diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-01-02 14:18:20 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-01-02 14:18:20 +0100 |
| commit | c1343b3278cdf99533b7902744d15969f9d6fdc1 (patch) | |
| tree | d5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /testing/tests/ikev1/dynamic-two-peers | |
| parent | b34738ed08c2227300d554b139e2495ca5da97d6 (diff) | |
| download | vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip | |
Imported Upstream version 5.0.1
Diffstat (limited to 'testing/tests/ikev1/dynamic-two-peers')
| -rw-r--r-- | testing/tests/ikev1/dynamic-two-peers/evaltest.dat | 14 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf | 13 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf | 9 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf | 13 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf | 9 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf | 12 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf | 9 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-two-peers/posttest.dat | 2 |
8 files changed, 43 insertions, 38 deletions
diff --git a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat index f46a6a20b..1d5ff68ec 100644 --- a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat +++ b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat @@ -1,9 +1,13 @@ -carol::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES +carol::ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::moon.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES -moon::ipsec status::dave.*STATE_QUICK_R2.*IPsec SA established::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf index 0f37e6188..ef0d102c0 100755..100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -14,9 +10,8 @@ conn %default keyexchange=ikev1 conn moon - left=%defaultroute - leftnexthop=%direct - leftsourceip=PH_IP_CAROL1 + left=%any + leftsourceip=%config leftcert=carolCert.pem leftid=carol@strongswan.org leftfirewall=yes @@ -24,7 +19,3 @@ conn moon rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org auto=add - - - - diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..bad10ca43 --- /dev/null +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown +} + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf index ec35eac9a..d63566635 100755..100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -14,9 +10,8 @@ conn %default keyexchange=ikev1 conn moon - left=%defaultroute - leftnexthop=%direct - leftsourceip=PH_IP_DAVE1 + left=%any + leftsourceip=%config leftcert=daveCert.pem leftid=dave@strongswan.org leftfirewall=yes @@ -24,7 +19,3 @@ conn moon rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org auto=add - - - - diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..bad10ca43 --- /dev/null +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown +} + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf index 21848bc1c..07cd49899 100755..100644 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -12,10 +8,8 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - left=%defaultroute - leftnexthop=%direct + left=%any leftsubnet=10.1.0.0/16 - leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem leftid=@moon.strongswan.org leftfirewall=yes @@ -23,11 +17,11 @@ conn %default conn carol right=%carol.strongswan.org rightid=carol@strongswan.org - rightsubnet=PH_IP_CAROL1/32 + rightsourceip=PH_IP_CAROL1 auto=add conn dave right=%dave.strongswan.org rightid=dave@strongswan.org - rightsubnet=PH_IP_DAVE1/32 + rightsourceip=PH_IP_DAVE1 auto=add diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..bad10ca43 --- /dev/null +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown +} + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/dynamic-two-peers/posttest.dat b/testing/tests/ikev1/dynamic-two-peers/posttest.dat index 65292daae..e120b87db 100644 --- a/testing/tests/ikev1/dynamic-two-peers/posttest.dat +++ b/testing/tests/ikev1/dynamic-two-peers/posttest.dat @@ -6,5 +6,3 @@ moon::mv /etc/hosts.ori /etc/hosts moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null -carol::ip addr del PH_IP_CAROL1/32 dev eth0 -dave::ip addr del PH_IP_DAVE1/32 dev eth0 |