New upstream version 5.5.1

author: Yves-Alexis Perez <corsac@debian.org> 2016-10-20 16:18:38 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2016-10-20 16:18:38 +0200
commit: 25663e04c3ab01ef8dc9f906608282319cfea2db (patch)
tree: a0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /testing/tests/ikev2/rw-newhope-bliss/hosts
parent: bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
download: vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz
vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip
18 files changed, 108 insertions, 0 deletions
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..6f561ab50
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	strictcrlpolicy=yes
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-sha256-newhope128!
+	esp=aes256-sha256!
+	authby=pubkey
+	fragmentation=yes
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.der
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der
new file mode 100644
index 000000000..fdfd39f13
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/cacerts/strongswan_blissCert.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der
new file mode 100644
index 000000000..8a520c0b4
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/certs/carolCert.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der
new file mode 100644
index 000000000..b2831a8ed
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.d/private/carolKey.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..c2225646d
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: BLISS carolKey.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..1d9f6e235
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+  send_vendor_id = yes
+  fragment_size = 1500
+}
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..caf99ddf0
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	strictcrlpolicy=yes
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-sha256-newhope128!
+	esp=aes256-sha256!
+	authby=pubkey
+	fragmentation=yes
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.der
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der
new file mode 100644
index 000000000..fdfd39f13
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/cacerts/strongswan_blissCert.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der
new file mode 100644
index 000000000..75a114339
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/certs/daveCert.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der
new file mode 100644
index 000000000..0ec528ddf
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.d/private/daveKey.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..fe2643204
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: BLISS daveKey.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..1d9f6e235
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+  send_vendor_id = yes
+  fragment_size = 1500
+}
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..0ec0ac826
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	strictcrlpolicy=yes
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-sha256-newhope128!
+	esp=aes256-sha256!
+	authby=pubkey
+	fragmentation=yes
+
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.der
+	leftauth=bliss-sha512
+	leftid=moon.strongswan.org
+	leftfirewall=yes
+	right=%any
+	rightsourceip=10.3.0.0/28
+	auto=add
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der
new file mode 100644
index 000000000..fdfd39f13
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/cacerts/strongswan_blissCert.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der
new file mode 100644
index 000000000..d0ea364b0
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/certs/moonCert.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der
new file mode 100644
index 000000000..c989f91e5
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.d/private/moonKey.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..b4a9ee68d
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: BLISS moonKey.der
diff --git a/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..1d9f6e235
--- /dev/null
+++ b/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = random nonce aes sha1 sha2 sha3 chapoly newhope mgf1 bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+  send_vendor_id = yes
+  fragment_size = 1500
+}
author	Yves-Alexis Perez <corsac@debian.org>	2016-10-20 16:18:38 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2016-10-20 16:18:38 +0200
commit	25663e04c3ab01ef8dc9f906608282319cfea2db (patch)
tree	a0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /testing/tests/ikev2/rw-newhope-bliss/hosts
parent	bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
download	vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip