Annotation of embedaddon/strongswan/src/libcharon/plugins/vici/perl/Vici-Session/README.pod, revision 1.1.1.1
1.1 misho 1:
2: =head1 NAME
3:
4: Vici::Session - Perl binding for the strongSwan VICI configuration interface
5:
6: =head1 DESCRIPTION
7:
8: The Vici::Session module allows a Perl script to communicate with the open
9: source strongSwan IPsec daemon (https://www.strongswan.org) via the documented
10: Versatile IKE Configuration Interface (VICI). VICI allows the configuration,
11: management and monitoring of multiple IPsec connections.
12:
13: =head1 INSTALLATION
14:
15: To install this module type the following:
16:
17: perl Makefile.PL
18: make
19: make install
20:
21: =head1 DEPENDENCIES
22:
23: This module requires the standard networking module:
24:
25: IO::Socket::UNIX
26:
27: =head1 METHODS
28:
29: The following examples show the use of the Vici::Session interface in a
30: a "net-net" connection between the VPN gateways "moon" and "sun".
31:
32: =cut
33:
34: use strict;
35: use warnings;
36: use IO::Socket::UNIX;
37: use Vici::Message;
38: use Vici::Session;
39:
40: my $moon_key = "-----BEGIN RSA PRIVATE KEY-----\n" .
41: "MIIEowIBAAKCAQEApHwF+sUXQdH+WwYzdPMzpjuwhGGvHgsmBah1IQsPsddL9gZy" .
42: "gerzpTM1vvQ4kbRuvE3SZWLf9uKEbiQV9IABr87L9JAva56EHIAiUMuG8WizVbIK" .
43: "IhQlZc8S2mIwAW0Jc6EmnoJv9j6F/tVD9+6xvMJbwHLi0h7BUO9tBVLPy72YeGNB" .
44: "Y6Cob4CrOuFOJyACezJ7i9vZ+XzOfnXpu7qL0DgYP/n2maPEJGEivTFunkJD/mJ8" .
45: "DecyLTQcchsCj2118BMuf2qjVn4UWPCBBuhyYK5wsATB1ANeAtlFfgH+wsuHjZwt" .
46: "TJru05lGHBZ3F2hZ9PO68hVHbIZZj6SB8X47nwIDAQABAoIBAAQDXqX6rxGVDQ6t" .
47: "fQ3qbSUuKaVhOMOT5A6ZSJpQycY+CYVsLNkMoXszX6lUDhlH/Letcme03OAKMM77" .
48: "JGn9wYzHj+RcrDuE95Y2bh/oh1dWhaGeoW6pbSwpvD0FzkQKpANlOCr/5bltVxmb" .
49: "nHftI/sGBvUQGIal53ORE+jgV1+SK6I0oAIWiCpU2oZpYMAtp7WxOngsAJaGtk//" .
50: "m2ckH+T8uVHwe9gJ9HZnEk+Io6BXScMNNrsbd2J+pQ75wQXfzHEzHAj+ElhWzhtc" .
51: "5XefqHw/DfpPDX/lby3VoSoagqzsVuUx7LylgzIDxTsb9HQVOLjDzOQ+vn22Xj7g" .
52: "UCEjwLkCgYEA2EZguuzJdxRIWBSnIyzpCzfqm0EgybpeLuJVfzWla0yKWI6AeLhW" .
53: "cr+7o9UE8nCQHVffIrgjWksjc/S5FhzC9TYSHpPa8TPgebTQK4VxnP9Qkh/XRpJj" .
54: "CqgJ8k2MYleHYxa+AKQv/25yNhLdowkNR0iU1kbiaYRJMP0WigAmdAUCgYEAwrJe" .
55: "Y3LAawOkalJFMFTtLXsqZE91TFwMt9TQnzysGH3Q6+9N+qypS5KCes650+qgrwBV" .
56: "RmRNc1ixylToP3B0BKY5OD/BwMx1L/zSO3x7I4ZDasCu33y2ukGLcVSxrxTPTGdd" .
57: "8fhEiVO1CDXcM08/kSeQa049J8ziY3M+4NDchlMCgYEAw2VCO1923Tjb64gtQOBw" .
