{"id":8762,"library":"vici","title":"vici - strongSwan VICI Protocol Interface","description":"The 'vici' Python library provides a native interface for strongSwan's Versatile IKE Control Interface (VICI) protocol. It enables external Python applications to configure, monitor, and control the strongSwan 'charon' IKE daemon. The library is currently at version 6.0.3 and is actively maintained, with regular updates.","status":"active","version":"6.0.3","language":"en","source_language":"en","source_url":"https://github.com/strongswan/strongswan/tree/master/src/libcharon/plugins/vici/python","tags":["strongswan","vici","networking","vpn","ipsec","daemon-control"],"install":[{"cmd":"pip install vici","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Used for establishing communication with the strongSwan VICI socket. This is a built-in Python module.","package":"socket","optional":false}],"imports":[{"note":"The Session class is the primary entry point for interacting with the strongSwan daemon via VICI.","symbol":"Session","correct":"import vici\nsession = vici.Session()"}],"quickstart":{"code":"import vici\nimport socket\nimport os\n\n# Default VICI socket path for Unix-like systems\nVICI_SOCKET_PATH = os.environ.get('VICI_SOCKET', '/var/run/charon.vici')\n\ntry:\n    # Connect to the VICI socket\n    s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)\n    s.connect(VICI_SOCKET_PATH)\n    session = vici.Session(s)\n\n    # Get and print the daemon version information\n    version_info = session.version()\n    print(f\"Connected to strongSwan daemon: {version_info['daemon']} {version_info['version']} \"\n          f\"({version_info['sysname']}, {version_info['release']}, {version_info['machine']})\")\n\n    # Example: List loaded connections\n    print(\"\\nLoaded Connections:\")\n    conns_found = False\n    for conn in session.list_conns():\n        conns_found = True\n        print(f\"  - {list(conn.keys())[0]}\") # Connection name is the first key\n    if not conns_found:\n        print(\"  (No connections found)\")\n\n    # Important: Close the session/socket when done\n    session.close()\n    s.close()\n\nexcept FileNotFoundError:\n    print(f\"Error: VICI socket not found at {VICI_SOCKET_PATH}. Is strongSwan charon running?\")\nexcept PermissionError:\n    print(f\"Error: Permission denied when accessing VICI socket at {VICI_SOCKET_PATH}. \"\n          \"Adjust socket permissions or run with appropriate privileges.\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to connect to the strongSwan `charon` daemon via its VICI Unix socket, retrieve its version, and list configured connections. It includes error handling for common connection issues like missing sockets or permission errors. Remember to ensure the strongSwan daemon is running and accessible."},"warnings":[{"fix":"Ensure you iterate through all results or call `generator.close()` explicitly if you break out of a loop prematurely.","message":"Iterators returned by methods like `list_conns()` are Python generators. If not fully consumed (e.g., by iterating through them entirely), they must be explicitly closed using the `.close()` method to release resources.","severity":"gotcha","affected_versions":"All versions"},{"fix":"When constructing VICI messages that require ordered elements, use `collections.OrderedDict` for nested dictionaries instead of standard Python `dict`.","message":"The VICI protocol for strongSwan can, in some message structures, rely on the order of key-value pairs within a dictionary. The `vici` library returns `OrderedDict` instances for these structures; it's recommended to use `OrderedDict` when constructing messages where order is semantically significant to avoid unexpected behavior.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Keep your `vici` Python library version in sync with your strongSwan `charon` daemon's VICI plugin version. If a direct method like `session.get_algorithms()` is missing, use the more generic `session.request('get-algorithms')` method.","message":"Older versions of the `vici` Python client (installed via pip) might encounter compatibility issues or missing direct command wrappers when used with much newer strongSwan `charon` daemon versions or VICI plugin versions. While many issues have been resolved, significant version mismatches can lead to unexpected behavior or missing functionality.","severity":"breaking","affected_versions":"Prior to 5.8.0 (client-daemon mismatch)"},{"fix":"Configure strongSwan's `vici` plugin to create the socket with more permissive group write access and add your user to that group, or (for testing) temporarily adjust socket permissions (e.g., `sudo chmod 777 /var/run/charon.vici`). Running the script as root is another option but generally not recommended for production.","message":"Connecting to the default VICI Unix socket (`/var/run/charon.vici`) often requires elevated privileges or specific file permissions. A `PermissionError` indicates the user running the script lacks the necessary access.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Verify that the strongSwan `charon` service is active and check its configuration for the `vici` plugin to confirm the exact socket path. If it's different, pass the correct path to `socket.connect()` or set the `VICI_SOCKET` environment variable.","cause":"The strongSwan `charon` daemon is either not running, or its VICI Unix socket is located at a different path than the default `/var/run/charon.vici`.","error":"FileNotFoundError: [Errno 2] No such file or directory: '/var/run/charon.vici'"},{"fix":"Adjust the permissions of `/var/run/charon.vici` to allow access for your user or group, or run the script with appropriate privileges (e.g., `sudo`). For a more robust solution, configure strongSwan to create the socket with appropriate group ownership and permissions, and add your user to that group.","cause":"The user executing the Python script lacks the necessary read/write permissions for the VICI Unix domain socket.","error":"PermissionError: [Errno 13] Permission denied: '/var/run/charon.vici'"},{"fix":"Use the generic `session.request(\"command-name\", arguments)` method. For example, instead of `session.get_algorithms()`, use `session.request('get-algorithms')`.","cause":"The Python `vici` client's `Session` object does not have a direct wrapper method for the specific VICI command you are trying to call. This can happen for less common commands or if the client library version is older than the daemon's VICI capabilities.","error":"AttributeError: 'Session' object has no attribute 'get_algorithms'"}]}