rancher/goStrongswanVici

Name: goStrongswanVici

Owner: Rancher

Description: a golang implement of strongswan vici plugin client.

Created: 2015-12-30 04:10:54.0

Updated: 2017-07-07 23:29:45.0

Pushed: 2017-10-20 18:56:28.0

Homepage: null

Size: 31

Language: Go

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

strongswan vici golang client

a golang implement of strongswan vici plugin client.

document

• http://godoc.org/github.com/bronze1man/goStrongswanVici
• https://github.com/strongswan/strongswan/tree/master/src/libcharon/plugins/vici

Implemented command list

• version()
• list-sas()
• get-shared()
• terminate()
• load-conn()
• load-cert()
• load-key()
• load-pool()
• load-shared()
• list-conns()
• unload-conn()
• unload-shared()

If you need some commands, but it is not here .you can implement yourself, and send a pull request to this project.

example

age main

rt (
"fmt"
"github.com/bronze1man/goStrongswanVici"


 main(){
// create a client.
client, err := goStrongswanVici.NewClientConnFromDefaultSocket()
if err != nil {
    panic(err)
}
defer client.Close()

// get strongswan version
v, err := client.Version()
if err != nil {
    panic(err)
}
fmt.Printf("%#v\n", v)

childConfMap := make(map[string]goStrongswanVici.ChildSAConf)
    childSAConf := goStrongswanVici.ChildSAConf{
            Local_ts:      []string{"10.10.59.0/24"},
            Remote_ts:     []string{"10.10.40.0/24"},
            ESPProposals:  []string{"aes256-sha256-modp2048"},
            StartAction:   "trap",
    CloseAction:   "restart",
            Mode:          "tunnel",
            ReqID:         "10",
            RekeyTime:     "10m",
            InstallPolicy: "no",
    }
    childConfMap["test-child-conn"] = childSAConf

    localAuthConf := goStrongswanVici.AuthConf{
            AuthMethod: "psk",
    }
    remoteAuthConf := goStrongswanVici.AuthConf{
            AuthMethod: "psk",
    }

ikeConfMap := make(map[string] goStrongswanVici.IKEConf)

    ikeConf := goStrongswanVici.IKEConf{
            LocalAddrs:  []string{"192.168.198.10"},
            RemoteAddrs: []string{"192.168.198.11"},
            Proposals:   []string{"aes256-sha256-modp2048"},
            Version:     "1",
            LocalAuth:   localAuthConf,
            RemoteAuth:  remoteAuthConf,
            Children:    childConfMap,
            Encap:       "no",
    }

ikeConfMap["test-connection"] = ikeConf

//load connenction information into strongswan
    err = client.LoadConn(&ikeConfMap)
    if err != nil {
            fmt.Printf("error loading connection: %v")
            panic(err)
    }

sharedKey := &goStrongswanVici.Key{
            Typ:    "IKE",
            Data:   "this is the key",
            Owners: []string{"192.168.198.10"}, //IP of the remote host
    }

//load shared key into strongswan
    err = client.LoadShared(sharedKey)
    if err != nil {
            fmt.Printf("error returned from loadsharedkey \n")
            panic(err)
    }

//list-conns 
connList, err := client.ListConns("")
if err != nil {
    fmt.Printf("error list-conns: %v \n", err)
}

for _, connection := range connList {
    fmt.Printf("connection map: %v", connection)
}   

// get all conns info from strongswan
connInfo, err := client.ListAllVpnConnInfo()
if err != nil {
    panic(err)
}
fmt.Printf("found %d connections. \n", len(connInfo))

//unload connection from strongswan
unloadConnReq := &goStrongswanVici.UnloadConnRequest{
        Name: "test-connection",
        }
err = client.UnloadConn(unloadConnReq)
if err != nil {
    panic(error)
}

// kill all conns in strongswan
for _, info := range connInfo {
    fmt.Printf("kill connection id %s\n", info.Uniqueid)
    err = client.Terminate(&goStrongswanVici.TerminateRequest{
        Ike_id: info.Uniqueid,
    })
    if err != nil {
        panic(err)
    }
}