Imported Upstream version 4.6.4

author: Yves-Alexis Perez <corsac@corsac.net> 2012-06-28 21:16:07 +0200
committer: Yves-Alexis Perez <corsac@corsac.net> 2012-06-28 21:16:07 +0200
commit: b34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree: 62f33b52820f2e49f0e53c0f8c636312037c8054 /testing/tests/ikev2
parent: 0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
download: vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz
vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip
282 files changed, 1221 insertions, 1908 deletions
diff --git a/testing/tests/ikev2/compress/evaltest.dat b/testing/tests/ikev2/compress/evaltest.dat
index 279033f2b..22dd94866 100644
--- a/testing/tests/ikev2/compress/evaltest.dat
+++ b/testing/tests/ikev2/compress/evaltest.dat
@@ -1,5 +1,5 @@
-moon::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUPP)::YES
-moon::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUPP)::YES
+moon::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
+moon::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
 carol::ipsec status::home.*INSTALLED::YES
 moon::ipsec status::rw.*INSTALLED::YES
 moon::ip xfrm state::proto comp spi::YES
diff --git a/testing/tests/ikev2/esp-alg-md5-128/description.txt b/testing/tests/ikev2/esp-alg-md5-128/description.txt
new file mode 100644
index 000000000..7a14be2ae
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-md5-128/description.txt
@@ -0,0 +1,3 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>3DES_CBC / HMAC_MD5_128</b> by defining <b>esp=3des-md5_128!</b> in ipsec.conf.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
new file mode 100644
index 000000000..d65d71240
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
@@ -0,0 +1,9 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES
+carol::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES
+moon::ip xfrm state::auth hmac(md5)::YES
+carol::ip xfrm state::auth hmac(md5)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf
index c19192dae..09797799f 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,9 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
@@ -10,14 +11,15 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
+	ike=3des-md5-modp1024!
+	esp=3des-md5_128!
 
 conn home
 	left=PH_IP_CAROL
-	leftid=carol@strongswan.org
-	leftauth=eap
 	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
 	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsendcert=never
 	rightsubnet=10.1.0.0/16
-	auto=add
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..339b56987
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ae83aaf58
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=3des-md5-modp1024!
+	esp=3des-md5_128!
+
+conn rw
+	left=PH_IP_MOON
+	leftfirewall=yes
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..339b56987
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/posttest.dat b/testing/tests/ikev2/esp-alg-md5-128/posttest.dat
index 7cebd7f25..94a400606 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20/posttest.dat
+++ b/testing/tests/ikev2/esp-alg-md5-128/posttest.dat
@@ -1,6 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
-dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-md5-128/pretest.dat b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat
new file mode 100644
index 000000000..3c3df0196
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat
@@ -0,0 +1,7 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/test.conf b/testing/tests/ikev2/esp-alg-md5-128/test.conf
index e28b8259b..9cd583b16 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/test.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice venus moon carol winnetou dave"
+UMLHOSTS="alice moon carol winnetou"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-v-m-c-w-d.png"
+DIAGRAM="a-m-c-w.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,9 +18,4 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/description.txt b/testing/tests/ikev2/esp-alg-sha1-160/description.txt
new file mode 100644
index 000000000..caa1d3f8a
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-sha1-160/description.txt
@@ -0,0 +1,3 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CBC_128 / HMAC_SHA1_160</b> by defining <b>esp=aes128-sha1_160!</b> in ipsec.conf.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
new file mode 100644
index 000000000..b0277271d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
@@ -0,0 +1,9 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES
+carol::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES
+moon::ip xfrm state::auth hmac(sha1)::YES
+carol::ip xfrm state::auth hmac(sha1)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 204::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 204::YES
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
index 9cf2b43c4..3991d517d 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,9 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
@@ -10,15 +11,15 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
+	ike=aes128-sha1-modp1536!
+	esp=aes128-sha1_160!
 
 conn home
 	left=PH_IP_CAROL
-	leftid=carol@strongswan.org
-	leftauth=eap
 	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
 	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
-	rightauth=pubkey
-	aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-	auto=add
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..339b56987
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..893419585
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes128-sha1-modp1536!
