Project

General

Profile

SQLite HOWTO » History » Version 21

Andreas Steffen, 28.06.2011 18:00
corrected definition

1 9 Martin Willi
h1. SQLite HOWTO
2 9 Martin Willi
3 12 Tobias Brunner
SQLite tables defined in source:testing/hosts/default/etc/ipsec.d/tables.sql
4 1 Martin Willi
5 1 Martin Willi
6 9 Martin Willi
h2. TABLE identities
7 1 Martin Willi
8 12 Tobias Brunner
*type* defined in source:src/libstrongswan/utils/identification.h#L58
9 1 Martin Willi
10 15 Andreas Steffen
|  0|ID_ANY              |matches any id                       |rightid=%any                                             |
11 15 Andreas Steffen
|  1|ID_IPV4_ADDR        |IPv4 address                         |rightid=192.168.0.1                                      |
12 15 Andreas Steffen
|  2|ID_FQDN             |fully qualified domain name          |rightid=@moon.strongswan.org                             |
13 15 Andreas Steffen
|  3|ID_RFC822_ADDR      |RFC822 email address                 |rightid=carol@strongswan.org                             |
14 15 Andreas Steffen
|  5|ID_IPV6_ADDR        |IPv6 address                         |rightid=fec0::1                                          |
15 15 Andreas Steffen
|  9|ID_DER_ASN1_DN      |ASN.1 distinguished name             |rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" |
16 15 Andreas Steffen
| 11|ID_KEY_ID           |opaque octet string                  |rightid=@#e5e410876c2ac4bead854942a6de7658303a9fc1       |
17 1 Martin Willi
18 9 Martin Willi
*ID_ANY*: scripts/id2sql "%any"
19 1 Martin Willi
20 9 Martin Willi
<pre>
21 1 Martin Willi
INSERT INTO identities (
22 6 Martin Willi
  type, data
23 6 Martin Willi
) VALUES (
24 9 Martin Willi
  0, X_
25 12 Tobias Brunner
);
26 9 Martin Willi
</pre>
27 1 Martin Willi
28 9 Martin Willi
*ID_IPV4_ADDR*: scripts/id2sql "192.168.0.1"
29 6 Martin Willi
30 9 Martin Willi
<pre>
31 6 Martin Willi
INSERT INTO identities (
32 6 Martin Willi
  type, data
33 1 Martin Willi
) VALUES (
34 1 Martin Willi
  1, X'c0a80001'
35 12 Tobias Brunner
);
36 9 Martin Willi
</pre>
37 7 Martin Willi
38 9 Martin Willi
*ID_FQDN*: scripts/id2sql "@moon.strongswan.org"
39 6 Martin Willi
40 9 Martin Willi
<pre>
41 1 Martin Willi
INSERT INTO identities (
42 1 Martin Willi
  type, data
43 6 Martin Willi
) VALUES (
44 6 Martin Willi
  2, X'6d6f6f6e2e7374726f6e677377616e2e6f7267'
45 12 Tobias Brunner
);
46 9 Martin Willi
</pre>
47 1 Martin Willi
48 9 Martin Willi
*ID_RFC822_ADDR*: scripts/id2sql "carol@strongswan.org"
49 1 Martin Willi
50 9 Martin Willi
<pre>
51 6 Martin Willi
INSERT INTO identities (
52 6 Martin Willi
  type, data
53 6 Martin Willi
) VALUES (
54 1 Martin Willi
  3, X'6361726f6c407374726f6e677377616e2e6f7267'
55 12 Tobias Brunner
);
56 9 Martin Willi
</pre>
57 6 Martin Willi
58 9 Martin Willi
*ID_IPV6_ADDR*: scripts/id2sql "fec0::1"
59 6 Martin Willi
60 9 Martin Willi
<pre>
61 1 Martin Willi
INSERT INTO identities (
62 1 Martin Willi
  type, data
63 1 Martin Willi
) VALUES (
64 6 Martin Willi
  5, X'fec00000000000000000000000000001'
65 12 Tobias Brunner
);
66 9 Martin Willi
</pre>
67 6 Martin Willi
68 9 Martin Willi
*ID_DER_ASN1_DN*: scripts/id2sql "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
69 1 Martin Willi
70 9 Martin Willi
<pre>
71 1 Martin Willi
INSERT INTO identities (
72 1 Martin Willi
  type, data
73 1 Martin Willi
) VALUES (
74 1 Martin Willi
  9, X'3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f7267'
75 12 Tobias Brunner
);
76 9 Martin Willi
</pre>
77 1 Martin Willi
78 16 Andreas Steffen
*ID_KEY_ID*: scripts/id2sql "@#e5:e4:10:87:6c:2a:c4:be:ad:85:49:42:a6:de:76:58:30:3a:9f:c1"
79 1 Martin Willi
80 9 Martin Willi
<pre>
81 7 Martin Willi
INSERT INTO identities (
82 7 Martin Willi
  type, data
83 7 Martin Willi
) VALUES (
84 7 Martin Willi
  11, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
85 12 Tobias Brunner
);
86 1 Martin Willi
</pre>
87 9 Martin Willi
88 13 Andreas Steffen
*ID_PUBKEY_INFO_SHA1*: scripts/key2keyid < moonKey.der
89 1 Martin Willi
90 9 Martin Willi
<pre>
91 1 Martin Willi
INSERT INTO identities (
92 7 Martin Willi
  type, data
93 7 Martin Willi
) VALUES (
94 13 Andreas Steffen
  11, X'd70dbd46d5133519064f12f100525ead0802ca95'
