Hi Andreas
After check the sqlite howto and the example you mentioned, I still got
several questions. Can you help?
For id type 9 ID_DER_ASN1_DN, I understand I can get it by "openssl x509
-subject". The fields I get in my result include:C, ST, L, O, CN and
something like emailaddress=foo...@somthing.
So my question: Do I need include all the fields, or just those listed in
the example(means C, O, CN)?
For the emailAddress thing, how to pass that to
id2sql? use E=...?
For the private keys and certificates, there is no explanation. From the
example, I guess I just put that in DER format then insert it into the
database?
For the tables ike_configs, peer_configs, child_configs, can you explain the
purpose of these tables?
In the example, it says INSERT INTO ike_configs (local, remote)
VALUES('PH_IP_CAROL', 'PH_IP_MOON');
I don't find any definition for PH_IP_CAROL, PH_IP_MOON, can you explain
what it is?
thanks, Xia Weizhong
2010/1/24 Andreas Steffen <[email protected]>
> Hi,
>
> no, you won't need starter but probably still the stroke tool to start,
> monitor and stop connections.
>
> Regards
>
> Andreas
>
> Xia Weizhong wrote:
> > HI Andreas
> >
> > Thanks for the explanation. Do you think if I still need "starter" if
> > configs are stored in sqlite database?
> >
> > thanks, Xia Weizhong
> >
> > 2010/1/20 Andreas Steffen <[email protected]
> > <mailto:[email protected]>>
> >
> > Xia Weizhong wrote:
> > > Hi
> > >
> > > I plan to use strongswan in an Embeded environment. My plan is to
> > use charon
> > > alone with libstrongswan (no starter), and with configs stored in
> > sqlite
> > > database. Is this way possible?
> > >
> > > To store configs in sqlite database, is there any document I could
> > consult?
> > > In the sqlite howto page, I can figure out some of the setting.
> > Yet some I
> > > can not, example:
> > >
> > > *ID_DER_ASN1_DN*: scripts/id2sql "C=CH, O=Linux strongSwan, CN=
> > > moon.strongswan.org <http://moon.strongswan.org>"
> > >
> > > INSERT INTO identities (
> > > type, data
> > > ) VALUES (
> > > 9,
> >
> X'3046310b300906035504061302434831193017060355040a13104c696e7578207374726f6e675377616e311c301a060355040313136d6f6f6e2e7374726f6e677377616e2e6f7267'
> > > );
> > > How do the string in quotations get into the magic 3046....?
> > >
> > As described in the SQLite howto, the auxiliary program id2sql
> > translates the LDAP-style representation of the
> > subject distinguished name
> >
> > "C=CH, O=Linux strongSwan, CN=moon.strongswan.org
> > <http://moon.strongswan.org>"
> >
> > into its binary ASN.1 DER-encoded representation. We are aware
> > that entering configuration, identity and credential information into
> > the database manually is quite tiresome. If you want to use the
> > database in a production environment you would have to write some
> > scripts or a GUI to enter this information.
> >
> > > And from the source code package test examples, there are
> > something like:
> > > INSERT INTO shared_secret_identity (
> > > shared_secret, identity
> > > ) VALUES (
> > > 1, 4
> > > );
> > > What is the 1 and 4 means here? Row number in releated tables?
> > >
> > Yes, this are primary keys of the shared_secret and identity
> > tables. The keys are assigned with increasing numbers starting
> > with one. Have a look at the following examples for more details
> >
> > http://www.strongswan.org/uml/testresults43/sql/index.html
> >
> > > Not sure if anything in ipsec.conf can have a counter part in the
> > database?
> > >
> > There are currently some parameters that cannot be defined in the
> > database.
> >
> > > thanks, Xia Weizhong
> >
> > Best regards
> >
> > Andreas
> >
>
> ======================================================================
> Andreas Steffen [email protected]
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
