Annotation of embedaddon/strongswan/src/libcharon/plugins/vici/perl/Vici-Session/README.pod, revision 1.1
1.1 ! misho 1:
! 2: =head1 NAME
! 3:
! 4: Vici::Session - Perl binding for the strongSwan VICI configuration interface
! 5:
! 6: =head1 DESCRIPTION
! 7:
! 8: The Vici::Session module allows a Perl script to communicate with the open
! 9: source strongSwan IPsec daemon (https://www.strongswan.org) via the documented
! 10: Versatile IKE Configuration Interface (VICI). VICI allows the configuration,
! 11: management and monitoring of multiple IPsec connections.
! 12:
! 13: =head1 INSTALLATION
! 14:
! 15: To install this module type the following:
! 16:
! 17: perl Makefile.PL
! 18: make
! 19: make install
! 20:
! 21: =head1 DEPENDENCIES
! 22:
! 23: This module requires the standard networking module:
! 24:
! 25: IO::Socket::UNIX
! 26:
! 27: =head1 METHODS
! 28:
! 29: The following examples show the use of the Vici::Session interface in a
! 30: a "net-net" connection between the VPN gateways "moon" and "sun".
! 31:
! 32: =cut
! 33:
! 34: use strict;
! 35: use warnings;
! 36: use IO::Socket::UNIX;
! 37: use Vici::Message;
! 38: use Vici::Session;
! 39:
! 40: my $moon_key = "-----BEGIN RSA PRIVATE KEY-----\n" .
! 41: "MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy" .
! 42: "gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK" .
! 43: "IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB" .
! 44: "Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8" .
! 45: "DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt" .
! 46: "TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t" .
! 47: "fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77" .
! 48: "JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb" .
! 49: "nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//" .
! 50: "m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc" .
! 51: "5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g" .
! 52: "UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW" .
! 53: "cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj" .
! 54: "CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe" .
! 55: "Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV" .
! 56: "RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd" .
! 57: "8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw" .
! 58: "ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw" .
! 59: "pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP" .
! 60: "5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43" .
! 61: "636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq" .
! 62: "n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc" .
! 63: "1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm" .
! 64: "YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef" .
! 65: "E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV\n" .
! 66: "-----END RSA PRIVATE KEY-----\n";
! 67:
! 68: my $moon_cert = "-----BEGIN CERTIFICATE-----\n" .
! 69: "MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
! 70: "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
! 71: "b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE" .
! 72: "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u" .
! 73: "c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk" .
! 74: "fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68" .
! 75: "TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz" .
! 76: "oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7" .
! 77: "MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw" .
! 78: "Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0" .
! 79: "87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE" .
! 80: "AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU" .
! 81: "XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK" .
! 82: "ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC" .
! 83: "AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr" .
! 84: "BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u" .
! 85: "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi" .
! 86: "4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i" .
! 87: "LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2" .
! 88: "xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo" .
! 89: "buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a" .
! 90: "4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9" .
! 91: "ga8NOzX8\n" .
! 92: "-----END CERTIFICATE-----\n";
! 93:
! 94: my $ca_cert = "-----BEGIN CERTIFICATE-----\n" .
! 95: "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
! 96: "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
! 97: "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE" .
! 98: "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u" .
! 99: "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y" .
! 100: "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f" .
! 101: "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc" .
! 102: "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/" .
! 103: "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5" .
! 104: "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr" .
! 105: "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG" .
! 106: "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j" .
! 107: "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw" .
! 108: "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv" .
! 109: "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in" .
! 110: "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n" .
! 111: "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y" .
! 112: "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si" .
! 113: "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa" .
! 114: "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n" .
! 115: "-----END CERTIFICATE-----\n" ;
! 116:
! 117: =pod
! 118:
! 119: The VICI interface requires a UNIX socket in order to communicate with the
! 120: strongSwan charon daemon:
! 121:
! 122: use IO::Socket::UNIX;
! 123:
! 124: my $socket = IO::Socket::UNIX->new(
! 125: Type => SOCK_STREAM,
! 126: Peer => '/var/run/charon.vici',
! 127: ) or die "Vici socket: $!";
! 128:
! 129: =cut
! 130:
! 131: my $socket = IO::Socket::UNIX->new(
! 132: Type => SOCK_STREAM,
! 133: Peer => '/var/run/charon.vici',
! 134: ) or die "Vici socket: $!";
! 135:
! 136: =over
! 137:
! 138: =item new()
! 139:
! 140: creates a new Vici::Session object.
! 141:
! 142: use Vici::Session;
! 143: use Vici::Message;
! 144:
! 145: my $session = Vici::Session->new($socket);
! 146:
! 147: =cut
! 148:
! 149: my $session = Vici::Session->new($socket);
! 150:
! 151: =item version()
! 152:
! 153: returns daemon and system specific version information.
! 154:
! 155: my $version = $session->version();
! 156:
! 157: =cut
! 158:
! 159: print "----- version -----\n";
! 160: my $version = $session->version();
! 161: print $version->raw(), "\n";
! 162:
! 163: =item load_cert()
! 164:
! 165: loads a certificate into the daemon.
! 166:
! 167: my %vars = ( type => 'X509', flag => 'CA', data => $ca_cert );
! 168: my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
! 169:
! 170: =cut
! 171:
! 172: print "----- load-cert -----\n";
! 173: my %vars = ( type => 'X509', flag => 'CA', data => $ca_cert );
! 174: my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
! 175: print $res ? "ok\n" : "failed: $errmsg\n";
! 176:
! 177: =item load_key()
! 178:
! 179: loads a private key into the daemon.
! 180:
! 181: my %vars = ( type => 'RSA', data => $moon_key );
! 182: my ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
! 183:
! 184: =cut
! 185:
! 186: print "----- load-key -----\n";
! 187: %vars = ( type => 'RSA', data => $moon_key );
! 188: ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
! 189: print $res ? "ok\n" : "failed: $errmsg\n";
! 190:
! 191: =item load_shared()
! 192:
! 193: loads a shared IKE PSK, EAP or XAuth secret into the daemon.
! 194:
! 195: my @owners = ( 'carol' );
! 196: my %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
! 197: my ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
! 198:
! 199: =cut
! 200:
! 201: print "----- load-shared -----\n";
! 202: my @owners = ( 'carol' );
! 203: %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
! 204: ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
! 205: print $res ? "ok\n" : "failed: $errmsg\n";
! 206:
! 207: =item load_authority()
! 208:
! 209: loads a single certification authority definition into the daemon. An existing
! 210: authority with the same name gets replaced.
! 211:
! 212: my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
! 213: my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
! 214:
! 215: my %auth = (
! 216: cacert => $ca_cert,
! 217: crl_uris => \@crl_uris,
! 218: ocsp_uris => \@ocsp_uris
! 219: );
! 220:
! 221: my %vars = ( strongswan => \%auth );
! 222: my ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
! 223:
! 224: =cut
! 225:
! 226: print "----- load-authority -----\n";
! 227: my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
! 228: my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
! 229: my %auth = (
! 230: cacert => $ca_cert,
! 231: crl_uris => \@crl_uris,
! 232: ocsp_uris => \@ocsp_uris
! 233: );
! 234: %vars = ( strongswan => \%auth );
! 235: ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
! 236: print $res ? "ok\n" : "failed: $errmsg\n";
! 237:
! 238: =item load_conn()
! 239:
! 240: loads a single connection definition into the daemon. An existing connection
! 241: with the same name gets updated or replaced.
