitHub forks MIT License

a golang implement of strongswan vici plugin client.

document

Implemented command list

  • version()
  • list-sas()
  • get-shared()
  • terminate()
  • load-conn()
  • load-cert()
  • load-key()
  • load-pool()
  • load-shared()
  • list-conns()
  • unload-conn()
  • unload-shared()

If you need some commands, but it is not here .you can implement yourself, and send a pull request to this project.

Testing

To test the library's functionality, docker-compose is used to spin up strongswan in a separate Docker container.

$ docker-compose up -V
Creating network "gostrongswanvici_default" with the default drive
Creating volume "gostrongswanvici_charondata" with default driver
Creating gostrongswanvici_strongswan_1 ... done
Creating gostrongswanvici_go-test_1    ... done
Attaching to gostrongswanvici_strongswan_1, gostrongswanvici_go-test_1
...
go-test_1     | ok      github.com/RenaultAI/goStrongswanVici   0.017s
gostrongswanvici_go-test_1 exited with code 0

example

package main

import (
	"fmt"
	"github.com/bronze1man/goStrongswanVici"
)

func main(){
    // create a client.
	client, err := goStrongswanVici.NewClientConnFromDefaultSocket()
	if err != nil {
		panic(err)
	}
	defer client.Close()

	// get strongswan version
	v, err := client.Version()
	if err != nil {
		panic(err)
	}
	fmt.Printf("%#v\n", v)

	childConfMap := make(map[string]goStrongswanVici.ChildSAConf)
        childSAConf := goStrongswanVici.ChildSAConf{
                Local_ts:      []string{"10.10.59.0/24"},
                Remote_ts:     []string{"10.10.40.0/24"},
                ESPProposals:  []string{"aes256-sha256-modp2048"},
                StartAction:   "trap",
		CloseAction:   "restart",
                Mode:          "tunnel",
                ReqID:         "10",
                RekeyTime:     "10m",
                InstallPolicy: "no",
        }
        childConfMap["test-child-conn"] = childSAConf

        localAuthConf := goStrongswanVici.AuthConf{
                AuthMethod: "psk",
        }
        remoteAuthConf := goStrongswanVici.AuthConf{
                AuthMethod: "psk",
        }

	ikeConfMap := make(map[string] goStrongswanVici.IKEConf)

        ikeConf := goStrongswanVici.IKEConf{
                LocalAddrs:  []string{"192.168.198.10"},
                RemoteAddrs: []string{"192.168.198.11"},
                Proposals:   []string{"aes256-sha256-modp2048"},
                Version:     "1",
                LocalAuth:   localAuthConf,
                RemoteAuth:  remoteAuthConf,
                Children:    childConfMap,
                Encap:       "no",
        }

	ikeConfMap["test-connection"] = ikeConf

	//load connenction information into strongswan
        err = client.LoadConn(&ikeConfMap)
        if err != nil {
                fmt.Printf("error loading connection: %v")
                panic(err)
        }

	sharedKey := &goStrongswanVici.Key{
                Typ:    "IKE",
                Data:   "this is the key",
                Owners: []string{"192.168.198.10"}, //IP of the remote host
        }

	//load shared key into strongswan
        err = client.LoadShared(sharedKey)
        if err != nil {
                fmt.Printf("error returned from loadsharedkey \n")
                panic(err)
        }

	//list-conns 
	connList, err := client.ListConns("")
	if err != nil {
		fmt.Printf("error list-conns: %v \n", err)
	}

	for _, connection := range connList {
		fmt.Printf("connection map: %v", connection)
	}	

	// get all conns info from strongswan
	connInfo, err := client.ListAllVpnConnInfo()
	if err != nil {
		panic(err)
	}
	fmt.Printf("found %d connections. \n", len(connInfo))

	//unload connection from strongswan
	unloadConnReq := &goStrongswanVici.UnloadConnRequest{
			Name: "test-connection",
			}
	err = client.UnloadConn(unloadConnReq)
	if err != nil {
		panic(err)
	}

	// kill all conns in strongswan
	for _, info := range connInfo {
		fmt.Printf("kill connection id %s\n", info.Uniqueid)
		err = client.Terminate(&goStrongswanVici.TerminateRequest{
			Ike_id: info.Uniqueid,
		})
		if err != nil {
			panic(err)
		}
	}
}

About

a golang implement of strongswan vici plugin client.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 99.7%
  • Dockerfile 0.3%