attr-sql plugin¶
The attr-sql is similar to the attr plugin but stores the attributes in an SQL database instead of strongswan.conf.
To enable the plugin, add
--enable-attr-sqlto the ./configure options.
Also required is support for either MySQL (--enable-mysql) or SQLite (--enable-sqlite).
Behavior¶
Configured attributes are assigned to peers via configuration payloads (IKEv2) or via Mode Config (IKEv1). Attributes are only assigned to peers if they request a virtual IP.
Configuration¶
The plugin is configured using the following strongswan.conf options.
| Key | Default | Description |
| libstrongswan.plugins.attr-sql.database | Database URI used by both daemons | |
| libstrongswan.plugins.attr-sql.lease_history | yes | Enable logging of IP pool leases |
Database Setup¶
To setup the database use the schema defined in the following SQL scripts:- MySQL tables source:src/libcharon/plugins/sql/mysql.sql
- SQLite tables source:src/libcharon/plugins/sql/sqlite.sql
These files contain the complete database schema, which includes tables that are only required by the sql plugin.
ipsec pool¶
Attributes stored in the database can be managed using the ipsec pool utility.