k3s/vendor/github.com/bronze1man/goStrongswanVici/README.md
2019-09-27 18:33:04 -07:00

5.4 KiB

strongswan vici golang client

Build Status GoDoc docs examples Total views GitHub issues GitHub stars GitHub forks MIT License

a golang implement of strongswan vici plugin client.

document

Implemented command list

  • version()
  • list-sas()
  • get-shared()
  • terminate()
  • load-conn()
  • load-cert()
  • load-key()
  • load-pool()
  • load-shared()
  • list-conns()
  • unload-conn()
  • unload-shared()

If you need some commands, but it is not here .you can implement yourself, and send a pull request to this project.

Testing

To test the library's functionality, docker-compose is used to spin up strongswan in a separate Docker container.

$ docker-compose up -V
Creating network "gostrongswanvici_default" with the default drive
Creating volume "gostrongswanvici_charondata" with default driver
Creating gostrongswanvici_strongswan_1 ... done
Creating gostrongswanvici_go-test_1    ... done
Attaching to gostrongswanvici_strongswan_1, gostrongswanvici_go-test_1
...
go-test_1     | ok      github.com/RenaultAI/goStrongswanVici   0.017s
gostrongswanvici_go-test_1 exited with code 0

example

package main

import (
	"fmt"
	"github.com/bronze1man/goStrongswanVici"
)

func main(){
    // create a client.
	client, err := goStrongswanVici.NewClientConnFromDefaultSocket()
	if err != nil {
		panic(err)
	}
	defer client.Close()

	// get strongswan version
	v, err := client.Version()
	if err != nil {
		panic(err)
	}
	fmt.Printf("%#v\n", v)

	childConfMap := make(map[string]goStrongswanVici.ChildSAConf)
        childSAConf := goStrongswanVici.ChildSAConf{
                Local_ts:      []string{"10.10.59.0/24"},
                Remote_ts:     []string{"10.10.40.0/24"},
                ESPProposals:  []string{"aes256-sha256-modp2048"},
                StartAction:   "trap",
		CloseAction:   "restart",
                Mode:          "tunnel",
                ReqID:         "10",
                RekeyTime:     "10m",
                InstallPolicy: "no",
        }
        childConfMap["test-child-conn"] = childSAConf

        localAuthConf := goStrongswanVici.AuthConf{
                AuthMethod: "psk",
        }
        remoteAuthConf := goStrongswanVici.AuthConf{
                AuthMethod: "psk",
        }

	ikeConfMap := make(map[string] goStrongswanVici.IKEConf)

        ikeConf := goStrongswanVici.IKEConf{
                LocalAddrs:  []string{"192.168.198.10"},
                RemoteAddrs: []string{"192.168.198.11"},
                Proposals:   []string{"aes256-sha256-modp2048"},
                Version:     "1",
                LocalAuth:   localAuthConf,
                RemoteAuth:  remoteAuthConf,
                Children:    childConfMap,
                Encap:       "no",
        }

	ikeConfMap["test-connection"] = ikeConf

	//load connenction information into strongswan
        err = client.LoadConn(&ikeConfMap)
        if err != nil {
                fmt.Printf("error loading connection: %v")
                panic(err)
        }

	sharedKey := &goStrongswanVici.Key{
                Typ:    "IKE",
                Data:   "this is the key",
                Owners: []string{"192.168.198.10"}, //IP of the remote host
        }

	//load shared key into strongswan
        err = client.LoadShared(sharedKey)
        if err != nil {
                fmt.Printf("error returned from loadsharedkey \n")
                panic(err)
        }

	//list-conns 
	connList, err := client.ListConns("")
	if err != nil {
		fmt.Printf("error list-conns: %v \n", err)
	}

	for _, connection := range connList {
		fmt.Printf("connection map: %v", connection)
	}	

	// get all conns info from strongswan
	connInfo, err := client.ListAllVpnConnInfo()
	if err != nil {
		panic(err)
	}
	fmt.Printf("found %d connections. \n", len(connInfo))

	//unload connection from strongswan
	unloadConnReq := &goStrongswanVici.UnloadConnRequest{
			Name: "test-connection",
			}
	err = client.UnloadConn(unloadConnReq)
	if err != nil {
		panic(err)
	}

	// kill all conns in strongswan
	for _, info := range connInfo {
		fmt.Printf("kill connection id %s\n", info.Uniqueid)
		err = client.Terminate(&goStrongswanVici.TerminateRequest{
			Ike_id: info.Uniqueid,
		})
		if err != nil {
			panic(err)
		}
	}
}