attr-sql plugin for
libcharon is similar to the
attr plugin but stores the attributes in an SQL database
The plugin is disabled by default and can be enabled with the
Also required is support for either
--enable-sqlite) which enables the
Configured attributes are assigned to peers via
CP configuration payloads (IKEv2)
Mode Config (IKEv1). Attributes are only assigned to peers if they
request a virtual IP.
attr-sql plugin is configured using the following options in the
Release all online leases during startup. Disable this to share the database between multiple VPN gateways
Database URI used to access the database
Enable logging of IP pool leases
To setup the database use the schema defined in the following SQL scripts:
These files contain the complete database schema, which also includes tables
that are required by the
sql plugin, only.
ipsec pool Tool
Attributes stored in the database can be managed using the
ipsec pool utility.