Skip to content
/ vici-proxy Public

A socket proxy for the Charon/Vici protocol. That enables command filtering

License

BSD-3-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

spheromak/vici-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
internal/proxy
internal/proxy
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

StrongSwan VICI proxy

A small proxy to allow finer control over the VICI socket.

The intent is to restrict what commands can be sent to VICI in order to allow unprivileged access to some commands.

Usage

Simple usage should be to invoke with an allow-list that enables stats

vici-proxy -a stats

Arguments

--allow -a  The allow list can be specified multiple times. Keywords match vici commands (default ``)
--deny -d The deny list can be specified multiple times. Keywords match vici commands, special keyword `all` denys all. Allow rules apply first. (default `all`)
--listen -l The socket file to listen on. (defaults: /var/run/proxy.vici)

TODO:

  • AllowList of commands
  • authentication
  • DenyList of commands

About

A socket proxy for the Charon/Vici protocol. That enables command filtering

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages