Hi Razvan, > I want to be able to use something like a runtime API(let's say > for javva) that can be used to alter strongswan configurations as those > read from ipsec.conf.
If you are just interested in changing the configuration dynamically at runtime (in an easier way than to modify ipsec.conf) have a look at the sql plugin [1]. This allows you to store the configuration and the credentials in a database from which the charon daemon fetches them when needed. > So there would be the approach of writing a plugin for this, but the > plugins are daemon triggered, and this doesn't help me at all, as the > plugin should be the one that triggers the daemon in this case(when a > message for a new configuration is received). While it is true that the plugins are loaded by the daemon (if that's what you mean by "triggered"), they are free to interact with external processes however they want. There are lots of examples for this. The stroke plugin for instance is used to get the config from ipsec.conf into the daemon. The config is parsed by starter which uses a Unix domain socket to send the config to the charon daemon. The stroke utility (either directly or via the ipsec script) uses the same socket to interact with the daemon (e.g. to initiate a connection). Another plugin which uses Unix domain sockets is the android plugin which interacts with a modified version of the default Android VPN GUI. Then there are plugins that use D-Bus to interact with external processes, for instance, the nm plugin which is a backend to the strongSwan NetworkManager plugin. The maemo plugin also uses D-Bus to receive connection requests (and config information) from the status panel applet written for the Nokia N900. Also, there is the smp plugin (see [2]), which was never finished, but allows some control of the daemon via XML sent to a TCP socket. As you can see, there are plenty of options to control the charon daemon from external processes. > Also I was wondering(because the code base is very big and wasn't > able to find an answer myself), what would an exact workflow diagram > look like: who stores the configurations? how it stores them? Have look at the code of the plugins mentioned above for examples of how configuration objects are created and managed. > is there any communication between daemons? No, the pluto and charon daemons are independent and there is no communication between them (starter does communicate with both of them but the daemons are unaware of the details). > if pluto and charon are both active at the same time, do they have > distinct configuration storage? Yes. Also, pluto is not really extensible via plugins, at least not in regard to configuration. Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/SQL [2] http://wiki.strongswan.org/projects/strongswan/wiki/SMP _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