+	esp=aes128-sha1_160!
+
+conn rw
+	left=PH_IP_MOON
+	leftfirewall=yes
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..339b56987
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/posttest.dat b/testing/tests/ikev2/esp-alg-sha1-160/posttest.dat
index 7cebd7f25..94a400606 100644
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/posttest.dat
+++ b/testing/tests/ikev2/esp-alg-sha1-160/posttest.dat
@@ -1,6 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
-dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat
new file mode 100644
index 000000000..3c3df0196
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat
@@ -0,0 +1,7 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/test.conf b/testing/tests/ikev2/esp-alg-sha1-160/test.conf
index e28b8259b..9cd583b16 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11/test.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice venus moon carol winnetou dave"
+UMLHOSTS="alice moon carol winnetou"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-v-m-c-w-d.png"
+DIAGRAM="a-m-c-w.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,9 +18,4 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/net2net-esn/description.txt b/testing/tests/ikev2/net2net-esn/description.txt
new file mode 100644
index 000000000..da847b6a4
--- /dev/null
+++ b/testing/tests/ikev2/net2net-esn/description.txt
@@ -0,0 +1,7 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+With <b>esp=aes128-sha1-esn-noesn!</b> gateway <b>moon</b> proposes the use of
+<b>Extended Sequence Numbers</b> but can also live without them. Gateway <b>sun</b>
+defines <b>esp=aes128-sha1-esn!</b> and thus decides on the use of ESN.
+<p/>
+Upon the successful establishment of the CHILD SA with ESN, client <b>alice</b> behind
+gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b> 10 times.
diff --git a/testing/tests/ikev2/net2net-esn/evaltest.dat b/testing/tests/ikev2/net2net-esn/evaltest.dat
new file mode 100644
index 000000000..928783c87
--- /dev/null
+++ b/testing/tests/ikev2/net2net-esn/evaltest.dat
@@ -0,0 +1,14 @@
+sun::cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES
+sun::cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
+sun::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
+moon::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
+moon::ipsec statusall::net-net.*ESTABLISHED::YES
+sun::ipsec statusall::net-net.*ESTABLISHED::YES
+sun::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
+moon::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
+alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+sun::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
index 50514c99f..98f4864d3 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,10 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
 	strictcrlpolicy=no
 	plutostart=no
-	charondebug="tls 2, tnc 3"
+	charondebug="cfg 2, knl 2"
 
 conn %default
 	ikelifetime=60m
@@ -11,26 +12,17 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
+	ike=aes128-sha1-modp1536!
+	esp=aes128-sha1-esn-noesn!
+	mobike=no
 
-conn rw-allow
-	rightgroups=allow
-	leftsubnet=10.1.0.0/28
-	also=rw-eap
-	auto=add
-
-conn rw-isolate
-	rightgroups=isolate
-	leftsubnet=10.1.0.16/28
-	also=rw-eap
-	auto=add
-
-conn rw-eap
+conn net-net 
 	left=PH_IP_MOON
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
-	leftauth=eap-ttls
+	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
-	rightauth=eap-ttls
-	rightid=*@strongswan.org
-	rightsendcert=never
-	right=%any
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..cb17a9e07
--- /dev/null
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
index 998e6c2e5..26fde389e 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -1,24 +1,28 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
 	plutostart=no
-	charondebug="tls 2, tnc 3"
+	charondebug="cfg 2, knl 2"
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
-	keyingtries=1
+        keyingtries=1
 	keyexchange=ikev2
+	ike=aes128-sha1-modp1536!
+	esp=aes128-sha1-esn!
