New upstream version 5.7.2

author: Yves-Alexis Perez <corsac@debian.org> 2019-01-02 10:45:36 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2019-01-02 11:07:05 +0100
commit: 918094fde55fa0dbfd59a5f88d576efb513a88db (patch)
tree: 61e31656c60a6cc928c50cd633568043673e2cbd /testing/tests/ikev2/rw-eap-peap-radius
parent: 69bc96f6b0b388d35e983f8d27224fa49d92918c (diff)
download: vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz
vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip
7 files changed, 127 insertions, 2 deletions
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/mods-available/eap b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/mods-available/eap
new file mode 100644
index 000000000..0ae8befe4
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/mods-available/eap
@@ -0,0 +1,21 @@
+eap {
+  md5 {
+  }
+  default_eap_type = peap
+
+  tls-config tls-common {
+    private_key_file = ${certdir}/aaaKey.pem
+    certificate_file = ${certdir}/aaaCert.pem
+    ca_file = ${cadir}/strongswanCert.pem
+    cipher_list = "DEFAULT"
+    dh_file = ${certdir}/dh
+    random_file = ${certdir}/random
+  }
+
+  peap {
+    tls = tls-common
+    default_eap_type = md5
+    use_tunneled_reply = yes
+    virtual_server = "inner-tunnel"
+  }
+}
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/proxy.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/proxy.conf
new file mode 100644
index 000000000..23cba8d11
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/proxy.conf
@@ -0,0 +1,5 @@
+realm strongswan.org {
+  type     = radius
+  authhost = LOCAL
+  accthost = LOCAL
+}
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/sites-available/default b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/sites-available/default
new file mode 100644
index 000000000..2bbe1d730
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/sites-available/default
@@ -0,0 +1,59 @@
+server default {
+
+listen {
+  type = auth
+  ipaddr = 10.1.0.10
+  port = 0
+}
+
+authorize {
+  preprocess
+  suffix
+  eap {
+    ok = return
+  }
+  files
+  expiration
+  logintime
+}
+
+authenticate {
+  eap
+}
+
+preacct {
+  preprocess
+  acct_unique
+  suffix
+  files
+}
+
+accounting {
+  detail
+  unix
+  radutmp
+  exec
+  attr_filter.accounting_response
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  exec
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+    eap
+    remove_reply_message_if_eap
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
+
+}
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/sites-available/inner-tunnel
new file mode 100644
index 000000000..6ce9d6391
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/sites-available/inner-tunnel
@@ -0,0 +1,38 @@
+server inner-tunnel {
+
+authorize {
+  filter_username
+  suffix
+  eap {
+    ok = return
+  }
+  files
+  expiration
+  logintime
+}
+
+authenticate {
+  eap
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+    update outer.session-state {
+      &Module-Failure-Message := &request:Module-Failure-Message
+    }
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
+
+} # inner-tunnel server block
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/users b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/users
new file mode 100644
index 000000000..50ccf3e76
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/3.0/users
@@ -0,0 +1,2 @@
+carol	Cleartext-Password := "Ar3etTnp"
+dave	Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat b/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat
index 670d2e72f..a6619d02b 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat
@@ -1,7 +1,7 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-alice::killall radiusd
+alice::killall freeradius
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat
index fa2d7eeb9..c98e8ed53 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat
@@ -1,7 +1,7 @@
 moon::iptables-restore < /etc/iptables.rules
 carol::iptables-restore < /etc/iptables.rules
 dave::iptables-restore < /etc/iptables.rules
-alice::radiusd
+alice::freeradius
 moon::ipsec start
 carol::ipsec start
 dave::ipsec start
author	Yves-Alexis Perez <corsac@debian.org>	2019-01-02 10:45:36 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2019-01-02 11:07:05 +0100
commit	918094fde55fa0dbfd59a5f88d576efb513a88db (patch)
tree	61e31656c60a6cc928c50cd633568043673e2cbd /testing/tests/ikev2/rw-eap-peap-radius
parent	69bc96f6b0b388d35e983f8d27224fa49d92918c (diff)
download	vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.tar.gz vyos-strongswan-918094fde55fa0dbfd59a5f88d576efb513a88db.zip