SQLite HOWTO¶
SQLite tables defined in source:testing/hosts/default/etc/ipsec.d/tables.sql
TABLE identities¶
type defined in source:src/libstrongswan/utils/identification.h#L58
| 0 | ID_ANY | matches any id | rightid=%any |
| 1 | ID_IPV4_ADDR | IPv4 address | rightid=192.168.0.1 |
| 2 | ID_FQDN | fully qualified domain name | rightid=@moon.strongswan.org |
| 3 | ID_RFC822_ADDR | RFC822 email address | rightid=carol@strongswan.org |
| 5 | ID_IPV6_ADDR | IPv6 address | rightid=fec0::1 |
| 9 | ID_DER_ASN1_DN | ASN.1 distinguished name | rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" |
| 11 | ID_KEY_ID | opaque octet string | rightid=@#e5e410876c2ac4bead854942a6de7658303a9fc1 |
ID_ANY: scripts/id2sql "%any"
INSERT INTO identities ( type, data ) VALUES ( 0, X_ );
ID_IPV4_ADDR: scripts/id2sql "192.168.0.1"
INSERT INTO identities ( type, data ) VALUES ( 1, X'c0a80001' );
ID_FQDN: scripts/id2sql "@moon.strongswan.org"
INSERT INTO identities ( type, data ) VALUES ( 2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267' );
ID_RFC822_ADDR: scripts/id2sql "carol@strongswan.org"
INSERT INTO identities ( type, data ) VALUES ( 3, X'6361726f6c407374726f6e677377616e2e6f7267' );
ID_IPV6_ADDR: scripts/id2sql "fec0::1"
INSERT INTO identities ( type, data ) VALUES ( 5, X'fec00000000000000000000000000001' );
ID_DER_ASN1_DN: scripts/id2sql "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
INSERT INTO identities ( type, data ) VALUES ( 9, X'3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f7267' );
ID_KEY_ID: scripts/id2sql "@#e5:e4:10:87:6c:2a:c4:be:ad:85:49:42:a6:de:76:58:30:3a:9f:c1"
INSERT INTO identities ( type, data ) VALUES ( 11, X'e5e410876c2ac4bead854942a6de7658303a9fc1' );
ID_PUBKEY_INFO_SHA1: scripts/key2keyid < moonKey.der
INSERT INTO identities ( type, data ) VALUES ( 11, X'd70dbd46d5133519064f12f100525ead0802ca95' );
ID_PUBKEY_SHA1: scripts/key2keyid < moonKey.der
INSERT INTO identities ( type, data ) VALUES ( 11, X'e5e410876c2ac4bead854942a6de7658303a9fc1' );
TABLE private_keys¶
type defined in source:src/libstrongswan/credentials/keys/public_key.h#L35
| 1 | KEY_RSA | RSA key in PKCS!#1 format |
| 2 | KEY_ECDSA | ECDSA key in ANSI X9.62 format |
TABLE certificates¶
type defined in source:src/libstrongswan/credentials/certificates/certificate.h#L35
| 1 | CERT_X509 | X.509 certificate |
| 2 | CERT_X509_CRL | X.509 certificate revocation list |
| 5 | CERT_X509_AC | X.509 attribute certificate |
| 6 | CERT_TRUSTED_PUBKEY | trusted public key |
TABLE shared_secrets¶
type defined in source:src/libstrongswan/credentials/keys/shared_key.h#L33
| 1 | SHARED_IKE | : PSK <secret> |
| 2 | SHARED_EAP | : EAP <secret> |
| 3 | SHARED_PRIVATE_KEY_PASS | : RSA <keyfile> <secret> |
| 4 | SHARED_PIN | : PIN <secret> |
TABLE peer_configs¶
auth_method defined in source:src/libstrongswan/credentials/auth_cfg.h#L31
| 0 | AUTH_CLASS_ANY | any or no authentication method | authby=never |
| 1 | AUTH_CLASS_PUBKEY | authentication using public key | authby=rsasig, authby=ecdsasig |
| 2 | AUTH_CLASS_PSK | authentication using pre-shared secret | authby=psk |
| 3 | AUTH_CLASS_EAP | authentication using EAP | authby=eap |
eap_type defined in source:src/libstrongswan/eap/eap.h#L51
| 4 | EAP_MD5 |
| 6 | EAP_GTC |
| 13 | EAP_TLS |
| 18 | EAP_SIM |
| 21 | EAP_TTLS |
| 23 | EAP_AKA |
| 26 | EAP_MSCHAPV2 |
| 38 | EAP_TNC |
| 253 | EAP_RADIUS |
TABLE child_configs¶
start_action, dpd_action, and close_action defined in source:src/libcharon/config/child_cfg.h#L34
| 0 | ACTION_NONE | no action or clear |
| 1 | ACTION_ROUTE | install or retain an ipsec policy |
| 2 | ACTION_RESTART | start or restart a CHILD_SA |
IPsec mode defined in source:src/libhydra/kernel/kernel_ipsec.h#L40
| 1 | TRANSPORT | IPsec transport mode |
| 2 | TUNNEL | IPsec tunnel mode |
| 3 | BEET | IPsec beet mode |
| 4 | PASS | Shunt PASS policy |
| 5 | DROP | Shunt DROP policy |
TABLE traffic_selectors¶
type defined in source:src/libstrongswan/selectors/traffic_selector.h#L35
| 7 | TS_IPV4_ADDR_RANGE |
| 8 | TS_IPV6_ADDR_RANGE |