Project

General

Profile

charon-systemd » History » Version 1

Martin Willi, 12.09.2014 13:12

1 1 Martin Willi
h1. charon-systemd
2 1 Martin Willi
3 1 Martin Willi
The _charon-systemd_ daemon implements the IKE daemon very similar to _charon_, but is specifically designed for use with _systemd_. It uses the _systemd_ libraries for a native integration and comes with a simple _systemd_ service file.
4 1 Martin Willi
5 1 Martin Willi
Instead of using [[IpsecStarter|starter]] and an [[IpsecConf|ipsec.conf]] based configuration, the daemon is directly managed by _systemd_ and configured with the [[swanctl]] configuration backend. [[IpsecConf|ipsec.conf]] based configurations are not supported with that daemon, as that would require the [[IpsecStarter|starter]] process.
6 1 Martin Willi
7 1 Martin Willi
To build the daemon, add
8 1 Martin Willi
<pre>--enable-systemd --enable-swanctl</pre> to the [[InstallationDocumentation|./configure options]].
9 1 Martin Willi
10 1 Martin Willi
To disable [[IpsecStarter|starter]], [[IpsecCommand|ipsec]] and the [[IpsecStroke|stroke]] backend, additionally add
11 1 Martin Willi
<pre>--disable-stroke --disable-scepclient</pre> to build a lightweight and clean IKE daemon using modern tools.
12 1 Martin Willi
13 1 Martin Willi
The _systemd_ unit file directory is detected automatically using _pkg-config_, but may be set manually using the @--with-systemdsystemunitdir=@ option.
14 1 Martin Willi
15 1 Martin Willi
It is available since [[5.2.1]].
16 1 Martin Willi
17 1 Martin Willi
h2. Behavior
18 1 Martin Willi
19 1 Martin Willi
_charon-systemd_ gets installed as native _systemd_ daemon, and should be started and stopped using _systemctl_. The _reload_ command reloads [[strongswanConf|strongswan.conf]].
20 1 Martin Willi
21 1 Martin Willi
After startup, _systemd_ uses [[swanctl]] to load the _swanctl_ based configuration, including connections, pools and credentials.
22 1 Martin Willi
23 1 Martin Willi
h2. Configuration
24 1 Martin Willi
25 1 Martin Willi
To configure configurations and connections, refer to the [[swanctl]] backend documentation. _charon-systemd_ requires the use of a [[swanctl]] based configuration.
26 1 Martin Willi
27 1 Martin Willi
h2. Logging
28 1 Martin Willi
29 1 Martin Willi
By default the _charon-systemd_ backend logs to the _systemd_ journal, use _journalctl_ to inspect the log. Loglevels can be configured very similar to the other charon [[LoggerConfiguration|logger configuration]], but using a _journal_ section:
30 1 Martin Willi
31 1 Martin Willi
<pre>
32 1 Martin Willi
charon-systemd {
33 1 Martin Willi
  journal {
34 1 Martin Willi
    default = 1
35 1 Martin Willi
    ike = 2
36 1 Martin Willi
    knl = 3
37 1 Martin Willi
    # ...
38 1 Martin Willi
  }
39 1 Martin Willi
}
40 1 Martin Willi
</pre>Of course one may define traditional _syslog_ and _filelog_ loggers in the _strongswan.conf_ _charon-systemd_ section, refer to [[LoggerConfiguration]] for details. To disable the _journal_ logger, set @default = -1@ to make it silent.
41 1 Martin Willi
42 1 Martin Willi
The _journal_ based logger provides some additional metadata in custom _journal_ fields:
43 1 Martin Willi
44 1 Martin Willi
|_Field_|_Description_|
45 1 Martin Willi
|LEVEL|numerical strongSwan log level|
46 1 Martin Willi
|GROUP|logging subsystem string|
47 1 Martin Willi
|THREAD|numerical thread identifier issuing the journal entry|
48 1 Martin Willi
|IKE_SA_UNIQUE_ID|IKE_SA unique identifier, if available|
49 1 Martin Willi
|IKE_SA_NAME|name of the IKE_SA configuration, if available|
50 1 Martin Willi
51 1 Martin Willi
The _MESSAGE_ field contains the log message, _MESSAGE_ID_ uses a unique identifier specific to each log message type.