Mysql – Use MySQL for storing secrets in Strongswan VPN

ikev2ipsecMySQLstrongswan

I have a working Strongswan IKEv2 VPN, i uses eap-mschapv2 as right auth.
It's working fine as long as I use the ipsec.secrets file to store the user credentials.

# ipsec.secrets file
: RSA vpn-server-key.pem
arav %any : EAP "accessit"

But I want to change it to store these secrets in a MySQL database.
I've connected the mysql database in the sql.conf file i just want to know how to insert these user credentials in MySQL table.

On refering this guide: https://wiki.strongswan.org/projects/strongswan/wiki/SQLite

It doesn't store the secrets in plain text but it uses any kind of encryption to do so. Can anyone tell me how to do that ?

Any help will be appreciated

Best Answer

It doesn't store the secrets in plain text but it uses any kind of encryption to do so.

That's not the case. The secrets are stored in plain text. So just insert the shared secrets and identities as indicated on the referenced wiki page (using your example data):

/* type: ID_FQDN, data: arav */
INSERT INTO identities (type, data) VALUES (2, X'61726176');
/* type: SHARED_EAP, data: accessit */
INSERT INTO shared_secrets (type, data) VALUES (2, X'6361656373737469');
/* to associate the identity with the secret, use the actual ids of the two rows above */
INSERT INTO shared_secret_identity (shared_secret, identity) VALUES (1, 1);

Best Answer

Related Solutions

Accounting IPSec connections with RSA authentication

Strongswan VPN: no matching peer config found

Related Topic