! 242:
! 243: my @l_ts = ( '10.1.0.0/16' );
! 244: my @r_ts = ( '10.2.0.0/16' );
! 245: my @esp = ( 'aes128gcm128-modp3072' );
! 246:
! 247: my %child = (
! 248: local_ts => \@l_ts,
! 249: remote_ts => \@r_ts,
! 250: esp_proposals => \@esp,
! 251: );
! 252: my %children = ( 'net-net' => \%child );
! 253:
! 254: my @l_addrs = ( '192.168.0.1' );
! 255: my @r_addrs = ( '192.168.0.2' );
! 256: my @l_certs = ( $moon_cert );
! 257: my %l = ( auth => 'pubkey', id => 'moon.strongswan.org',
! 258: certs => \@l_certs );
! 259: my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
! 260: my @ike = ( 'aes128-sha256-modp3072' );
! 261:
! 262: my %gw = (
! 263: version => 2,
! 264: mobike => 'no',
! 265: proposals => \@ike,
! 266: local_addrs => \@l_addrs,
! 267: remote_addrs => \@r_addrs,
! 268: local => \%l,
! 269: remote => \%r,
! 270: children => \%children,
! 271: );
! 272:
! 273: my %vars = ( 'gw-gw' => \%gw);
! 274: my ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
! 275:
! 276: =cut
! 277:
! 278: print "----- load-conn -----\n";
! 279: my @l_ts = ( '10.1.0.0/16' );
! 280: my @r_ts = ( '10.2.0.0/16' );
! 281: my @esp = ( 'aes128gcm128-modp3072' );
! 282: my %child = (
! 283: local_ts => \@l_ts,
! 284: remote_ts => \@r_ts,
! 285: esp_proposals => \@esp,
! 286: );
! 287: my %children = ( 'net-net' => \%child );
! 288: my @l_addrs = ( '192.168.0.1' );
! 289: my @r_addrs = ( '192.168.0.2' );
! 290: my @l_certs = ( $moon_cert );
! 291: my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', certs => \@l_certs );
! 292: my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
! 293: my @ike = ( 'aes128-sha256-modp3072' );
! 294: my %gw = (
! 295: version => 2,
! 296: mobike => 'no',
! 297: proposals => \@ike,
! 298: local_addrs => \@l_addrs,
! 299: remote_addrs => \@r_addrs,
! 300: local => \%l,
! 301: remote => \%r,
! 302: children => \%children,
! 303: );
! 304: %vars = ( 'gw-gw' => \%gw);
! 305: ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
! 306: print $res ? "ok\n" : "failed: $errmsg\n";
! 307:
! 308: =item get_algorithms()
! 309:
! 310: lists all currently loaded algorithms and their implementation.
! 311:
! 312: my $algs = $session->get_algorithms();
! 313:
! 314: =cut
! 315:
! 316: print "----- get-algorithms -----\n";
! 317: my $algs = $session->get_algorithms();
! 318: print $algs->raw(), "\n";
! 319:
! 320: =item get_conns()
! 321:
! 322: returns a list of connection names loaded exclusively over VICI, not including
! 323: connections found in other backends.
! 324:
! 325: my $conns = $session->get_conns();
! 326:
! 327: =cut
! 328:
! 329: print "----- get-conns -----\n";
! 330: my $conns = $session->get_conns();
! 331: print $conns->raw(), "\n";
! 332:
! 333: =item list_conns()
! 334:
! 335: lists currently loaded connections by streaming list-conn events. This
! 336: call includes all connections known by the daemon, not only those loaded
! 337: over VICI.
! 338:
! 339: my $conns = $session->list_conns();
! 340:
! 341: foreach my $conn (@$conns)
! 342: {
! 343: print $conn->raw(), "\n";
! 344: }
! 345:
! 346: =cut
! 347:
! 348: print "----- list-conns -----\n";
! 349: $conns = $session->list_conns();
! 350: foreach my $conn (@$conns)
! 351: {
! 352: print $conn->raw(), "\n";
! 353: }
! 354:
! 355: =item initiate()
! 356:
! 357: initiates a CHILD_SA.
! 358:
! 359: my %vars = ( child => 'net-net' );
! 360: my($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
! 361:
! 362: =cut
! 363:
! 364: print "----- initiate -----\n";
! 365: %vars = ( child => 'net-net' );
! 366: ($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
! 367: print $res ? "ok\n" : "failed: $errmsg\n";
! 368:
! 369: =item list_sas()
! 370:
! 371: lists currently active IKE_SAs and associated CHILD_SAs by streaming list-sa
! 372: events.
! 373:
! 374: my $sas = $session->list_sas();
! 375:
! 376: foreach my $sa (@$sas)
! 377: {
! 378: print $sa->raw(), "\n";
! 379: }
! 380:
! 381: =cut
! 382:
! 383: print "----- list-sas -----\n";
! 384: my $sas = $session->list_sas();
! 385: foreach my $sa (@$sas)
! 386: {
! 387: print $sa->raw(), "\n";
! 388: }
! 389:
! 390: =item get_authorities()
! 391:
! 392: returns a list of currently loaded certification authority names.
! 393:
! 394: my $auths = $session->get_authorities();
! 395:
! 396: =cut
! 397:
! 398: print "----- get-authorities -----\n";
! 399: my $auths = $session->get_authorities();
! 400: print $auths->raw(), "\n";
! 401:
! 402: =item list-authorities()
! 403:
! 404: lists currently loaded certification authority information by streaming
! 405: list-authority events.
! 406:
! 407: my $auths = $session->list_authorities();
! 408:
! 409: foreach my $auth (@$auths)
! 410: {
! 411: print $auth->raw(), "\n";
! 412: }
! 413:
! 414: =cut
! 415:
! 416: print "----- list-authorities -----\n";
! 417: $auths = $session->list_authorities();
! 418: foreach my $auth (@$auths)
! 419: {
! 420: print $auth->raw(), "\n";
! 421: }
! 422:
! 423: =item list_certs()
! 424:
! 425: lists currently loaded certificates by streaming list-cert events. This
! 426: call includes all certificates known by the daemon, not only those loaded
! 427: over VICI.
! 428:
! 429: my %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
! 430: my $certs = $session->list_certs(Vici::Message->new(\%vars));
! 431:
! 432: =cut
! 433:
! 434: print "----- list-certs -----\n";
! 435: %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
! 436: my $certs = $session->list_certs(Vici::Message->new(\%vars));
! 437: foreach my $cert (@$certs)
! 438: {
! 439: my $hash = $cert->hash();
! 440: print $hash->{'type'}, ": ", length($hash->{'data'}), ' bytes',
! 441: $hash->{'has_privkey'} ? ', has private key' : '', "\n";
! 442: }
! 443:
! 444: =item stats()
! 445:
! 446: returns IKE daemon statistics and load information.
! 447:
! 448: my $stats = $session->stats();
! 449:
! 450: =cut
! 451:
! 452: print "----- stats -----\n";
! 453: my $stats = $session->stats();
! 454: print $stats->raw(), "\n";
! 455:
! 456: =item terminate()
! 457:
! 458: terminates an IKE_SA or CHILD_SA.
! 459:
! 460: my %vars = ( ike => 'gw-gw' );
! 461: my ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
! 462:
! 463: =cut
! 464:
! 465: print "----- terminate -----\n";
! 466: %vars = ( ike => 'gw-gw' );
! 467: ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
! 468: print $res ? "ok\n" : "failed: $errmsg\n";
! 469:
! 470: =item install()
! 471:
! 472: installs a trap, drop or bypass policy defined by a CHILD_SA config.
! 473:
! 474: my %vars = ( child => 'net-net' );
! 475: my ($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
! 476:
! 477: =cut
! 478:
! 479: print "----- install -----\n";
! 480: %vars = ( child => 'net-net' );
! 481: ($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
! 482: print $res ? "ok\n" : "failed: $errmsg\n";
! 483:
! 484: =item list_policies()
! 485:
! 486: lists currently installed trap, drop and bypass policies by streaming
! 487: list-policy events.
! 488:
! 489: my %vars = ( trap => 'yes' );
! 490: my $pols = $session->list_policies(Vici::Message->new(\%vars));
! 491:
! 492: foreach my $pol (@$pols)
! 493: {
! 494: print $pol->raw(), "\n";
! 495: }
! 496:
! 497: =cut
! 498:
! 499: print "----- list-policies -----\n";
! 500: %vars = ( trap => 'yes' );
! 501: my $pols = $session->list_policies(Vici::Message->new(\%vars));
! 502: foreach my $pol (@$pols)
! 503: {
! 504: print $pol->raw(), "\n";
! 505: }
! 506:
! 507: =item uninstall()
! 508:
! 509: uninstalls a trap, drop or bypass policy defined by a CHILD_SA config.
! 510:
! 511: my %vars = ( child => 'net-net' );
! 512: my ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
! 513:
! 514: =cut
! 515:
! 516: print "----- uninstall -----\n";
! 517: %vars = ( child => 'net-net' );
! 518: ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
! 519: print $res ? "ok\n" : "failed: $errmsg\n";
! 520:
! 521: =item reload_settings()
! 522:
! 523: reloads strongswan.conf settings and all plugins supporting configuration
! 524: reload.
! 525:
! 526: my ($res, $errmsg) = $session->reload_settings();
! 527: print $res ? "ok\n" : "failed: $errmsg\n";
! 528:
! 529: =cut
! 530:
! 531: print "----- reload-settings -----\n";
! 532: ($res, $errmsg) = $session->reload_settings();
! 533: print $res ? "ok\n" : "failed: $errmsg\n";
! 534:
! 535: =item unload_conn()
! 536:
! 537: unloads a previously loaded connection definition by name.