58: "ZAxOz5nVz6urL9yYted33is2yq9kbqzMnbuQAYKRh6Ae9APRuwJ2HjvIehjdp5aw" .
59: "pO4HDM00f7sI0ayEbu2PKfKZjotp6X6UMKqE4f8iGC9QSDvhyZ6NJs9YLHZ6+7NP" .
60: "5dkzbyx3njFAFxxxYpikJSkCgYByShB8YlUvvKCcRRUWbRQZWa6l2brqizJwCz43" .
61: "636+lcS5au2klAyBL0zm2Elfa+DNOe3U93Y7mrorIrJ+4v1H6We3bD3JdnvoIooq" .
62: "n0UNsngKx3cf++6r4WQAsA3pz9ZsbFVKgEmDL58aZbuQZxnSlJ4DT5c4sN3IMVOc" .
63: "1x5MvwKBgHudAaLvioIopBpYzOsK2OtEn6NQ7SwH0BLEUulHysaHqan5oExmM1bm" .
64: "YeivMDc9hj0YLXA47ryQHTx4vB5Nv3TI/LoUG6VrCvZvocQOXe/n7TguwAjJj7ef" .
65: "E55Gy8lXDRENyJMP1vif3N2iH8eQ1ASf8k/+gnBNkjSlYSSQUDfV\n" .
66: "-----END RSA PRIVATE KEY-----\n";
67:
68: my $moon_cert = "-----BEGIN CERTIFICATE-----\n" .
69: "MIIEIjCCAwqgAwIBAgIBKzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
70: "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
71: "b290IENBMB4XDTE0MDgyNzE0NDQ1NloXDTE5MDgyNjE0NDQ1NlowRjELMAkGA1UE" .
72: "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u" .
73: "c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk" .
74: "fAX6xRdB0f5bBjN08zOmO7CEYa8eCyYFqHUhCw+x10v2BnKB6vOlMzW+9DiRtG68" .
75: "TdJlYt/24oRuJBX0gAGvzsv0kC9rnoQcgCJQy4bxaLNVsgoiFCVlzxLaYjABbQlz" .
76: "oSaegm/2PoX+1UP37rG8wlvAcuLSHsFQ720FUs/LvZh4Y0FjoKhvgKs64U4nIAJ7" .
77: "MnuL29n5fM5+dem7uovQOBg/+faZo8QkYSK9MW6eQkP+YnwN5zItNBxyGwKPbXXw" .
78: "Ey5/aqNWfhRY8IEG6HJgrnCwBMHUA14C2UV+Af7Cy4eNnC1Mmu7TmUYcFncXaFn0" .
79: "87ryFUdshlmPpIHxfjufAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE" .
80: "AwIDqDAdBgNVHQ4EFgQU2CY9Iex8275aOQxbcMsDgCHerhMwbQYDVR0jBGYwZIAU" .
81: "XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK" .
82: "ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC" .
83: "AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr" .
84: "BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u" .
85: "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCpnj6Nc+PuPLPi" .
86: "4E3g5hyJkr5VZy7SSglcs1uyVP2mfwj6JR9SLd5+JOsL1aCTm0y9qLcqdbHBxG8i" .
87: "LNLtwVKU3s1hV4EIO3saHe4XUEjxN9bDtLWEoeq5ipmYX8RJ/fXKR8/8vurBARP2" .
88: "xu1+wqwEhymp4jBmF0LVovT1+o+GhH66zIJnx3zR9BtfMkaeL6804hrx2ygeopeo" .
89: "buGvMDQ8HcnMB9OU7Y8fK0oY1kULl6hf36K5ApPA6766sRRKRvBSKlmViKSQTq5a" .
90: "4c8gCWAZbtdT+N/fa8hKDlZt5q10EgjTqDfGTj50xKvAneq7XdfKmYYGnIWoNLY9" .
91: "ga8NOzX8\n" .
92: "-----END CERTIFICATE-----\n";
93:
94: my $ca_cert = "-----BEGIN CERTIFICATE-----\n" .
95: "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ" .
96: "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS" .
97: "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE" .
98: "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u" .
99: "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y" .
100: "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f" .
101: "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc" .
102: "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/" .
103: "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5" .
104: "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr" .
105: "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG" .
106: "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j" .
107: "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw" .
108: "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv" .
109: "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in" .
110: "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n" .
111: "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y" .
112: "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si" .
113: "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa" .
114: "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n" .
115: "-----END CERTIFICATE-----\n" ;
116:
117: =pod
118:
119: The VICI interface requires a UNIX socket in order to communicate with the
120: strongSwan charon daemon:
121:
122: use IO::Socket::UNIX;
123:
124: my $socket = IO::Socket::UNIX->new(
125: Type => SOCK_STREAM,
126: Peer => '/var/run/charon.vici',
127: ) or die "Vici socket: $!";
128:
129: =cut
130:
131: my $socket = IO::Socket::UNIX->new(
132: Type => SOCK_STREAM,
133: Peer => '/var/run/charon.vici',
134: ) or die "Vici socket: $!";
135:
136: =over
137:
138: =item new()
139:
140: creates a new Vici::Session object.
141:
142: use Vici::Session;
143: use Vici::Message;
144:
145: my $session = Vici::Session->new($socket);
146:
147: =cut
148:
149: my $session = Vici::Session->new($socket);
150:
151: =item version()
152:
153: returns daemon and system specific version information.
154:
155: my $version = $session->version();
156:
157: =cut
158:
159: print "----- version -----\n";
160: my $version = $session->version();
161: print $version->raw(), "\n";
162:
163: =item load_cert()
164:
165: loads a certificate into the daemon.
166:
167: my %vars = ( type => 'X509', flag => 'CA', data => $ca_cert );
168: my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
169:
170: =cut
171:
172: print "----- load-cert -----\n";
173: my %vars = ( type => 'X509', flag => 'CA', data => $ca_cert );
174: my ($res, $errmsg) = $session->load_cert(Vici::Message->new(\%vars));
175: print $res ? "ok\n" : "failed: $errmsg\n";
176:
177: =item load_key()
178:
179: loads a private key into the daemon.
180:
181: my %vars = ( type => 'RSA', data => $moon_key );
182: my ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
183:
184: =cut
185:
186: print "----- load-key -----\n";
187: %vars = ( type => 'RSA', data => $moon_key );
188: ($res, $errmsg) = $session->load_key(Vici::Message->new(\%vars));
189: print $res ? "ok\n" : "failed: $errmsg\n";
190:
191: =item load_shared()
192:
193: loads a shared IKE PSK, EAP or XAuth secret into the daemon.
194:
195: my @owners = ( 'carol' );
196: my %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
197: my ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
198:
199: =cut
200:
201: print "----- load-shared -----\n";
202: my @owners = ( 'carol' );
203: %vars = ( type => 'EAP', data => 'Ar3etTnp', owners => \@owners );
204: ($res, $errmsg) = $session->load_shared(Vici::Message->new(\%vars));
205: print $res ? "ok\n" : "failed: $errmsg\n";
206:
207: =item load_authority()
208:
209: loads a single certification authority definition into the daemon. An existing
210: authority with the same name gets replaced.
211:
212: my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
213: my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
214:
215: my %auth = (
216: cacert => $ca_cert,
217: crl_uris => \@crl_uris,
218: ocsp_uris => \@ocsp_uris
219: );
220:
221: my %vars = ( strongswan => \%auth );
222: my ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
223:
224: =cut
225:
226: print "----- load-authority -----\n";
227: my @crl_uris = ( 'http://crl.strongswan.org/strongswan.crl' );
228: my @ocsp_uris = ( 'http://ocsp.strongswan.org:8880' );
229: my %auth = (
230: cacert => $ca_cert,
231: crl_uris => \@crl_uris,
232: ocsp_uris => \@ocsp_uris
233: );
234: %vars = ( strongswan => \%auth );
235: ($res, $errmsg) = $session->load_authority(Vici::Message->new(\%vars));
236: print $res ? "ok\n" : "failed: $errmsg\n";
237:
238: =item load_conn()
239:
240: loads a single connection definition into the daemon. An existing connection
241: with the same name gets updated or replaced.