+	mobike=no
 
-conn home
-	left=PH_IP_DAVE
-	leftid=dave@strongswan.org
-	leftauth=eap
+conn net-net 
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
-	rightauth=pubkey
-	aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
 	auto=add
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..cb17a9e07
--- /dev/null
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/net2net-esn/posttest.dat b/testing/tests/ikev2/net2net-esn/posttest.dat
new file mode 100644
index 000000000..a4c96e10f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-esn/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+
diff --git a/testing/tests/ikev2/net2net-esn/pretest.dat b/testing/tests/ikev2/net2net-esn/pretest.dat
new file mode 100644
index 000000000..2d7a78acb
--- /dev/null
+++ b/testing/tests/ikev2/net2net-esn/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1 
+moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-esn/test.conf b/testing/tests/ikev2/net2net-esn/test.conf
new file mode 100644
index 000000000..d9a61590f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-esn/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev2/net2net-pubkey/description.txt b/testing/tests/ikev2/net2net-pubkey/description.txt
new file mode 100644
index 000000000..1cb90f13f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/description.txt
@@ -0,0 +1,7 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>raw RSA keys</b> loaded in PKCS#1 format.
+<p/>
+Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/net2net-pubkey/evaltest.dat b/testing/tests/ikev2/net2net-pubkey/evaltest.dat
new file mode 100644
index 000000000..0ccfb7efd
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status::INSTALLED, TUNNEL::YES
+sun::ipsec status::INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..945cf3a40
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	
+conn net-net
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftrsasigkey=moonPub.der
+	leftauth=pubkey
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightsubnet=10.2.0.0/16
+	rightid=@sun.strongswan.org
+	rightrsasigkey=sunPub.der
+	rightauth=pubkey
+	auto=add
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.der
new file mode 100644
index 000000000..55bd362a5
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/moonPub.der
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.der
new file mode 100644
index 000000000..8d0c644f1
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/certs/sunPub.der
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/private/moonKey.der b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/private/moonKey.der
new file mode 100644
index 000000000..49e0111f2
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.d/private/moonKey.der
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.secrets
index e86d6aa5c..b9ec17dbc 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA moonKey.pem
+: RSA moonKey.der
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..0581bae5c
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
index 7d5ea8b83..5c07de8a2 100755
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
@@ -2,7 +2,6 @@
 
 config setup
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
@@ -10,14 +9,15 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev2
-
-conn home
-	left=PH_IP_DAVE
-	leftid=dave@strongswan.org
-	leftauth=eap
+	
+conn net-net
+	left=PH_IP_SUN
+	leftsubnet=10.2.0.0/16
+	leftid=@sun.strongswan.org
+	leftrsasigkey=sunPub.der
 	leftfirewall=yes
 	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsendcert=never
 	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	rightrsasigkey=moonPub.der
 	auto=add
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.der
new file mode 100644
index 000000000..55bd362a5
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/moonPub.der
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.der b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.der
new file mode 100644
index 000000000..8d0c644f1
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/certs/sunPub.der
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/private/sunKey.der b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/private/sunKey.der
new file mode 100644
index 000000000..7c284f939
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.d/private/sunKey.der
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.secrets
index 5496df7ad..6aa9ed562 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-dave@strongswan.org : EAP "W7R0g3do"
+: RSA sunKey.der
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..0581bae5c
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+}
diff --git a/testing/tests/ikev2/net2net-pubkey/posttest.dat b/testing/tests/ikev2/net2net-pubkey/posttest.dat
new file mode 100644
index 000000000..65b18b7ca
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::rm /etc/ipsec.d/private/moonKey.der
+sun::rm /etc/ipsec.d/private/sunKey.der
+moon::rm /etc/ipsec.d/certs/*.der
+sun::rm /etc/ipsec.d/certs/*.der
diff --git a/testing/tests/ikev2/net2net-pubkey/pretest.dat b/testing/tests/ikev2/net2net-pubkey/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-pubkey/test.conf b/testing/tests/ikev2/net2net-pubkey/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev2/net2net-pubkey/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev2/net2net-rsa/description.txt b/testing/tests/ikev2/net2net-rsa/description.txt
new file mode 100644
index 000000000..a9310d475
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/description.txt
@@ -0,0 +1,7 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>raw RSA keys</b> in Base64-encoded RFC 3110 DNSKEY format.
+<p/>
+Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/net2net-rsa/evaltest.dat b/testing/tests/ikev2/net2net-rsa/evaltest.dat
new file mode 100644
index 000000000..0ccfb7efd
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status::INSTALLED, TUNNEL::YES
+sun::ipsec status::INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..61b9b710a
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	
+conn net-net
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftrsasigkey=0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj
+	leftauth=pubkey
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightsubnet=10.2.0.0/16
+	rightid=@sun.strongswan.org
+	rightrsasigkey=0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT
+	rightauth=pubkey
+	auto=add
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.d/private/moonKey.der b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.d/private/moonKey.der
new file mode 100644
index 000000000..49e0111f2
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.d/private/moonKey.der
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.secrets
index 5496df7ad..b9ec17dbc 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-dave@strongswan.org : EAP "W7R0g3do"
+: RSA moonKey.der
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3bc16ccda
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+}
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..24e20dc25
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	
+conn net-net
+	left=PH_IP_SUN
+	leftsubnet=10.2.0.0/16
+	leftid=@sun.strongswan.org
+	leftrsasigkey=0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	rightrsasigkey=0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj
+	auto=add
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.d/private/sunKey.der b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.d/private/sunKey.der
new file mode 100644
index 000000000..7c284f939
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.d/private/sunKey.der
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.secrets
index 5496df7ad..6aa9ed562 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-dave@strongswan.org : EAP "W7R0g3do"
+: RSA sunKey.der
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..3bc16ccda
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+}
diff --git a/testing/tests/ikev2/net2net-rsa/posttest.dat b/testing/tests/ikev2/net2net-rsa/posttest.dat
new file mode 100644
index 000000000..a199946aa
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::rm /etc/ipsec.d/private/moonKey.der
+sun::rm /etc/ipsec.d/private/sunKey.der
diff --git a/testing/tests/ikev2/net2net-rsa/pretest.dat b/testing/tests/ikev2/net2net-rsa/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev2/net2net-rsa/test.conf b/testing/tests/ikev2/net2net-rsa/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
index 77d3d45e5..a0a045ce8 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
@@ -1,7 +1,7 @@
 moon::cat /var/log/daemon.log::requesting ocsp status from::YES