! 538:
! 539: my %vars = ( name => 'gw-gw' );
! 540: my ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
! 541:
! 542: =cut
! 543:
! 544: print "----- unload-conn -----\n";
! 545: %vars = ( name => 'gw-gw' );
! 546: ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
! 547: print $res ? "ok\n" : "failed: $errmsg\n";
! 548:
! 549: =item unload_authority()
! 550:
! 551: unloads a previously loaded certification authority definition by name.
! 552:
! 553: my %vars = ( name => 'strongswan' );
! 554: my ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
! 555:
! 556: =cut
! 557:
! 558: print "----- unload-authority -----\n";
! 559: %vars = ( name => 'strongswan' );
! 560: ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
! 561: print $res ? "ok\n" : "failed: $errmsg\n";
! 562:
! 563: =item flush_certs()
! 564:
! 565: flushes the volatile certificate cache. Optionally only a given certificate
! 566: type is flushed.
! 567:
! 568: my %vars = ( type => 'x509_crl' );
! 569: my ($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
! 570:
! 571: =cut
! 572:
! 573: print "----- flush-certs -----\n";
! 574: %vars = ( type => 'x509_crl' );
! 575: ($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
! 576: print $res ? "ok\n" : "failed: $errmsg\n";
! 577:
! 578: =item clear_creds()
! 579:
! 580: clears all loaded certificate, private key and shared key credentials. This
! 581: affects only credentials loaded over vici, but additionally flushes the
! 582: credential cache.
! 583:
! 584: my ($res, $errmsg) = $session->clear_creds();
! 585:
! 586: =cut
! 587:
! 588: print "----- clear-creds -----\n";
! 589: ($res, $errmsg) = $session->clear_creds();
! 590: print $res ? "ok\n" : "failed: $errmsg\n";
! 591:
! 592: =item load_pool()
! 593:
! 594: loads an in-memory virtual IP and configuration attribute pool. Existing
! 595: pools with the same name get updated, if possible.
! 596:
! 597: my %pool = ( addrs => '10.3.0.0/23' );
! 598: my %vars = ( my_pool => \%pool );
! 599: my ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
! 600:
! 601: =cut
! 602:
! 603: print "----- load-pool -----\n";
! 604: my %pool = ( addrs => '10.3.0.0/23' );
! 605: %vars = ( my_pool => \%pool );
! 606: ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
! 607: print $res ? "ok\n" : "failed: $errmsg\n";
! 608:
! 609: =item get_pools()
! 610:
! 611: lists the currently loaded pools.
! 612:
! 613: my $pools = $session->get_pools();
! 614:
! 615: =cut
! 616:
! 617: print "----- get-pools -----\n";
! 618: my $pools = $session->get_pools();
! 619: print $pools->raw(), "\n";
! 620:
! 621: =item unload_pool()
! 622:
! 623: unloads a previously loaded virtual IP and configuration attribute pool.
! 624: Unloading fails for pools with leases currently online.
! 625:
! 626: my %vars = ( name => 'my_pool' );
! 627: my ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
! 628:
! 629: =cut
! 630:
! 631: print "----- unload-pool -----\n";
! 632: %vars = ( name => 'my_pool' );
! 633: ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
! 634: print $res ? "ok\n" : "failed: $errmsg\n";
! 635:
! 636: =back
! 637:
! 638: =cut
! 639:
! 640: # close vici socket
! 641: close($socket);
! 642:
! 643: =head1 COPYRIGHT AND LICENCE
! 644:
! 645: Copyright (c) 2015 Andreas Steffen
! 646:
! 647: Permission is hereby granted, free of charge, to any person obtaining a copy
! 648: of this software and associated documentation files (the "Software"), to deal
! 649: in the Software without restriction, including without limitation the rights
! 650: to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
! 651: copies of the Software, and to permit persons to whom the Software is
! 652: furnished to do so, subject to the following conditions:
! 653:
! 654: The above copyright notice and this permission notice shall be included in
! 655: all copies or substantial portions of the Software.
! 656:
! 657: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
! 658: IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
! 659: FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
! 660: AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
! 661: LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
! 662: OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
! 663: THE SOFTWARE.
! 664:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to README.pod CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / vici / perl / Vici-Session