242:
243: my @l_ts = ( '10.1.0.0/16' );
244: my @r_ts = ( '10.2.0.0/16' );
245: my @esp = ( 'aes128gcm128-modp3072' );
246:
247: my %child = (
248: local_ts => \@l_ts,
249: remote_ts => \@r_ts,
250: esp_proposals => \@esp,
251: );
252: my %children = ( 'net-net' => \%child );
253:
254: my @l_addrs = ( '192.168.0.1' );
255: my @r_addrs = ( '192.168.0.2' );
256: my @l_certs = ( $moon_cert );
257: my %l = ( auth => 'pubkey', id => 'moon.strongswan.org',
258: certs => \@l_certs );
259: my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
260: my @ike = ( 'aes128-sha256-modp3072' );
261:
262: my %gw = (
263: version => 2,
264: mobike => 'no',
265: proposals => \@ike,
266: local_addrs => \@l_addrs,
267: remote_addrs => \@r_addrs,
268: local => \%l,
269: remote => \%r,
270: children => \%children,
271: );
272:
273: my %vars = ( 'gw-gw' => \%gw);
274: my ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
275:
276: =cut
277:
278: print "----- load-conn -----\n";
279: my @l_ts = ( '10.1.0.0/16' );
280: my @r_ts = ( '10.2.0.0/16' );
281: my @esp = ( 'aes128gcm128-modp3072' );
282: my %child = (
283: local_ts => \@l_ts,
284: remote_ts => \@r_ts,
285: esp_proposals => \@esp,
286: );
287: my %children = ( 'net-net' => \%child );
288: my @l_addrs = ( '192.168.0.1' );
289: my @r_addrs = ( '192.168.0.2' );
290: my @l_certs = ( $moon_cert );
291: my %l = ( auth => 'pubkey', id => 'moon.strongswan.org', certs => \@l_certs );
292: my %r = ( auth => 'pubkey', id => 'sun.strongswan.org');
293: my @ike = ( 'aes128-sha256-modp3072' );
294: my %gw = (
295: version => 2,
296: mobike => 'no',
297: proposals => \@ike,
298: local_addrs => \@l_addrs,
299: remote_addrs => \@r_addrs,
300: local => \%l,
301: remote => \%r,
302: children => \%children,
303: );
304: %vars = ( 'gw-gw' => \%gw);
305: ($res, $errmsg) = $session->load_conn(Vici::Message->new(\%vars));
306: print $res ? "ok\n" : "failed: $errmsg\n";
307:
308: =item get_algorithms()
309:
310: lists all currently loaded algorithms and their implementation.
311:
312: my $algs = $session->get_algorithms();
313:
314: =cut
315:
316: print "----- get-algorithms -----\n";
317: my $algs = $session->get_algorithms();
318: print $algs->raw(), "\n";
319:
320: =item get_conns()
321:
322: returns a list of connection names loaded exclusively over VICI, not including
323: connections found in other backends.
324:
325: my $conns = $session->get_conns();
326:
327: =cut
328:
329: print "----- get-conns -----\n";
330: my $conns = $session->get_conns();
331: print $conns->raw(), "\n";
332:
333: =item list_conns()
334:
335: lists currently loaded connections by streaming list-conn events. This
336: call includes all connections known by the daemon, not only those loaded
337: over VICI.
338:
339: my $conns = $session->list_conns();
340:
341: foreach my $conn (@$conns)
342: {
343: print $conn->raw(), "\n";
344: }
345:
346: =cut
347:
348: print "----- list-conns -----\n";
349: $conns = $session->list_conns();
350: foreach my $conn (@$conns)
351: {
352: print $conn->raw(), "\n";
353: }
354:
355: =item initiate()
356:
357: initiates a CHILD_SA.
358:
359: my %vars = ( child => 'net-net' );
360: my($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
361:
362: =cut
363:
364: print "----- initiate -----\n";
365: %vars = ( child => 'net-net' );
366: ($res, $errmsg) = $session->initiate(Vici::Message->new(\%vars));
367: print $res ? "ok\n" : "failed: $errmsg\n";
368:
369: =item list_sas()
370:
371: lists currently active IKE_SAs and associated CHILD_SAs by streaming list-sa
372: events.
