#ipsec #syslog #interface #create #helps #xfrm #pluto

app swan-updown

swan-updown helps create ipsec interfaces

7 releases

0.3.1 Apr 19, 2024
0.3.0 Apr 10, 2024
0.2.5 Mar 18, 2023
0.1.1 Mar 6, 2023

#1187 in Command line utilities

MIT license

21KB
432 lines

swan-updown

see updown plugin.

First, it parses PLUTO_* and cli args.

Then it helps create ipsec interfaces on demand and log to syslog.

usage

To utilize swan-updown, specify

connections.<conn>.children.<child>.updown = swan-updown [OPTIONS]

in swanctl.conf

For its arguments, see swan-updown -h.

# swan-updown -h
swan-updown helps create ipsec interfaces

Usage: swan-updown [OPTIONS]

Options:
  -p, --prefix <prefix>  the prefix of the created interfaces, default to [swan]
  -n, --netns <netns>    Optional network namespace to move interfaces into
  -m, --master <master>  Optional master device to assign interfaces to
      --to-stdout        send log to stdout, otherwise the log will be sent to syslog
  -d, --debug...         set it multiple times to increase log level, [0: Error, 1: Warn, 2: Info, 3: Debug]
  -h, --help             Print help
  -V, --version          Print version

reminder

By default swan-updown uses syslog, if you want it to use env_logger, please specify --to-stdout.

what it will do

interface

It will [create / destroy] XFRM interface when an SA is [established / deleted].

The name of the interface will be {prefix}{hex encoded if_id}. The prefix can be specified by --prefix argument and the if_id is the PLUTO_IF_ID_IN environment variable.

swan-updown also adds altnames to the interface. The altnames will show

  • the local and remote IKEIDs pair
  • the local and remote IP addresses pair

Additionally, if --netns is specified, the created interface will be moved into the given netns.

Dependencies

~8–15MB
~191K SLoC