[svn-upgrade] new version strongswan (4.4.1)

9 files changed, 43 insertions, 6 deletions

diff --git a/testing/tests/ikev1/xauth-rsa/description.txt b/testing/tests/ikev1/xauth-rsa/description.txt
index 0cdaba1c5..a9b76b618 100644
--- a/testing/tests/ikev1/xauth-rsa/description.txt
+++ b/testing/tests/ikev1/xauth-rsa/description.txt
@@ -1,7 +1,9 @@
 The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
 The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
 followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
-based on user names and passwords.
+based on user names equal to the <b>IKEv1 identity</b> (<b>carol@strongswan.org</b> and
+<b>dave@strongswan.org</b>, respectively) and corresponding user passwords defined and
+stored in ipsec.secrets.
 <p>
 Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
 inserts iptables-based firewall rules that let pass the tunneled traffic.
diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat
index e1dc6b5b0..786043065 100644
--- a/testing/tests/ikev1/xauth-rsa/evaltest.dat
+++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat
@@ -1,5 +1,7 @@
 carol::cat /var/log/auth.log::extended authentication was successful::YES
 dave::cat /var/log/auth.log::extended authentication was successful::YES
+moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
+moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
 moon::cat /var/log/auth.log::extended authentication was successful::YES
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets
index 48fd260c1..4a77c3b97 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets
@@ -2,4 +2,4 @@
 
 : RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
 
-: XAUTH carol "4iChxLT3" 
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..556f76c74
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets
index 14f088501..1c0248b84 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets
@@ -2,4 +2,4 @@
 
 : RSA daveKey.pem
 
-: XAUTH dave "ryftzG4A" 
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..556f76c74
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
index ffbb13ec5..f79a81a6f 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control"
+	plutodebug=control
 	crlcheckinterval=180
 	strictcrlpolicy=no
 	charonstart=no
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets
index 8d41919fc..1ba66971a 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets
@@ -2,6 +2,6 @@
 
 : RSA moonKey.pem
 
-: XAUTH carol "4iChxLT3"
+carol@strongswan.org : XAUTH "4iChxLT3"
 
-: XAUTH dave  "ryftzG4A"
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..556f76c74
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}