 moon::cat /var/log/daemon.log::ocsp response verification failed::YES
 moon::cat /var/log/daemon.log::certificate status is not available::YES
-moon::cat /var/log/daemon.log::constraint check failed: RULE_OCSP_VALIDATION is FAILED, but requires at least GOOD::YES
+moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
index aeca7e1db..a1c57b0f0 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
@@ -1,26 +1,95 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 39 (0x27)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA
+        Validity
+            Not Before: Mar 15 06:42:00 2012 GMT
+            Not After : Mar 14 06:42:00 2017 GMT
+        Subject: C=CH, O=Linux strongSwan, OU=OCSP, CN=carol@strongswan.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b0:33:dd:ed:c0:d6:9d:01:de:eb:08:c4:f9:6a:
+                    e9:46:10:f6:a4:cd:7d:aa:79:4b:c2:33:1f:61:40:
+                    40:de:06:9f:b8:2a:b0:84:cd:a7:79:c8:ee:a7:24:
+                    69:08:04:89:f8:7b:62:7e:03:9e:0a:d9:df:ff:7c:
+                    20:3c:a7:b1:86:7f:cc:e6:ad:0c:7e:6f:c4:9b:31:
+                    55:57:92:df:7b:94:86:f1:27:3a:0e:fa:0b:92:58:
+                    ad:64:8a:40:46:5d:87:ca:11:20:03:ad:86:68:a5:
+                    0c:8a:19:ce:36:d0:55:bf:1f:00:47:c9:1a:af:c5:
+                    ad:14:3c:d7:0c:9e:28:d9:61:1b:a2:a8:b7:f1:56:
+                    a7:d9:3b:fa:09:08:2c:9b:75:e3:30:64:5e:93:80:
+                    48:94:35:0d:97:ca:ac:57:66:02:86:b6:1b:6b:f1:
+                    4a:86:30:74:48:38:46:1a:7d:07:61:30:15:33:b0:
+                    9d:50:fc:4d:8c:16:1e:30:13:9f:07:04:7a:3b:92:
+                    54:33:c7:3a:0b:67:e2:ba:46:b0:b3:0d:79:7f:e4:
+                    ed:81:bd:34:cb:e5:30:f3:af:d4:dd:52:3e:f5:13:
+                    0e:c0:79:f8:43:c7:f5:b9:b0:12:6a:46:38:db:61:
+                    44:c8:4a:68:7b:77:34:68:63:ef:88:16:be:ae:89:
+                    ff:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Subject Key Identifier: 
+                C5:E8:58:D7:63:B0:B8:D4:2E:22:04:E1:CB:35:34:95:DA:74:F0:E6
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF
+                DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA
+                serial:00
+
+            X509v3 Subject Alternative Name: 
+                email:carol@strongswan.org
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.strongswan.org:8880
+
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.strongswan.org/strongswan.crl
+
+    Signature Algorithm: sha256WithRSAEncryption
+        b6:2d:d8:bb:40:e9:cf:a9:33:31:6c:91:c7:40:79:8c:5f:89:
+        8e:26:d8:ef:91:67:da:71:75:f9:27:84:21:c3:6c:d1:a5:fb:
+        50:de:b2:02:ad:3c:a4:6b:40:58:30:41:c7:bd:31:ca:df:77:
+        00:c9:ac:5b:10:e3:66:71:6c:be:4a:49:7e:58:92:de:f4:16:
+        51:12:00:2c:33:e2:2c:b5:e5:d4:6e:36:a2:50:ba:86:e3:c6:
+        bb:50:a2:e5:11:69:c4:86:91:fc:4d:65:7e:09:49:bd:d2:ae:
+        cd:70:f8:98:5d:a8:b6:cf:38:c3:19:49:fd:8b:72:3b:1a:cc:
+        fc:19:c9:c1:36:b2:39:ba:ed:9a:cd:db:2d:27:15:b0:ba:8a:
+        64:4a:5c:8f:ff:db:78:7d:cd:78:c3:c6:13:ba:93:7b:b7:57:
+        da:a3:f2:16:9f:f7:24:95:57:df:f4:4f:c5:9f:d6:12:b1:69:
+        39:a7:5a:88:9c:74:be:f7:b0:f3:b4:89:82:46:57:de:7d:a1:
+        42:a2:c2:de:1c:37:19:66:60:2a:df:ed:25:e3:72:d3:f9:9b:
+        84:05:b6:97:6a:63:63:5c:30:5d:01:7a:15:c4:6e:2c:a0:21:
+        d2:31:30:98:60:94:26:44:9a:08:b4:85:8d:52:00:98:ef:cb:
+        07:4f:b7:8e
 -----BEGIN CERTIFICATE-----
-MIIEWzCCA0OgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEWzCCA0OgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA3MDIyNTA3NTg1N1oXDTEyMDIyNDA3NTg1N1owVjELMAkGA1UE
+b290IENBMB4XDTEyMDMxNTA2NDIwMFoXDTE3MDMxNDA2NDIwMFowVjELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax
 HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAyO4WxrPomcQSspX+ZnPit3t+tzYE/wi1E8rH3h5aO3e5
-vVZX3YxNvBqge2RPB3oQHrWwWT8vKmqzZNjJUx4bRIqd1JdTRI7L0f6XJHjnrRv8
-G7M2uHe+JbHQKPRT7IefJ4PZ1FEA8SCwKfWs5vk1/w/cabM6DVzzjtWTV9DXKD6J
-5rRlvXtJDbhAvI2w8pCC1Gt6H8qjVSb7ItJ+SD3BlW3tq3nBsYFJRL24TyQg+Kdt
-kkCRQYirog29q+J59SErjolse59dte+MhNTv+SnVFgpQE9IGEo6yaKMAWLSTv0If
-pPr/QaEV9rcsYFmR3RtHc+QaaP0hvDAPMaKdhQMIUwIDAQABo4IBQzCCAT8wCQYD
-VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDRTWKccFIi95BslK3U92mIQ
-2rWGMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD
+AAOCAQ8AMIIBCgKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gaf
+uCqwhM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG
+8Sc6DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEb
+oqi38Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAV
+M7CdUPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMO
+wHn4Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABo4IBQzCCAT8wCQYD
+VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFMXoWNdjsLjULiIE4cs1NJXa
+dPDmMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD
 VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry
 b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u
 b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry
 b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0
-cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAc
-1bBYLYcc+js3UsHVk7W17Nr/qoNFzQZJ5Er3RjhNAgzAX1wOTrNgKXztwZde1Alj
-o05ZLXUFkB4coQwl7xo7I3EMJPUmSdHoyYyG7c7AgfcL/wwnzz4rWQl74WIZjySc
-ON0Ny9vrzbVboktYof/9Yp/+HgeKopfsaIiuNCAwmAWxiYqvDmlxxn16oOXeJFV8
-pFzZMirQ5l7QRD9iuabOdcnBp8ASH+5AbD4KjFQjo5RBVg92LwOkJo3Pf1twI57s
-pObrcM4JbHVohDornYQYfr9ymkMxJbqqkEgD8oIip0NFSbziam4ZkwgUlRIMUMU1
-/xsH+BXYZtKJbYjlnyc8
+cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC2
+Ldi7QOnPqTMxbJHHQHmMX4mOJtjvkWfacXX5J4Qhw2zRpftQ3rICrTyka0BYMEHH
+vTHK33cAyaxbEONmcWy+Skl+WJLe9BZREgAsM+IsteXUbjaiULqG48a7UKLlEWnE
+hpH8TWV+CUm90q7NcPiYXai2zzjDGUn9i3I7Gsz8GcnBNrI5uu2azdstJxWwuopk
+SlyP/9t4fc14w8YTupN7t1fao/IWn/cklVff9E/Fn9YSsWk5p1qInHS+97DztImC
+RlfefaFCosLeHDcZZmAq3+0l43LT+ZuEBbaXamNjXDBdAXoVxG4soCHSMTCYYJQm
+RJoItIWNUgCY78sHT7eO
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