373:
374: my $sas = $session->list_sas();
375:
376: foreach my $sa (@$sas)
377: {
378: print $sa->raw(), "\n";
379: }
380:
381: =cut
382:
383: print "----- list-sas -----\n";
384: my $sas = $session->list_sas();
385: foreach my $sa (@$sas)
386: {
387: print $sa->raw(), "\n";
388: }
389:
390: =item get_authorities()
391:
392: returns a list of currently loaded certification authority names.
393:
394: my $auths = $session->get_authorities();
395:
396: =cut
397:
398: print "----- get-authorities -----\n";
399: my $auths = $session->get_authorities();
400: print $auths->raw(), "\n";
401:
402: =item list-authorities()
403:
404: lists currently loaded certification authority information by streaming
405: list-authority events.
406:
407: my $auths = $session->list_authorities();
408:
409: foreach my $auth (@$auths)
410: {
411: print $auth->raw(), "\n";
412: }
413:
414: =cut
415:
416: print "----- list-authorities -----\n";
417: $auths = $session->list_authorities();
418: foreach my $auth (@$auths)
419: {
420: print $auth->raw(), "\n";
421: }
422:
423: =item list_certs()
424:
425: lists currently loaded certificates by streaming list-cert events. This
426: call includes all certificates known by the daemon, not only those loaded
427: over VICI.
428:
429: my %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
430: my $certs = $session->list_certs(Vici::Message->new(\%vars));
431:
432: =cut
433:
434: print "----- list-certs -----\n";
435: %vars = ( subject => 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' );
436: my $certs = $session->list_certs(Vici::Message->new(\%vars));
437: foreach my $cert (@$certs)
438: {
439: my $hash = $cert->hash();
440: print $hash->{'type'}, ": ", length($hash->{'data'}), ' bytes',
441: $hash->{'has_privkey'} ? ', has private key' : '', "\n";
442: }
443:
444: =item stats()
445:
446: returns IKE daemon statistics and load information.
447:
448: my $stats = $session->stats();
449:
450: =cut
451:
452: print "----- stats -----\n";
453: my $stats = $session->stats();
454: print $stats->raw(), "\n";
455:
456: =item terminate()
457:
458: terminates an IKE_SA or CHILD_SA.
459:
460: my %vars = ( ike => 'gw-gw' );
461: my ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
462:
463: =cut
464:
465: print "----- terminate -----\n";
466: %vars = ( ike => 'gw-gw' );
467: ($res, $errmsg) = $session->terminate(Vici::Message->new(\%vars));
468: print $res ? "ok\n" : "failed: $errmsg\n";
469:
470: =item install()
471:
472: installs a trap, drop or bypass policy defined by a CHILD_SA config.
473:
474: my %vars = ( child => 'net-net' );
475: my ($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
476:
477: =cut
478:
479: print "----- install -----\n";
480: %vars = ( child => 'net-net' );
481: ($res, $errmsg) = $session->install(Vici::Message->new(\%vars));
482: print $res ? "ok\n" : "failed: $errmsg\n";
483:
484: =item list_policies()
485:
486: lists currently installed trap, drop and bypass policies by streaming
487: list-policy events.
488:
489: my %vars = ( trap => 'yes' );
490: my $pols = $session->list_policies(Vici::Message->new(\%vars));
491:
492: foreach my $pol (@$pols)
493: {
494: print $pol->raw(), "\n";
495: }
496:
497: =cut
498:
499: print "----- list-policies -----\n";
500: %vars = ( trap => 'yes' );
501: my $pols = $session->list_policies(Vici::Message->new(\%vars));
502: foreach my $pol (@$pols)
503: {
504: print $pol->raw(), "\n";
505: }
506:
507: =item uninstall()
508:
509: uninstalls a trap, drop or bypass policy defined by a CHILD_SA config.
510:
511: my %vars = ( child => 'net-net' );
512: my ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
513:
514: =cut
515:
516: print "----- uninstall -----\n";
517: %vars = ( child => 'net-net' );
518: ($res, $errmsg) = $session->uninstall(Vici::Message->new(\%vars));
519: print $res ? "ok\n" : "failed: $errmsg\n";
520:
521: =item reload_settings()
522:
523: reloads strongswan.conf settings and all plugins supporting configuration
524: reload.
