support centos based systems

[jkroepke]

On Centos there is no ipsec command. Instead you have to use strongswan like strongswan statusall

[dennisstritzke]

Thanks for reporting!

How would you differentiate this issue from #17, which you also opened? Does this boil down to the same basic issue? Also I am a bit confused that you reference the ipsec command in #17, but saying here that is isn't supported. Could you please clarify?

[jkroepke]

Sure.

On CentOS (and RedHat). You can install strongswan, too. But strongswan ist from the 3rd party repo EPEL and does not provide the ipsec command. To interact with strongswan you have to type strongswan statusall instead ipsec statusall.

Currently. ipsec is hardcoded here and should be configurable.

ipsec_exporter/ipsec/status.go

Line 37 in f2e69e7

cmd := exec.Command("ipsec", "statusall", tunnel.name)

#17 Talks about the standard and redhat support packages libreswan. libreswan is the supported ipsec utility to manage ipsec connection but the output differs from strongswan.

In both away the support isn't usable on centos or rhel based system right now.

[dennisstritzke]

Thank you for the elaboration. That sounds absolutely reasonable to support by the IPsec Exporter.

To add support within a future release, issues #15 and #17 should be implemented too. I think the following approach would be suitable:

• Check, if the exporter is able to first load ipsec.conf and second the Swan-based config.
• Test the system, which command is available to report metrics: ipsec, strongswan or libreswan
• Implementing this through a general IPsec Golang Interface and providing implementations for ipsec, strongswan and libreswan should be most suitable for the problem.