We've authored a plugin for libcharon that makes calls to our code. This is creating some unwanted coupling between our application and strongswan, since we're compiling strongswan with this plugin.
Let's call this plugin MyPlugin. It is configured as follows:
$ cat /etc/strongswan/strongswan.d/charon/myplugin.conf
myplugin {
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
proxy
{
# Should send to proxy
send_to_proxy = yes
}
log
{
# Should save to file
log_path = /var/log/myplugin.log
log_ips = yes
}
}
We would like to reverse this dependency, by compiling this plugin as a part of our application, implementing strongswan interfaces.
The question is, does strongswan support this? Can a plugin be deployed on a machine where strongswan is already running, and have strongswan load it and work with it? How?
We're running strongswan 5.1.5 on CentOS 6.
Yes, you can do this. However, there are some caveats:
config.h
from the build you are compiling against (or of an equivalently configured build for the same platform). When compiling the plugin, you pass the path to it via-include
.strongswan.conf
file (i.e. enable modular plugin loading and include the config snippets instrongswan.d
where you place a snippet for your plugin - the default should work fine).You can find an example of an out-of-tree plugin here.