SQL configuration and credential plugin¶

The SQL plugin for charon allows to store the complete connection configuration in a relational database. Further, the daemon reads credentials, such as certificates, private keys or passwords from the database to do all kind of authentication. Logging to the database is also possible.

Status¶

The SQL plugin is still experimental and in developement (source:src/libcharon/plugins/sql). It currently works on top of MySQL/MariaDB (mysql plugin) or SQLite (sqlite plugin).

There is currently no frontend to configure the database.

Database setup¶

There are some SQL scripts to help you in the database setup (more information on the tables and values can be found here):

• MySQL tables source:src/pool/mysql.sql
• SQLite tables source:src/pool/sqlite.sql
• Test data e.g. source:testing/tests/sql/ip-pool-db/hosts/moon/etc/ipsec.d/data.sql (there are others in source:testing/tests/sql)

Configuration¶

Make sure to build strongSwan with the appropriate modules:

 ./configure --enable-sql --enable-mysql --enable-sqlite [...]

The plugin uses strongswan.conf for database configuration:

charon {
  plugins {
    sql {
      database = mysql://user:pass@localhost/database
      # or using sqlite:
      # database = sqlite:///etc/ipsec.d/ipsec.db
    }
  }
}