https://wiki.ixheim.de/index.php?action=history&feed=atom&title=Vici_python_example
Vici python example - Versionsgeschichte
2026-06-29T01:05:30Z
Versionsgeschichte dieser Seite in Xinux Wiki
MediaWiki 1.35.1
https://wiki.ixheim.de/index.php?title=Vici_python_example&diff=16139&oldid=prev
Thomas: Die Seite wurde neu angelegt: „ <pre> # This python script is *not* required to setup and run a tunnel, # rather it shows how an external python script can bring a tunnel up / down and monit…“
2017-12-18T17:24:34Z
<p>Die Seite wurde neu angelegt: „ <pre> # This python script is *not* required to setup and run a tunnel, # rather it shows how an external python script can bring a tunnel up / down and monit…“</p>
<p><b>Neue Seite</b></p><div><br />
<pre><br />
# This python script is *not* required to setup and run a tunnel,<br />
# rather it shows how an external python script can bring a tunnel up / down and monitor its status.<br />
<br />
import vici<br />
import multiprocessing<br />
import collections<br />
import time<br />
# NOTE: unless you are root you will need to do the following: sudo chmod 777 /var/run/charon.vici<br />
<br />
# Edit target_connections in the VState to include the VPN connections you would like to keep alive<br />
# if this connection is dropped for some reason it will be re-started automatically by the python script<br />
<br />
class VState(object):<br />
"""holds the VPN state"""<br />
def __init__(self):<br />
self.alive = True<br />
self.session = vici.Session()<br />
self.possible_connections = []<br />
self.target_connections = ['rw-2']<br />
self.active_connections = []<br />
<br />
class StrongSwan(object):<br />
def __init__(self, queue = None):<br />
self.state = VState()<br />
self.get_possible_connections()<br />
<br />
def process_control_connection_in(self):<br />
'''handle incoming mavlink packets'''<br />
pass<br />
<br />
def check_interfaces(self):<br />
state = self.state<br />
for vpn_conn in state.session.list_sas():<br />
for key in state.active_connections:<br />
try:<br />
print 'key', key<br />
print vpn_conn[key]<br />
print vpn_conn[key]['established']<br />
print vpn_conn[key]['state']<br />
print vpn_conn[key]['local-host']<br />
print vpn_conn[key]['remote-host']<br />
except:<br />
pass<br />
<br />
try:<br />
child = vpn_conn[key]['child-sas']<br />
if child == {}:<br />
child = None<br />
except:<br />
print 'tunnel not connected at child level!'<br />
child = None<br />
<br />
if child is not None:<br />
for child_key in child:<br />
<br />
print 'time: ', time.time(), 'child key', child_key, child[child_key]['bytes-in'], child[child_key]['bytes-out']<br />
<br />
#print 'packets'<br />
#print 'in: ', child[child_key]['packets-in']<br />
#print 'out: ', child[child_key]['packets-out']<br />
<br />
#print 'bytes'<br />
#print 'in: ', child[child_key]['bytes-in']<br />
#print 'out: ', child[child_key]['bytes-out']<br />
<br />
#print child[child_key]['mode']<br />
#print 'ip: ', child[child_key]['local-ts']<br />
#print child[child_key]['remote-ts']<br />
#print 'key: ', child[child_key]['rekey-time']<br />
#print 'life: ', child[child_key]['life-time']<br />
<br />
<br />
if key in state.target_connections and child is None:<br />
self.connection_down(key)<br />
self.connection_up(key)<br />
<br />
for key in state.target_connections:<br />
if key not in state.active_connections:<br />
#the connection is inactive<br />
self.connection_up(key)<br />
<br />
<br />
def connection_up(self, key):<br />
state = self.state<br />
print 'up: ', key<br />
sa = collections.OrderedDict()<br />
sa['child'] = key<br />
sa['timeout'] = '2000'<br />
sa['loglevel'] = '0'<br />
rep =state.session.initiate(sa)<br />
rep.next()<br />
rep.close()<br />
<br />
#TODO: handle errors, log?<br />
<br />
def connection_down(self, key):<br />
state = self.state<br />
print 'down: ', key<br />
sa = collections.OrderedDict()<br />
sa['ike'] = key<br />
sa['timeout'] = '2000'<br />
sa['loglevel'] = '0'<br />
rep =state.session.terminate(sa)<br />
rep.next()<br />
rep.close()<br />
<br />
#TODO: handle errors, log?<br />
<br />
def get_possible_connections(self):<br />
'''reset and repopulate possible connections based on /etc/ipsec.conf'''<br />
state = self.state<br />
state.possible_connections = []<br />
for conn in state.session.list_conns():<br />
for key in conn:<br />
state.possible_connections.append(key)<br />
<br />
print 'p',state.possible_connections<br />
<br />
def get_active_connections(self):<br />
state = self.state<br />
state.active_connections = []<br />
<br />
for conn in state.session.list_sas():<br />
for key in conn:<br />
state.active_connections.append(key)<br />
<br />
print 'a', state.active_connections<br />
<br />
def is_alive(self):<br />
return self.state.alive<br />
<br />
def main_loop():<br />
'''main processing loop'''<br />
#make a strongSwan control object<br />
VPN = StrongSwan()<br />
while VPN.is_alive():<br />
VPN.process_control_connection_in()<br />
VPN.get_possible_connections()<br />
VPN.get_active_connections()<br />
VPN.check_interfaces()<br />
time.sleep(1.0)<br />
<br />
<br />
<br />
if __name__ == '__main__':<br />
#run main loop as a process<br />
main = multiprocessing.Process(target=main_loop)<br />
main.start()<br />
main.join() <br />
</pre></div>
Thomas