search

strongswan / strongMan

Management UI for strongSwan
https://www.strongswan.org/
Other
117 stars 39 forks source link

How to use the GUI of this project to set proposals ? #144

Closed TelDragon closed 1 year ago

TelDragon commented 1 year ago

For example, when the system does not support it by default

3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024,aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072

When the program is running in server mode. How can I add it?

If using a static configuration file (. conf), I already know that adding

proposals = default,3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024,aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072

But during the process of configuring the GUI, I couldn't see it.

tobiasbrunner commented 1 year ago

See my comment here: https://github.com/strongswan/strongMan/issues/130#issuecomment-937869979

TelDragon commented 1 year ago

See my comment here: #130 (comment)

Which specific table is it?

TelDragon commented 1 year ago

I have traversed the entire table and found several table fields that match the keywords, but I am not sure if they are

.tables
auth_group                                     
auth_group_permissions                         
auth_permission                                
auth_user                                      
auth_user_groups                               
auth_user_user_permissions                     
certificates_abstractidentity                  
certificates_certificate                       
certificates_distinguishedname                 
certificates_dnidentity                        
certificates_privatekey                        
certificates_textidentity                      
certificates_usercertificate                   
certificates_vicicertificate                   
connections_address                            
connections_authentication                     
connections_autocaauthentication               
connections_cacertificateauthentication        
connections_certificateauthentication          
connections_child                              
connections_connection                         
connections_eapauthentication                  
connections_eaptlsauthentication               
connections_ikev2certificate                   
connections_ikev2certificateeap                
connections_ikev2eap                           
connections_ikev2eaptls                        
connections_logmessage                         
connections_proposal                           
connections_secret                             
django_admin_log                               
django_content_type                            
django_migrations                              
django_session                                 
eap_secrets_secret                             
pools_pool                                     
server_connections_address                     
server_connections_authentication              
server_connections_autocaauthentication        
server_connections_cacertificateauthentication 
server_connections_certificateauthentication   
server_connections_child                       
server_connections_connection                  
server_connections_eapauthentication           
server_connections_eapcertificateauthentication
server_connections_eaptlsauthentication        
server_connections_ikev2certificate            
server_connections_ikev2certificateeap         
server_connections_ikev2eap                    
server_connections_ikev2eaptls                 
server_connections_logmessage                  
server_connections_proposal                    
select * from server_connections_proposal ;
1|aes128-sha256-modp2048||1
2|aes128gcm128-modp2048|1|

select * from connections_proposal ;

sqlite> PRAGMA table_info([server_connections_proposal]);
0|id|INTEGER|1||1
1|type|TEXT|1||0
2|child_id|INTEGER|0||0
3|connection_id|INTEGER|0||0

When inserting proposals using an SQL database. What is its table definition? How should I insert it?

3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024,aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072

This is how I operate.

INSERT INTO server_connections_proposal (type, child_id, connection_id)
VALUES ('3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024', 1, 1);

INSERT INTO server_connections_proposal (type, child_id, connection_id)
VALUES ('aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521', 1, 1);

INSERT INTO server_connections_proposal (type, child_id, connection_id)
VALUES ('aes192-sha256-modp3072', 1, 1);

sqlite> select * from server_connections_proposal ;
1|aes128-sha256-modp2048||1
2|aes128gcm128-modp2048|1|
3|3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024|1|1
4|aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521|1|1
5|aes192-sha256-modp3072|1|1
tobiasbrunner commented 1 year ago

Note that if you set both child_id and connection_id, you configure these proposals for both IKE and ESP. However, that might not be what you want (in particular in regards to the DH groups and PRFs also don't make sense in ESP proposals).

proposals in swanctl.conf corresponds to associating a proposal via connection_id, while esp_proposals corresponds to doing that via child_id.

proposals = default,3des-aes128-aes192-aes256-sha1-sha256-sha384-modp1024,aes192gcm16-aes128gcm16-prfsha256-ecp256-ecp521,aes192-sha256-modp3072

Note that setting default (which you can do via database as well) adds most of the other algorithms. The exception are weak ones like 3des or modp1024, so only for those you'd need to add a separate proposal.

TelDragon commented 1 year ago

Re server_ Why are the logs on the connections page empty? How can I make its logs display?

tobiasbrunner commented 1 year ago

That's a connection specific log, only when actively initiating or terminating a connection will anything show up there.