[svn-upgrade] new version strongswan (4.4.1)

4 files changed, 21 insertions, 11 deletions

diff --git a/testing/tests/ikev1/ip-pool-db/evaltest.dat b/testing/tests/ikev1/ip-pool-db/evaltest.dat
index 357e01b2d..566bab972 100644
--- a/testing/tests/ikev1/ip-pool-db/evaltest.dat
+++ b/testing/tests/ikev1/ip-pool-db/evaltest.dat
@@ -1,14 +1,11 @@
-carol::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_WINNETOU::YES
-carol::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_VENUS::YES
-carol::cat /var/log/auth.log::received IPv4 NBNS server address PH_IP_VENUS::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
+carol::cat /var/log/auth.log::handling INTERNAL_IP4_NBNS attribute failed::YES
 carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::ipsec status::home.*IPsec SA established::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_WINNETOU::YES
-dave::cat /var/log/auth.log::received IPv4 DNS server address PH_IP_VENUS::YES
-dave::cat /var/log/auth.log::received IPv4 NBNS server address PH_IP_VENUS::YES
 dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
 dave::ip addr list dev eth0::PH_IP_DAVE1::YES
 dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
index d6460a291..c93224ae5 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
index d6460a291..c93224ae5 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/ip-pool-db/pretest.dat b/testing/tests/ikev1/ip-pool-db/pretest.dat
index 332280acd..190672652 100644
--- a/testing/tests/ikev1/ip-pool-db/pretest.dat
+++ b/testing/tests/ikev1/ip-pool-db/pretest.dat
@@ -1,9 +1,10 @@
 moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
 moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
 moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null
-moon::ipsec pool --add dns  --server PH_IP_WINNETOU 2> /dev/null
-moon::ipsec pool --add dns  --server PH_IP_VENUS 2> /dev/null
-moon::ipsec pool --add nbns --server PH_IP_VENUS 2> /dev/null
+moon::ipsec pool --addattr dns  --server PH_IP_WINNETOU 2> /dev/null
+moon::ipsec pool --addattr dns  --server PH_IP_VENUS 2> /dev/null
+moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null
+moon::ipsec pool --statusattr
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null