Project

General

Profile

strongSwan Manager » History » Version 10

Martin Willi, 26.09.2007 16:28

1 2 Martin Willi
= strongSwan Manager =
2 1 Martin Willi
3 7 Martin Willi
'''strongSwan Manager''' is a web application which interacts with the IKEv2 daemon [wiki:charon] via an XML interface running the [wiki:SMP] information query and control protocol.
4 1 Martin Willi
5 7 Martin Willi
6 7 Martin Willi
[[Image(htdocs:manager.png)]]
7 1 Martin Willi
----
8 7 Martin Willi
'''''strongSwan Manager is still under heavy development and not intended for production use! '''''
9 1 Martin Willi
----
10 1 Martin Willi
11 8 Martin Willi
== Building strongSwan Manager ==
12 1 Martin Willi
13 9 Martin Willi
The manager is based on a FastCGI application and uses the !ClearSilver templating engine to build the web sites. Thus you will need
14 1 Martin Willi
 * !ClearSilver including headers (Debian: clearsilver-dev)
15 1 Martin Willi
 * FastCGI headers and library (Debian: libfcgi-dev)
16 1 Martin Willi
 * SQLite3 with headers (Debian: libsqlite3-dev)
17 1 Martin Willi
18 10 Martin Willi
The FastCGI communicates through a Unix socket, which is group-writable. So the FastCGI user has to be in the group under which the daemon runs.
19 10 Martin Willi
As you don't want to add that user to group 0, it's highly recommended to run strongSwan as [wiki:nonRoot non-root] user. Create a user and a group for that purpose:
20 10 Martin Willi
{{{
21 10 Martin Willi
groupadd vpn
22 10 Martin Willi
useradd -g vpn vpn
23 10 Martin Willi
}}}
24 10 Martin Willi
25 1 Martin Willi
To build the manager, add the following options to ./configure
26 1 Martin Willi
{{{
27 10 Martin Willi
--enable-xml --enable-manager --with-uid=`id -u vpn` --with-gid=`id -g vpn`
28 1 Martin Willi
}}}
29 5 Martin Willi
30 1 Martin Willi
== Setting up Apache 2 ==
31 8 Martin Willi
As the manager uses FastCGI, any web server may be used to host the application. Here we look at the configuration of Apache2 using ''mod-fastcgi''.
32 1 Martin Willi
33 8 Martin Willi
In addition to the Apache2 web server itself, you'll need
34 1 Martin Willi
 * mod-fastcgi (Debian: libapach2-mod-fastcgi)
35 1 Martin Willi
36 1 Martin Willi
Make sure to enable the new module and that the following fastcgi option is set (e.g. in mods-enabled/fastcgi.conf):
37 1 Martin Willi
{{{
38 1 Martin Willi
AddHandler fastcgi-script .fcgi
39 1 Martin Willi
}}}
40 8 Martin Willi
Static files are directly served by Apache, everything else is served by the FastCGI application. Add these two lines to your website:
41 1 Martin Willi
{{{
42 3 Martin Willi
Alias /manager/static /usr/local/libexec/ipsec/templates/static
43 1 Martin Willi
ScriptAlias /manager /usr/local/libexec/ipsec/manager.fcgi
44 1 Martin Willi
}}}
45 1 Martin Willi
Adapt these paths according to your ''--prefix'' or ''--libexecdir'' [wiki:InstallationDocumentation installation] settings.
46 10 Martin Willi
47 10 Martin Willi
Now you'll need to add the FastCGI user to group which is used by strongSwan:
48 10 Martin Willi
{{{
49 10 Martin Willi
usermod -a -G vpn www-data
50 10 Martin Willi
}}}
51 10 Martin Willi
This setup is only recommended if you don't run other websites, as it allows the apache user to control strongSwan. You really should consider a more
52 10 Martin Willi
secure setup (e.g. separate user for Manager, suexec, etc.p)!
53 10 Martin Willi
54 1 Martin Willi
== Logging in ==
55 1 Martin Willi
56 1 Martin Willi
Now you can surf to 
57 1 Martin Willi
{{{
58 1 Martin Willi
http://host/manager/status/ikesalist
59 6 Martin Willi
}}}
60 10 Martin Willi
The shipped configuration allows you to log in using ''strongSwan'' with the password ''strongi''.