95 1 Martin Willi
);
96 9 Martin Willi
</pre>
97 1 Martin Willi
98 13 Andreas Steffen
*ID_PUBKEY_SHA1*: scripts/key2keyid < moonKey.der
99 1 Martin Willi
100 1 Martin Willi
<pre>
101 1 Martin Willi
INSERT INTO identities (
102 7 Martin Willi
  type, data
103 7 Martin Willi
) VALUES (
104 13 Andreas Steffen
  11, X'e5e410876c2ac4bead854942a6de7658303a9fc1'
105 12 Tobias Brunner
);
106 9 Martin Willi
</pre>
107 1 Martin Willi
108 1 Martin Willi
109 9 Martin Willi
h2. TABLE private_keys
110 7 Martin Willi
111 12 Tobias Brunner
*type* defined in source:src/libstrongswan/credentials/keys/public_key.h#L35
112 9 Martin Willi
113 10 Andreas Steffen
|1 |KEY_RSA   |RSA key in PKCS!#1 format      |
114 10 Andreas Steffen
|2 |KEY_ECDSA |ECDSA key in ANSI X9.62 format |
115 7 Martin Willi
116 7 Martin Willi
117 9 Martin Willi
h2. TABLE certificates
118 3 Martin Willi
119 12 Tobias Brunner
*type* defined in source:src/libstrongswan/credentials/certificates/certificate.h#L35
120 9 Martin Willi
121 10 Andreas Steffen
|1 |CERT_X509           |X.509 certificate                 |
122 1 Martin Willi
|2 |CERT_X509_CRL       |X.509 certificate revocation list |
123 12 Tobias Brunner
|5 |CERT_X509_AC        |X.509 attribute certificate       |
124 3 Martin Willi
|6 |CERT_TRUSTED_PUBKEY |trusted public key                |
125 1 Martin Willi
126 9 Martin Willi
h2. TABLE shared_secrets
127 3 Martin Willi
128 12 Tobias Brunner
*type* defined in source:src/libstrongswan/credentials/keys/shared_key.h#L33
129 9 Martin Willi
130 10 Andreas Steffen
|1 |SHARED_IKE              |: PSK <secret>           |
131 10 Andreas Steffen
|2 |SHARED_EAP              |: EAP <secret>           |
132 10 Andreas Steffen
|3 |SHARED_PRIVATE_KEY_PASS |: RSA <keyfile> <secret> |
133 10 Andreas Steffen
|4 |SHARED_PIN              |: PIN <secret>           |
134 4 Martin Willi
135 4 Martin Willi
136 9 Martin Willi
h2. TABLE peer_configs
137 3 Martin Willi
138 14 Tobias Brunner
*auth_method* defined in source:src/libcharon/config/peer_cfg.h#L87
139 4 Martin Willi
140 21 Andreas Steffen
|0 |AUTH_CLASS_ANY    |any authentication method              |authby=never                   |
141 21 Andreas Steffen
|1 |AUTH_CLASS_PUBKEY |authentication using public key        |authby=rsasig, authby=ecdsasig |
142 21 Andreas Steffen
|2 |AUTH_CLASS_PSK    |authentication using pre-shared secret |authby=psk                     |
143 21 Andreas Steffen
|3 |AUTH_CLASS_EAP    |authentication using EAP               |authby=eap                     |
144 9 Martin Willi
145 18 Andreas Steffen
*eap_type* defined in source:src/libstrongswan/eap/eap.h#L51
146 1 Martin Willi
147 18 Andreas Steffen
|  4 |EAP_MD5      |
148 18 Andreas Steffen
|  6 |EAP_GTC      |
149 18 Andreas Steffen
| 13 |EAP_TLS      |
150 18 Andreas Steffen
| 18 |EAP_SIM      |
151 18 Andreas Steffen
| 21 |EAP_TTLS     |
152 18 Andreas Steffen
| 23 |EAP_AKA      |
153 18 Andreas Steffen
| 26 |EAP_MSCHAPV2 |
154 18 Andreas Steffen
| 38 |EAP_TNC      |
155 18 Andreas Steffen
|253 |EAP_RADIUS   |
156 1 Martin Willi
157 17 Andreas Steffen
h2. TABLE child_configs
158 1 Martin Willi
159 17 Andreas Steffen
*start_action*, *dpd_action*, and *close_action* defined in source:src/libcharon/config/child_cfg.h#L34
160 10 Andreas Steffen
161 17 Andreas Steffen
|0 |ACTION_NONE    | no action or clear                |
162 17 Andreas Steffen
|1 |ACTION_ROUTE   | install or retain an ipsec policy |
163 17 Andreas Steffen
|2 |ACTION_RESTART | start or restart a CHILD_SA       |
164 17 Andreas Steffen
165 19 Andreas Steffen
IPsec *mode*
166 19 Andreas Steffen
167 19 Andreas Steffen
|1 |TRANSPORT | IPsec transport mode |
168 19 Andreas Steffen
|2 |TUNNEL    | IPsec tunnel mode    |
169 19 Andreas Steffen
|3 |BEET      | IPsec beet mode      |
170 19 Andreas Steffen
|4 |PASS      | Shunt PASS policy    |
171 19 Andreas Steffen
|5 |DROP      | Shunt DROP policy    | 
172 17 Andreas Steffen
173 17 Andreas Steffen
h2. TABLE traffic_selectors
174 9 Martin Willi
175 14 Tobias Brunner
*type* defined in source:src/libstrongswan/selectors/traffic_selector.h#L35
176 1 Martin Willi
177 10 Andreas Steffen
|7 |TS_IPV4_ADDR_RANGE |
178 10 Andreas Steffen
|8 |TS_IPV6_ADDR_RANGE |