strongSwan Manager » History » Version 10

Version 9 (Martin Willi, 15.09.2007 12:39) → Version 10/27 (Martin Willi, 26.09.2007 16:28)

= strongSwan Manager =

'''strongSwan Manager''' is a web application which interacts with the IKEv2 daemon [wiki:charon] via an XML interface running the [wiki:SMP] information query and control protocol.

'''''strongSwan Manager is still under heavy development and not intended for production use! '''''

== Building strongSwan Manager ==

The manager is based on a FastCGI application and uses the !ClearSilver templating engine to build the web sites. Thus you will need
* !ClearSilver including headers (Debian: clearsilver-dev)
* FastCGI headers and library (Debian: libfcgi-dev)
* SQLite3 with headers (Debian: libsqlite3-dev)

The FastCGI communicates through a Unix socket, which is group-writable. So the FastCGI user has to be in the group under which the daemon runs.
As you don't want to add that user to group 0, it's highly recommended to run strongSwan as [wiki:nonRoot non-root] user. Create a user and a group for that purpose:
groupadd vpn
useradd -g vpn vpn

To build the manager, add the following options to ./configure
--enable-xml --enable-manager --with-uid=`id -u vpn` --with-gid=`id -g vpn`

== Setting up Apache 2 ==
As the manager uses FastCGI, any web server may be used to host the application. Here we look at the configuration of Apache2 using ''mod-fastcgi''.

In addition to the Apache2 web server itself, you'll need
* mod-fastcgi (Debian: libapach2-mod-fastcgi)

Make sure to enable the new module and that the following fastcgi option is set (e.g. in mods-enabled/fastcgi.conf):
AddHandler fastcgi-script .fcgi
Static files are directly served by Apache, everything else is served by the FastCGI application. Add these two lines to your website:
Alias /manager/static /usr/local/libexec/ipsec/templates/static
ScriptAlias /manager /usr/local/libexec/ipsec/manager.fcgi
Adapt these paths according to your ''--prefix'' or ''--libexecdir'' [wiki:InstallationDocumentation installation] settings.

Now you'll need to add the FastCGI user to group which is used by strongSwan:

usermod -a -G vpn www-data
This setup is only recommended if you don't run other websites, as it allows the apache user to control strongSwan. You really should consider a more
secure setup (e.g. separate user for Manager, suexec, etc.p)!

== Logging in ==

Now you can surf to
The shipped configuration allows you to log in using ''strongSwan'' with the password ''strongi''.

Charon currently listens on TCP port 4502, so
choose that configuration for now.