525:
526: my ($res, $errmsg) = $session->reload_settings();
527: print $res ? "ok\n" : "failed: $errmsg\n";
528:
529: =cut
530:
531: print "----- reload-settings -----\n";
532: ($res, $errmsg) = $session->reload_settings();
533: print $res ? "ok\n" : "failed: $errmsg\n";
534:
535: =item unload_conn()
536:
537: unloads a previously loaded connection definition by name.
538:
539: my %vars = ( name => 'gw-gw' );
540: my ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
541:
542: =cut
543:
544: print "----- unload-conn -----\n";
545: %vars = ( name => 'gw-gw' );
546: ($res, $errmsg) = $session->unload_conn(Vici::Message->new(\%vars));
547: print $res ? "ok\n" : "failed: $errmsg\n";
548:
549: =item unload_authority()
550:
551: unloads a previously loaded certification authority definition by name.
552:
553: my %vars = ( name => 'strongswan' );
554: my ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
555:
556: =cut
557:
558: print "----- unload-authority -----\n";
559: %vars = ( name => 'strongswan' );
560: ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
561: print $res ? "ok\n" : "failed: $errmsg\n";
562:
563: =item flush_certs()
564:
565: flushes the volatile certificate cache. Optionally only a given certificate
566: type is flushed.
567:
568: my %vars = ( type => 'x509_crl' );
569: my ($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
570:
571: =cut
572:
573: print "----- flush-certs -----\n";
574: %vars = ( type => 'x509_crl' );
575: ($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
576: print $res ? "ok\n" : "failed: $errmsg\n";
577:
578: =item clear_creds()
579:
580: clears all loaded certificate, private key and shared key credentials. This
581: affects only credentials loaded over vici, but additionally flushes the
582: credential cache.
583:
584: my ($res, $errmsg) = $session->clear_creds();
585:
586: =cut
587:
588: print "----- clear-creds -----\n";
589: ($res, $errmsg) = $session->clear_creds();
590: print $res ? "ok\n" : "failed: $errmsg\n";
591:
592: =item load_pool()
593:
594: loads an in-memory virtual IP and configuration attribute pool. Existing
595: pools with the same name get updated, if possible.
596:
597: my %pool = ( addrs => '10.3.0.0/23' );
598: my %vars = ( my_pool => \%pool );
599: my ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
600:
601: =cut
602:
603: print "----- load-pool -----\n";
604: my %pool = ( addrs => '10.3.0.0/23' );
605: %vars = ( my_pool => \%pool );
606: ($res, $errmsg) = $session->load_pool(Vici::Message->new(\%vars));
607: print $res ? "ok\n" : "failed: $errmsg\n";
608:
609: =item get_pools()
610:
611: lists the currently loaded pools.
612:
613: my $pools = $session->get_pools();
614:
615: =cut
616:
617: print "----- get-pools -----\n";
618: my $pools = $session->get_pools();
619: print $pools->raw(), "\n";
620:
621: =item unload_pool()
622:
623: unloads a previously loaded virtual IP and configuration attribute pool.
624: Unloading fails for pools with leases currently online.
625:
626: my %vars = ( name => 'my_pool' );
627: my ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
628:
629: =cut
630:
631: print "----- unload-pool -----\n";
632: %vars = ( name => 'my_pool' );
633: ($res, $errmsg) = $session->unload_pool(Vici::Message->new(\%vars));
634: print $res ? "ok\n" : "failed: $errmsg\n";
635:
636: =back
637:
638: =cut
639:
640: # close vici socket
641: close($socket);
642:
643: =head1 COPYRIGHT AND LICENCE
644:
645: Copyright (c) 2015 Andreas Steffen
646:
647: Permission is hereby granted, free of charge, to any person obtaining a copy
648: of this software and associated documentation files (the "Software"), to deal
649: in the Software without restriction, including without limitation the rights
650: to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
651: copies of the Software, and to permit persons to whom the Software is
652: furnished to do so, subject to the following conditions:
653:
654: The above copyright notice and this permission notice shall be included in
655: all copies or substantial portions of the Software.
656:
657: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
658: IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
659: FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
660: AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
661: LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
662: OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
663: THE SOFTWARE.
664:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>