PT-TLS SWIMA Client¶

Installing the strongSwan TNC Software¶

First we have to install some additional Ubuntu packages needed for the strongSwan TNC build

 sudo apt install libssl-dev libcurl4-openssl-dev sqlite3 libsqlite3-dev libjson0-dev

Download the lastest strongSwan tarball

wget https://download.strongswan.org/strongswan-5.6.0dr1.tar.bz2

Unpack the tarball

tar xf strongswan-5.6.0dr1.tar.bz2

and change into the strongSwan build directory

cd strongswan-5.6.0dr1

Configure strongSwan with the following options

./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --enable-openssl --enable-tnc-imc --enable-tnccs-20 --enable-imc-os --enable-imc-swima --enable-sqlite --enable-curl

Build and install strongSwan with the commands

make; sudo make install

Configure the strongSwan "sw-collector" Tool¶

The sw-collector tool allows all software installation events to be collected and stored in an SQLite database. First we set up a clean collector database with the command

sudo -s
mkdir /etc/pts
cat /usr/share/strongswan/templates/database/sw-collector/sw_collector_tables.sql | sqlite3 /etc/pts/collector.db

The sw-collector needs some options defined in the /etc/strongswan.conf/ configuration file

sw-collector {
  database = sqlite:///etc/pts/collector.db
  history = /var/log/apt/history.log
  first_time = 2017-02-15T20:20:34Z
  rest_api {
    uri = https://admin-user:ietf99hackathon@tnc.example/api/
  }
}

The date of the original OS installation can be found e.g. with the command

ls -l --full-time /var/log/bootstrap.log
-rw-r--r-- 1 root root 57457 2017-02-15 12:20:34.000000000 -0800 /var/log/bootstrap.log