mirror of https://github.com/k3s-io/k3s
README.md
strongswan vici golang client
a golang implement of strongswan vici plugin client.
document
- http://godoc.org/github.com/bronze1man/goStrongswanVici
- https://github.com/strongswan/strongswan/tree/master/src/libcharon/plugins/vici
Implemented command list
- version()
- list-sas()
- get-shared()
- terminate()
- load-conn()
- load-cert()
- load-key()
- load-pool()
- load-shared()
- list-conns()
- unload-conn()
- unload-shared()
If you need some commands, but it is not here .you can implement yourself, and send a pull request to this project.
Testing
To test the library's functionality, docker-compose is used to spin up strongswan in a separate Docker container.
$ docker-compose up -V
Creating network "gostrongswanvici_default" with the default drive
Creating volume "gostrongswanvici_charondata" with default driver
Creating gostrongswanvici_strongswan_1 ... done
Creating gostrongswanvici_go-test_1 ... done
Attaching to gostrongswanvici_strongswan_1, gostrongswanvici_go-test_1
...
go-test_1 | ok github.com/RenaultAI/goStrongswanVici 0.017s
gostrongswanvici_go-test_1 exited with code 0
example
package main
import (
"fmt"
"github.com/bronze1man/goStrongswanVici"
)
func main(){
// create a client.
client, err := goStrongswanVici.NewClientConnFromDefaultSocket()
if err != nil {
panic(err)
}
defer client.Close()
// get strongswan version
v, err := client.Version()
if err != nil {
panic(err)
}
fmt.Printf("%#v\n", v)
childConfMap := make(map[string]goStrongswanVici.ChildSAConf)
childSAConf := goStrongswanVici.ChildSAConf{
Local_ts: []string{"10.10.59.0/24"},
Remote_ts: []string{"10.10.40.0/24"},
ESPProposals: []string{"aes256-sha256-modp2048"},
StartAction: "trap",
CloseAction: "restart",
Mode: "tunnel",
ReqID: "10",
RekeyTime: "10m",
InstallPolicy: "no",
}
childConfMap["test-child-conn"] = childSAConf
localAuthConf := goStrongswanVici.AuthConf{
AuthMethod: "psk",
}
remoteAuthConf := goStrongswanVici.AuthConf{
AuthMethod: "psk",
}
ikeConfMap := make(map[string] goStrongswanVici.IKEConf)
ikeConf := goStrongswanVici.IKEConf{
LocalAddrs: []string{"192.168.198.10"},
RemoteAddrs: []string{"192.168.198.11"},
Proposals: []string{"aes256-sha256-modp2048"},
Version: "1",
LocalAuth: localAuthConf,
RemoteAuth: remoteAuthConf,
Children: childConfMap,
Encap: "no",
}
ikeConfMap["test-connection"] = ikeConf
//load connenction information into strongswan
err = client.LoadConn(&ikeConfMap)
if err != nil {
fmt.Printf("error loading connection: %v")
panic(err)
}
sharedKey := &goStrongswanVici.Key{
Typ: "IKE",
Data: "this is the key",
Owners: []string{"192.168.198.10"}, //IP of the remote host
}
//load shared key into strongswan
err = client.LoadShared(sharedKey)
if err != nil {
fmt.Printf("error returned from loadsharedkey \n")
panic(err)
}
//list-conns
connList, err := client.ListConns("")
if err != nil {
fmt.Printf("error list-conns: %v \n", err)
}
for _, connection := range connList {
fmt.Printf("connection map: %v", connection)
}
// get all conns info from strongswan
connInfo, err := client.ListAllVpnConnInfo()
if err != nil {
panic(err)
}
fmt.Printf("found %d connections. \n", len(connInfo))
//unload connection from strongswan
unloadConnReq := &goStrongswanVici.UnloadConnRequest{
Name: "test-connection",
}
err = client.UnloadConn(unloadConnReq)
if err != nil {
panic(err)
}
// kill all conns in strongswan
for _, info := range connInfo {
fmt.Printf("kill connection id %s\n", info.Uniqueid)
err = client.Terminate(&goStrongswanVici.TerminateRequest{
Ike_id: info.Uniqueid,
})
if err != nil {
panic(err)
}
}
}