[Shorewall-users] Multiple connection via VICI plugin

Wed, 07 Feb 2018 11:45:12 -0800 

HI Noel,

I am trying to use the golang VICI client plugin and referring
https://godoc.org/github.com/bronze1man/goStrongswanVici and using the APIs
from https://github.com/bronze1man/goStrongswanVici.
I am trying to bring up *two connection*, using two independent connection
to strongswan, so each connection has its own monitor thread for handling
events, however i see that each monitor routines is receiving an up down
event for all the connection, that where not created from that connection
as well. Will all the event responses from strongswan have an identifier
for the connection.

Inevent Handler1  &goStrongswanVici.EventChildUpDown{Up:true,
Ike:map[string]*goStrongswanVici.EventIkeSAUpDown{"test-connection2":


Inevent Handler2  &goStrongswanVici.EventChildUpDown{Up:true,
Ike:map[string]*goStrongswanVici.EventIkeSAUpDown{"test-connection2"

and when i use selector in child sa as %any and %any, my ssh session gets
terminated and the system become unaccessible, i am not able to connect
from LAN Interface  and wan interface. I have used the configuration saying
not to install routes, but still i see this issue, any thing that i am
missing.
Please see the strongswan config file .

charon {

load_modular = yes

plugins {

include strongswan.d/charon/*.conf

                vici {

                       socket = unix:///var/run/charon.vici

                     }

}

        i_dont_care_about_security_and_use_aggressive_mode_psk=yes

        interfaces_use = eth3

        install_routes = no

        filelog {

        /log/charon.log {

            # add a timestamp prefix

            time_format = %b %e %T

            # prepend connection name, simplifies grepping

            ike_name = yes

            # overwrite existing files

        }

        stderr {

            # more detailed loglevel for a specific subsystem, overriding
the

            # default loglevel.

            ike = 1

            cfg = 1

          }

        }

}

Appreciate your response.

Thanks,
Naveen

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to