Third Party provided tools for strongSwan » History » Version 3
Noel Kuntze, 19.01.2020 18:43
Some scripts I use.
| 1 | 1 | Noel Kuntze | h1. Third Party provided tools for strongSwan |
|---|---|---|---|
| 2 | 1 | Noel Kuntze | |
| 3 | 1 | Noel Kuntze | {{>toc}} |
| 4 | 1 | Noel Kuntze | |
| 5 | 1 | Noel Kuntze | h2. swanctl bash auto completion |
| 6 | 1 | Noel Kuntze | |
| 7 | 1 | Noel Kuntze | Provides auto completion in bash shell for the [[swanctl]] utility. Written in Python 3. |
| 8 | 2 | Noel Kuntze | If the vici python egg is available, it pulls any variable data over VICI socket. |
| 9 | 1 | Noel Kuntze | |
| 10 | 1 | Noel Kuntze | "Repository on Github":https://github.com/Thermi/swanctl-completion |
| 11 | 1 | Noel Kuntze | |
| 12 | 1 | Noel Kuntze | "Arch Linux package on the AUR":https://aur.archlinux.org/packages/swanctl-completion/ |
| 13 | 3 | Noel Kuntze | |
| 14 | 3 | Noel Kuntze | h2. connectionCloser.py |
| 15 | 3 | Noel Kuntze | |
| 16 | 3 | Noel Kuntze | Terminates all tunnels without timeout when called. The use case is to call the script |
| 17 | 3 | Noel Kuntze | when strongSwan stops but the network is down, like when you shut down your system. |
| 18 | 3 | Noel Kuntze | Without calling the script, shutdown takes forever, because strongSwan waits for the tunnels to be closed. |
| 19 | 3 | Noel Kuntze | If the network is down, that effectively means until the tunnels time out and that can take a while. |
| 20 | 3 | Noel Kuntze | Alternatively, until the init daemon decides to kill strongswan. |
| 21 | 3 | Noel Kuntze | |
| 22 | 3 | Noel Kuntze | The script requires the vici gem for python and for strongSwan to be configured |
| 23 | 3 | Noel Kuntze | to load the vici plugin and that plugin to be loaded. strongSwan must be allowed to execute the python script. |
| 24 | 3 | Noel Kuntze | |
| 25 | 3 | Noel Kuntze | "Repository on Github":https://github.com/Thermi/strongswan-scripts |
| 26 | 3 | Noel Kuntze | |
| 27 | 3 | Noel Kuntze | h2. dummy-vip-init.sh |
| 28 | 3 | Noel Kuntze | |
| 29 | 3 | Noel Kuntze | This script makes sure a dummy interface with name dummy-vip exists. |
| 30 | 3 | Noel Kuntze | The use case is to make sure the dummy interface exists before strongSwan tries to bind a VIP (virtual IP) to it. |
| 31 | 3 | Noel Kuntze | There are security reasons for configuring strongSwan to bind virtual IPs to a dummy interface. |
| 32 | 3 | Noel Kuntze | It uses bash and iproute2. |
| 33 | 3 | Noel Kuntze | |
| 34 | 3 | Noel Kuntze | "Repository on Github":https://github.com/Thermi/strongswan-scripts |
| 35 | 3 | Noel Kuntze | |
| 36 | 3 | Noel Kuntze | h2. init-dhcp-route-bypass.sh |
| 37 | 3 | Noel Kuntze | |
| 38 | 3 | Noel Kuntze | This script inserts routing rules for all packets marked with fwmark 0x11 to lookup the main table. |
| 39 | 3 | Noel Kuntze | The use case is to make sure a DHCP daemon/client that uses an AF_INET or AF_INET6 socket without |
| 40 | 3 | Noel Kuntze | specifying a source IP does not accidently try to send packets with the virtual IP as source. |
| 41 | 3 | Noel Kuntze | This script works together with iptables/ip6tables/nftables rules that mark DHCP packets with fwmark 0x11 (-j MARK --set-mark 0x11) |
| 42 | 3 | Noel Kuntze | It uses bash and iproute2. |
| 43 | 3 | Noel Kuntze | |
| 44 | 3 | Noel Kuntze | "Repository on Github":https://github.com/Thermi/strongswan-scripts |