Skip to content

bronze1man/goStrongswanVici

Folders and files

NameName
Last commit message
Last commit date

Latest commit

211cef3 · Nov 28, 2023

History

99 Commits
Nov 2, 2018
Nov 2, 2018
Nov 2, 2018
Feb 3, 2015
Nov 28, 2023
Feb 3, 2015
Jun 6, 2022
Jan 21, 2015
Nov 2, 2018
Jan 21, 2015
Jan 21, 2015
Jul 18, 2019
Nov 2, 2018
Oct 20, 2017
Nov 2, 2018
Jul 14, 2021
Jun 17, 2017
Nov 14, 2022
Jun 12, 2020
Oct 10, 2019
Jun 12, 2020
Jan 21, 2015
Jun 21, 2022
Aug 17, 2017
Jan 21, 2015
Jun 12, 2020
Jun 18, 2017
Dec 4, 2015
Feb 22, 2019
Aug 6, 2015
Jan 21, 2015

Repository files navigation

strongswan vici golang client

Build Status GoDoc docs examples Total views GitHub issues GitHub stars GitHub forks MIT License

a golang implement of strongswan vici plugin client.

document

Implemented command list

  • version()
  • list-sas()
  • get-shared()
  • terminate()
  • load-conn()
  • load-cert()
  • load-key()
  • load-pool()
  • load-shared()
  • list-conns()
  • unload-conn()
  • unload-shared()

If you need some commands, but it is not here .you can implement yourself, and send a pull request to this project.

Testing

To test the library's functionality, docker-compose is used to spin up strongswan in a separate Docker container.

$ docker-compose up -V
Creating network "gostrongswanvici_default" with the default drive
Creating volume "gostrongswanvici_charondata" with default driver
Creating gostrongswanvici_strongswan_1 ... done
Creating gostrongswanvici_go-test_1    ... done
Attaching to gostrongswanvici_strongswan_1, gostrongswanvici_go-test_1
...
go-test_1     | ok      github.com/RenaultAI/goStrongswanVici   0.017s
gostrongswanvici_go-test_1 exited with code 0

example

package main

import (
	"fmt"
	"github.com/bronze1man/goStrongswanVici"
)

func main(){
    // create a client.
	client, err := goStrongswanVici.NewClientConnFromDefaultSocket()
	if err != nil {
		panic(err)
	}
	defer client.Close()

	// get strongswan version
	v, err := client.Version()
	if err != nil {
		panic(err)
	}
	fmt.Printf("%#v\n", v)

	childConfMap := make(map[string]goStrongswanVici.ChildSAConf)
        childSAConf := goStrongswanVici.ChildSAConf{
                Local_ts:      []string{"10.10.59.0/24"},
                Remote_ts:     []string{"10.10.40.0/24"},
                ESPProposals:  []string{"aes256-sha256-modp2048"},
                StartAction:   "trap",
		CloseAction:   "restart",
                Mode:          "tunnel",
                ReqID:         "10",
                RekeyTime:     "10m",
                InstallPolicy: "no",
        }
        childConfMap["test-child-conn"] = childSAConf

        localAuthConf := goStrongswanVici.AuthConf{
                AuthMethod: "psk",
        }
        remoteAuthConf := goStrongswanVici.AuthConf{
                AuthMethod: "psk",
        }

	ikeConfMap := make(map[string] goStrongswanVici.IKEConf)

        ikeConf := goStrongswanVici.IKEConf{
                LocalAddrs:  []string{"192.168.198.10"},
                RemoteAddrs: []string{"192.168.198.11"},
                Proposals:   []string{"aes256-sha256-modp2048"},
                Version:     "1",
                LocalAuth:   localAuthConf,
                RemoteAuth:  remoteAuthConf,
                Children:    childConfMap,
                Encap:       "no",
        }

	ikeConfMap["test-connection"] = ikeConf

	//load connenction information into strongswan
        err = client.LoadConn(&ikeConfMap)
        if err != nil {
                fmt.Printf("error loading connection: %v")
                panic(err)
        }

	sharedKey := &goStrongswanVici.Key{
                Typ:    "IKE",
                Data:   "this is the key",
                Owners: []string{"192.168.198.10"}, //IP of the remote host
        }

	//load shared key into strongswan
        err = client.LoadShared(sharedKey)
        if err != nil {
                fmt.Printf("error returned from loadsharedkey \n")
                panic(err)
        }

	//list-conns 
	connList, err := client.ListConns("")
	if err != nil {
		fmt.Printf("error list-conns: %v \n", err)
	}

	for _, connection := range connList {
		fmt.Printf("connection map: %v", connection)
	}	

	// get all conns info from strongswan
	connInfo, err := client.ListAllVpnConnInfo()
	if err != nil {
		panic(err)
	}
	fmt.Printf("found %d connections. \n", len(connInfo))

	//unload connection from strongswan
	unloadConnReq := &goStrongswanVici.UnloadConnRequest{
			Name: "test-connection",
			}
	err = client.UnloadConn(unloadConnReq)
	if err != nil {
		panic(err)
	}

	// kill all conns in strongswan
	for _, info := range connInfo {
		fmt.Printf("kill connection id %s\n", info.Uniqueid)
		err = client.Terminate(&goStrongswanVici.TerminateRequest{
			Ike_id: info.Uniqueid,
		})
		if err != nil {
			panic(err)
		}
	}
}

About

a golang implement of strongswan vici plugin client.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published