Project

General

Profile

strongTNC Policy Manager

Installation and Configuration

strongTNC is a web application based on the Django framework which itself makes use of the Python scripting language. At least Django 1.6 and Python 2.6.5 are required. For the following installation and configuration steps we assume an Ubuntu Linux platform but the procedure on other Linux distributions is quite similar.

Install strongTNC

The strongTNC project is hosted on GitHub. The latest release can be installed as follows

wget https://github.com/strongswan/strongTNC/archive/master.zip
unzip master.zip
sudo mv strongTNC-master /var/www/tnc
sudo chown -R www-data:www-data /var/www/tnc

Install Python/Django

If not present yet, install the following Ubuntu packages

sudo apt-get install python-pip python-dev libxml2-dev libxslt1-dev

In the /var/www/tnc directory execute the command

sudo pip install -r requirements.txt

which updates the Django version if necessary and installs various Python modules.

Configure strongTNC

Copy config/settings.sample.ini to /etc/strongTNC/settings.ini and adapt the settings to your preferences.

[debug]
DEBUG=0
TEMPLATE_DEBUG=0
DEBUG_TOOLBAR=0

[db]
DJANGO_DB_URL=sqlite:////var/www/tnc/django.db
STRONGTNC_DB_URL = sqlite:////etc/pts/config.db

[localization]
LANGUAGE_CODE=en-us
TIME_ZONE=Europe/Zurich

[admins]
Your Name: jane.doe@strongswan.org
Another Admin: joe.doe@strongswan.org

[security]
SECRET_KEY=<secret key>

Newer strongTNC versions do not come with a default django.db database where the login passwords are stored. If the database is missing create /var/www/tnc/django.db with the following command

sudo python /var/www/tnc/manage.py migrate --database meta

Next set the strongTNC access password to "demo" in our example:

sudo python /var/www/tnc/manage.py setpassword
--> Please enter a new password for admin-user: <admin-user password>
--> Granting write_access permission.
Looking for readonly-user in database...
--> Please enter a new password for readonly-user: <readonly-user password>
Passwords updated succesfully!

In order to get a correct display of the strongTNC web pages you have to execute the following command

sudo python /var/www/tnc/manage.py collectstatic

Install Apache Web Server

An Apache web server equipped with a Web Server Gateway Interface (WSGI) module is installed on Ubuntu by the single command

sudo apt-get install apache2 libapache2-mod-wsgi

Configure strongTNC Virtual Web Server

In the /etc/apache2/sites-available directory create the following configuration file and name it e.g. tnc:

WSGIPythonPath /var/www/tnc

<VirtualHost *:80>
    ServerName tnc.example.com
    ServerAdmin webmaster@localhost

    DocumentRoot /var/www/tnc

    <Directory /var/www/tnc/config>
        <Files wsgi.py>
            Order deny,allow
            Allow from all
        </Files>
    </Directory>

    WSGIScriptAlias / /var/www/tnc/config/wsgi.py
    WSGIPassAuthorization On

    ErrorLog ${APACHE_LOG_DIR}/tnc/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined
</VirtualHost>

Initialize PTS Database

I you haven't done so yet during the strongSwan TNC server installation, initialize the PTS SQLite database and give group "www-data" write permission:

sudo mkdir /etc/pts
cd /usr/share/strongswan/templates/database/imv/
sudo cat tables.sql data.sql | sqlite3 /etc/pts/config.db
sudo chgrp www-data /etc/pts /etc/pts/config.db
sudo chmod g+w /etc/pts /etc/pts/config.db

Start strongTNC Virtual Web Server

Now enable the virtual web server in the /etc/apache2/sites-enabled directory and start it:

cd /etc/apache2/sites-enabled
sudo ln -s ../sites-available/tnc tnc
sudo service apache2 restart

Login

strongTNC Login

Enter the strongTNC access password which is "demo" in our example.

Overview

strongTNC Overview

Consult the overview page for further instructions.

strongTNC_login.png View - strongTNC Login (29 KB) Andreas Steffen, 06.02.2014 07:50

strongTNC_overview.png View - strongTNC Overview (88.3 KB) Andreas Steffen, 06.02.2014 07:51