Parse and edit your ipsec configuration files (ipsec.conf)
To install ipsecparse, simply:
pip install ipsecparse
# Load the configuration from a string.
from ipsecparse import loads
conf = loads(open('/etc/ipsec.conf').read())
# The configuration is represented as a dictionnary
# (actually a subclass of OrderedDict)
# Each section of the configuration is an OrderedDict.
# Let's modify some settings:
conf['config', 'setup']['nat_traversal'] = 'yes'
conf['conn', 'myconn']['left'] = ''
# Create a connection:
conf['conn', 'mynewconn'] = {
'leftsubnet': '',
'right': ''
# You can also use an OrderedDict if order matters to you:
from collections import OrderedDict
conf['conn', 'mynewconn'] = OrderedDict(
lefsubnet = '',
right = ''
# Delete a connection:
del conf['conn', 'mynewconn']
# Same thing with certification authorities. Create a CA:
conf['ca', 'myca'] = {
'cacert': 'MyCert.pem',
'crluri': '',
'auto': 'add'
# Delete it:
del conf['ca', 'myca']
# Add an include:
conf['include', '/etc/ipsec.d/ipsec.include'] = True
# Delete it:
del conf['include', '/etc/ipsec.d/ipsec.include']
# Display the new configuration as a string:
# with four spaces indents instead of the default tabulations:
print(conf.dumps(indent = ' '))
# Replace the old configuration file:
with open('/etc/ipsec.conf', 'w') as fd:
# Search for connections inside the configuration.
# Pass a callable to the `conn_filter` method.
for name, section in conf.conn_filter(
lambda conn: conn.get('leftsubnet') == ''
section['auto'] = 'start'
# Or use the Key and Keys class
# (just to make queries a bit shorter)
from ipsecparse import Key, Keys
for name, section in conf.conn_filter(
Key('leftsubnet') == ''
section['auto'] = 'start'
for name, section in conf.conn_filter(
Keys('left', 'right').contains('')
del conf['conn', name]
GitHub repo: