Project

General

Profile

SQL configuration and credential plugin » History » Version 10

Tobias Brunner, 18.10.2018 15:07

1 5 Martin Willi
h1. SQL configuration and credential plugin
2 1 Martin Willi
3 1 Martin Willi
4 5 Martin Willi
The SQL plugin for [[charon]] allows to store the complete connection configuration in a relational database. Further, the daemon reads credentials, such as certificates, private keys or passwords from the database to do all kind of authentication. Logging to the database is also possible.
5 5 Martin Willi
6 5 Martin Willi
h2. Status
7 1 Martin Willi
8 10 Tobias Brunner
The SQL plugin is still experimental and in developement (source:src/libcharon/plugins/sql). It currently works on top of MySQL/MariaDB (_mysql_ plugin) or SQLite (_sqlite_ plugin).
9 5 Martin Willi
10 10 Tobias Brunner
There is currently no frontend to configure the database.
11 5 Martin Willi
12 5 Martin Willi
h2. Database setup
13 1 Martin Willi
14 9 Tobias Brunner
There are some SQL scripts to help you in the database setup (more information on the tables and values can be found [[SQLite|here]]):
15 8 Tobias Brunner
* MySQL tables source:src/pool/mysql.sql
16 8 Tobias Brunner
* SQLite tables source:src/pool/sqlite.sql
17 8 Tobias Brunner
* Test data e.g. source:testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql (there are others in source:testing/tests/sql)
18 1 Martin Willi
19 5 Martin Willi
20 5 Martin Willi
h2. Configuration
21 5 Martin Willi
22 1 Martin Willi
Make sure to build strongSwan with the appropriate modules:
23 5 Martin Willi
<pre>
24 4 Martin Willi
 ./configure --enable-sql --enable-mysql --enable-sqlite [...]
25 5 Martin Willi
</pre>
26 1 Martin Willi
27 6 Tobias Brunner
The plugin uses [[strongswanConf|strongswan.conf]] for database configuration:
28 5 Martin Willi
<pre>
29 1 Martin Willi
charon {
30 1 Martin Willi
  plugins {
31 1 Martin Willi
    sql {
32 1 Martin Willi
      database = mysql://user:pass@localhost/database
33 7 Tobias Brunner
      # or using sqlite:
34 7 Tobias Brunner
      # database = sqlite:///etc/ipsec.d/ipsec.db
35 1 Martin Willi
    }
36 1 Martin Willi
  }
37 1 Martin Willi
}
38 5 Martin Willi
</pre>