Project

General

Profile

SQLite HOWTO

The database schema for SQLite, as used by the sql and attr-sql plugins, is defined in source:src/pool/sqlite.sql.

TABLE identities

type defined in source:src/libstrongswan/utils/identification.h#L58

0 ID_ANY matches any id rightid=%any
1 ID_IPV4_ADDR IPv4 address rightid=192.168.0.1
2 ID_FQDN fully qualified domain name rightid=@moon.strongswan.org
3 ID_RFC822_ADDR RFC822 email address rightid=
5 ID_IPV6_ADDR IPv6 address rightid=fec0::1
9 ID_DER_ASN1_DN ASN.1 distinguished name rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
11 ID_KEY_ID opaque octet string rightid=@#e5e410876c2ac4bead854942a6de7658303a9fc1

ID_ANY: scripts/id2sql "%any"

INSERT INTO identities (
  type, data
) VALUES (
  0, X_
);

ID_IPV4_ADDR: scripts/id2sql "192.168.0.1"

INSERT INTO identities (
  type, data
) VALUES (
  1, X'c0a80001'
);

ID_FQDN: scripts/id2sql "moon.strongswan.org"

INSERT INTO identities (
  type, data
) VALUES (
  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
);

ID_RFC822_ADDR: scripts/id2sql "carol@strongswan.org"

INSERT INTO identities (
  type, data
) VALUES (
  3, X'6361726f6c407374726f6e677377616e2e6f7267'
);

ID_IPV6_ADDR: scripts/id2sql "fec0::1"

INSERT INTO identities (
  type, data
) VALUES (
  5, X'fec00000000000000000000000000001'
);

ID_DER_ASN1_DN: scripts/id2sql "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"

INSERT INTO identities (
  type, data
) VALUES (
  9, X'3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f7267'
);

ID_KEY_ID: scripts/id2sql "#e5:e4:10:87:6c:2a:c4:be:ad:85:49:42:a6:de:76:58:30:3a:9f:c1"@

INSERT INTO identities (
  type, data
) VALUES (
  11, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
);

ID_PUBKEY_INFO_SHA1: scripts/key2keyid < moonKey.der

INSERT INTO identities (
  type, data
) VALUES (
  11, X'd70dbd46d5133519064f12f100525ead0802ca95'
);

ID_PUBKEY_SHA1: scripts/key2keyid < moonKey.der

INSERT INTO identities (
  type, data
) VALUES (
  11, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
);

TABLE private_keys

type defined in source:src/libstrongswan/credentials/keys/public_key.h#L33

1 KEY_RSA RSA key in PKCS#1 format
2 KEY_ECDSA ECDSA key in ANSI X9.62 format

TABLE certificates

type defined in source:src/libstrongswan/credentials/certificates/certificate.h#L33

1 CERT_X509 X.509 certificate
2 CERT_X509_CRL X.509 certificate revocation list
5 CERT_X509_AC X.509 attribute certificate
6 CERT_TRUSTED_PUBKEY trusted public key

TABLE shared_secrets

type defined in source:src/libstrongswan/credentials/keys/shared_key.h#L30

1 SHARED_IKE : PSK <secret>
2 SHARED_EAP : EAP <secret>
3 SHARED_PRIVATE_KEY_PASS : RSA <keyfile> <secret>
4 SHARED_PIN : PIN <secret>

TABLE peer_configs

auth_method defined in source:src/libstrongswan/credentials/auth_cfg.h#L31

0 AUTH_CLASS_ANY any or no authentication method authby=never
1 AUTH_CLASS_PUBKEY authentication using public key authby=pubkey
2 AUTH_CLASS_PSK authentication using pre-shared secret authby=psk
3 AUTH_CLASS_EAP authentication using EAP authby=eap
4 AUTH_CLASS_XAUTH authentication using XAuth authby=xauth

eap_type defined in source:src/libstrongswan/eap/eap.h#L52

4 EAP_MD5
6 EAP_GTC
13 EAP_TLS
18 EAP_SIM
21 EAP_TTLS
23 EAP_AKA
26 EAP_MSCHAPV2
38 EAP_TNC
253 EAP_RADIUS

TABLE child_configs

start_action, dpd_action, and close_action defined in source:src/libcharon/config/child_cfg.h#L34

0 ACTION_NONE no action or clear
1 ACTION_ROUTE install or retain an ipsec policy
2 ACTION_RESTART start or restart a CHILD_SA

IPsec mode defined in source:src/libstrongswan/ipsec/ipsec_types.h#L35

1 TRANSPORT IPsec transport mode
2 TUNNEL IPsec tunnel mode
3 BEET IPsec beet mode
4 PASS Shunt PASS policy
5 DROP Shunt DROP policy

TABLE traffic_selectors

type defined in source:src/libstrongswan/selectors/traffic_selector.h#L32

7 TS_IPV4_ADDR_RANGE
8 TS_IPV6_ADDR_RANGE

kind defined in source:src/libcharon/plugins/sql/sql_config.c#L56

0 Local TS
1 Remote TS
2 Local Dynamic TS
3 Remote Dynamic TS