How to use vici - 4 common examples
To help you get started, we’ve selected a few vici examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
opnsense / core / src / opnsense / scripts / ipsec / list_status.py View on Github 
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------------
list ipsec status, using vici interface
"""
import sys
import socket
import ujson
import vici
try:
s = vici.Session()
except socket.error:
# cannot connect to session, strongswan not running?
print ('ipsec not active')
sys.exit(0)
def parse_sa(in_conn):
result = {'local-addrs': '', 'remote-addrs': '', 'children': '', 'local-id': '', 'remote-id': ''}
result['version'] = in_conn['version']
if 'local_addrs' in in_conn:
result['local-addrs'] = b','.join(in_conn['local_addrs'])
elif 'local-host' in in_conn:
result['local-addrs'] = in_conn['local-host']
if 'remote_addrs' in in_conn:
result['remote-addrs'] = b','.join(in_conn['remote_addrs'])
elif 'remote-host' in in_conn:def _connect_socket(self):
try:
self.socket = socket.socket(socket.AF_UNIX)
self.socket.connect(self.socket_path)
self.session = vici.Session(self.socket)
except Exception as e:
raise ViciSocketException("Vici is not reachable! " + str(e))"""
import sys
import os
import subprocess
import ujson
import vici
# parse input parameter
conn_id = None
if len(sys.argv) > 1:
p_conn_id = sys.argv[1].strip()
# validate if SA is active before trying to disconnect, validates input data
# and collect child sa's to bring up.
conns_found = []
s = vici.Session()
for conns in s.list_conns():
for conn in conns:
if conn == p_conn_id:
conns_found.append(conn)
for child in conns[conn]['children']:
if child not in conns_found:
conns_found.append(child)
# setup connection if found
for conn_id in conns_found:
subprocess.run(['/usr/local/sbin/ipsec', 'up', conn_id], capture_output=True)
disconnect ipsec connection
"""
import sys
import os
import subprocess
import ujson
import vici
# parse input parameter
conn_id = None
if len(sys.argv) > 1:
conn_id = sys.argv[1].strip()
# validate if SA is active before trying to disconnect, validates input data
conn_found = False
s = vici.Session()
for sas in s.list_sas():
for sa in sas:
if sa == conn_id:
conn_found = True
# terminate connection if found
if conn_found:
subprocess.run(['/usr/local/sbin/ipsec', 'down', conn_id], capture_output=True)
vici
Native Python interface for strongSwan's VICI protocol
MIT
Latest version published 1 year ago