[svn-upgrade] Integrating new upstream version, strongswan (4.2.8)

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-10-29 11:11:01 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-10-29 11:11:01 +0000
commit: 8b80ab5a6950ce6515f477624794defd7531642a (patch)
tree: aa8303f3806c5615fbeafc4dc82febe3cd7c24dc /testing/tests/ikev2/any-interface
parent: db67c87db3c9089ea8d2e14f617bf3d9e2af261f (diff)
download: vyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.tar.gz
vyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.zip
13 files changed, 184 insertions, 0 deletions
diff --git a/testing/tests/ikev2/any-interface/description.txt b/testing/tests/ikev2/any-interface/description.txt
new file mode 100644
index 000000000..5ce8bec34
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/description.txt
@@ -0,0 +1,8 @@
+By setting <b>left=%any</b> this scenario tests the ability of the IKEv2 daemon
+to automatically determine its own IP address of an IPsec SA to be established.
+This is achieved by finding a route via the correct network interface to the remote IPsec peer.
+<p>
+The hosts <b>moon</b> and <b>bob</b> act as initiators by setting <b>auto=route</b>
+whereas the hosts <b>alice</b> and <b>sun</b> act as responders by setting <b>auto=add</b>.
+Pings from <b>moon</b> to <b>alice</b> and <b>sun</b> as well as a ping from <b>bob</b>
+to <b>sun</b> set up three compressed IPsec Transport Mode connections.
diff --git a/testing/tests/ikev2/any-interface/evaltest.dat b/testing/tests/ikev2/any-interface/evaltest.dat
new file mode 100644
index 000000000..cd8fa2b60
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/evaltest.dat
@@ -0,0 +1,14 @@
+moon::cat /var/log/daemon.log::creating acquire job for CHILD_SA::YES
+bob::cat /var/log/daemon.log::creating acquire job for CHILD_SA::YES
+moon::ipsec statusall::alice.*INSTALLED, TRANSPORT::YES
+moon::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
+alice::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
+sun::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
+bob::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+bob::tcpdump::IP bob.strongswan.org > sun1.strongswan.org: ESP::YES
+bob::tcpdump::IP sun1.strongswan.org > bob.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..eb7dfe848
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=clear
+	dpddelay=10
+	left=%any
+	leftcert=aliceCert.pem
+
+conn remote
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ef63f7262
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+}
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
new file mode 100755
index 000000000..40d029b3e
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=hold
+	dpddelay=10
+	left=%any
+	leftcert=bobCert.pem
+
+conn sun 
+	right=PH_IP_SUN1
+	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	auto=route
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
new file mode 100644
index 000000000..ef63f7262
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+}
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ab0534331
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,30 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=hold
+	dpddelay=10
+	left=%any
+	leftcert=moonCert.pem
+
+conn alice
+	right=PH_IP_ALICE
+	rightid="C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org"
+	auto=route
+
+conn sun 
+	right=PH_IP_SUN
+	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	auto=route
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ef63f7262
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+}
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..71699b08e
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=clear
+	dpddelay=10
+	left=%any
+	leftcert=sunCert.pem
+
+conn remote
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ef63f7262
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
+}
diff --git a/testing/tests/ikev2/any-interface/posttest.dat b/testing/tests/ikev2/any-interface/posttest.dat
new file mode 100644
index 000000000..8e26c78de
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/posttest.dat
@@ -0,0 +1,6 @@
+alice::ipsec stop
+moon::ipsec stop
+sun::ipsec stop
+bob::ipsec stop
+winnetou::ip route del 10.1.0.0/16 via PH_IP_MOON
+winnetou::ip route del 10.2.0.0/16 via PH_IP_SUN
diff --git a/testing/tests/ikev2/any-interface/pretest.dat b/testing/tests/ikev2/any-interface/pretest.dat
new file mode 100644
index 000000000..b8e91194e
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/pretest.dat
@@ -0,0 +1,12 @@
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+sun::echo 1 > /proc/sys/net/ipv4/ip_forward
+winnetou::ip route add 10.1.0.0/16 via PH_IP_MOON
+winnetou::ip route add 10.2.0.0/16 via PH_IP_SUN
+alice::ipsec start
+moon::ipsec start
+sun::ipsec start
+bob::ipsec start
+moon::sleep 2 
+moon::ping -n -c 3 -s 8184 -p deadbeef PH_IP_ALICE
+moon::ping -n -c 3 -s 8184 -p deadbeef PH_IP_SUN
+bob::ping -n -c 3 -s 8184 -p deadbeef PH_IP_SUN1
diff --git a/testing/tests/ikev2/any-interface/test.conf b/testing/tests/ikev2/any-interface/test.conf
new file mode 100644
index 000000000..25e5cd872
--- /dev/null
+++ b/testing/tests/ikev2/any-interface/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice sun bob"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon sun bob"
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-10-29 11:11:01 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-10-29 11:11:01 +0000
commit	8b80ab5a6950ce6515f477624794defd7531642a (patch)
tree	aa8303f3806c5615fbeafc4dc82febe3cd7c24dc /testing/tests/ikev2/any-interface
parent	db67c87db3c9089ea8d2e14f617bf3d9e2af261f (diff)
download	vyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.tar.gz vyos-strongswan-8b80ab5a6950ce6515f477624794defd7531642a.zip