index 603f071d0..d6a762b1b 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAyO4WxrPomcQSspX+ZnPit3t+tzYE/wi1E8rH3h5aO3e5vVZX
-3YxNvBqge2RPB3oQHrWwWT8vKmqzZNjJUx4bRIqd1JdTRI7L0f6XJHjnrRv8G7M2
-uHe+JbHQKPRT7IefJ4PZ1FEA8SCwKfWs5vk1/w/cabM6DVzzjtWTV9DXKD6J5rRl
-vXtJDbhAvI2w8pCC1Gt6H8qjVSb7ItJ+SD3BlW3tq3nBsYFJRL24TyQg+KdtkkCR
-QYirog29q+J59SErjolse59dte+MhNTv+SnVFgpQE9IGEo6yaKMAWLSTv0IfpPr/
-QaEV9rcsYFmR3RtHc+QaaP0hvDAPMaKdhQMIUwIDAQABAoIBAFTGd5+gmpv96TGm
-LW8Gp/poRX+BcDw2bUgLf6aMwd9jVV+4RVw5bTbXOSy2ls19x71dRSlyijDoUgZT
-nSXPhwu1PIBM1JoRcZeJRjXiOUWFkCoTxBuykeyPiFcvNxWN5y2h6M822iHie9FI
-UYomTYzvIT0LnIu00yJJpGAhwhW9BcL+Mo9lfWmhv4I1hXC9RTqZZ4rjPojDeFvL
-maZNCk3kX2pxIJ1kG41/PJjg3JD2uEVrvV7SRuOknM+7f3SDtY60/Wnqx8dfBtjJ
-hEdIxG+XXEOafdqwEPmmM++6V76uD8Rs1eFrrI4rfK6/H2PjppJCYtQeryug0q+0
-UN2u00kCgYEA5qJOcDSzb7CQAi58yYicYc3ShEbaL75V7G5rlnFg4/G1axU19hXQ
-wEPDf87So9hnVroCMewjyDiNgI/OyYK2cv1TABUGAEFAHPzj99jtBT0/R0kX+Jd2
-kPwCU4/T2cHrezwNobrJf010JAvwc52b+U3lWtHxBWeq5KALUVT+BhcCgYEA3wdx
-OwVxTf+OBOBcxPPGUcfsKbf9uVTcXFLNRSBbjzRIOR/bIVgUQaBXem2fJJTm1mWN
-Yl/U14G5orv9693GKgE5IDAMMrDF7mOsX808o3pcXM04MTAyGmQEDDEO8tgmWzWo
-nrYzxe9uBR1tej9IsiEPlD9ZLtWix9C2uV7EcSUCgYBKOrDuMjgSWYxv91BYeOyE
-Gf+IbVlqBmOXPg7Ik+MwWioetevxMSJHz0eLyiBHda4E3sc4FB2MIo+AckiG2Ngp
-+FiPbTTKPjYJXmds7NeUWRsVsXPSocUactG43VC9BEnrFu/4Pqr9mwsnUuRoAbEi
-syx/Z5SgPbZl8RDTc3xyrwKBgBFpB1HQLvQjyvZefV9ymDyyGqF3F3tsQHeEjzmi
-OQOI1UqATh7gPVSSK8IG5LF6XjrGWq8fRAI+wjsN6diLy3hj+A2nMoySeCEP7tjb
-sKwiVSt5abWNSZv9ysMY4U3bycK9AZjCKHB/LFuB3JX6crZVFl5AQ7oAO2DVzi3S
-VAtxAoGALzFZH7o1ZvVJGa23dW7p96G5vgop6Ulp2DLz4Qg6NYIeatZhwX3lls2J
-P7ZxmHiECC7zR67xwv5QKjKfg6t/sOKU/bsyp6c3hOWQjcFbWU3AwlO1TeVX9TMG
-SmPYcKM+KQ969qKD3aP9MQ+t4FERvlQcBAr0Qun3quN2i3eDkDo=
+MIIEogIBAAKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gafuCqw
+hM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG8Sc6
+DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEboqi3
+8Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAVM7Cd
+UPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMOwHn4
+Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABAoIBAEEGwy5M7mb/G79t
+exP5CqHa/MsRMwFIxlai+z+usMG/fA5BYud/5gCh0MFKRKC63BghoNWUjCzA/1OQ
+AW2hDXjvjTTMREIdCVekuzQYdfVreOliaqDAUqjtpP/nrZTKS6Sc8U2qKmJQFvKY
+V2wPMrXXwQi9BOY9c4R2d36ml7iw6veYhPj0XHy3spJc3V6k7YmbApOQgWDqRwid
+GGnnvDpdD0gAGAOxadCCpV+N9NK+AMSk03Qpcc2ki4THEn2e8Rs1/dH1k5nics/E
+cG9VT9pZtvGXjEX7Wo06v0lXsTRWGWLKhHvzfhIb6uWnC/YUR+7Cv8JYRz+RZn98
+bv5lXokCgYEA1iRf3gH8qwvxQjLtaNKRyr8Bheo3tsOLh2tYriWaUTXqeKAd46zI
+KcWAKtYWJQenVyFvnsMwKNFvFq/HgJGhKTOvZRwsrTb2wXgxcAleOBO+Ts4Vhb9J
+xil8/WcWCKU+GPf8hQOkwVnhv4CxLscCXT2g9zxTpP/JCKmHaucQog8CgYEA0qUC
+NBRMh55bjiHaqsSRvr45iwxzNzd8KK5A/xKyScEl+A4HWdqDpZ+8w9YC4GUQClvH
+cHn5NpWfq9hrNAXPjBzVGXk+JqFcJM/yPImH+Vg8MupJprwVSHJ1mqQ/MPSpxxhy
+iNaWeJX6bhPAgQSOAYbH22uNOGePmMQ8kk3v/OcCgYA7ZzPA3kQ9Hr76Yi5Bmcgf
+ugSuJV73MB+QnVKoXH4GcTJt69zev5t3GvaG64SRGSJupTPVksfVSuPKI1DwdXWD
+fHb3UW2DT2/8E1+DeNXOMIvmSHzn8TyB4BhwIxyVoWEsg/5k17HogQqCmSyNkV8y
+hloUu4NojhwybvTFzvtqOQKBgDL0IVVRt7Vyk/kMrWVziUHXp/m/uDsaG9mHVUee
+USxQIYwgcJzGo+OzgSjqIuX+7GNlEhheGO+gP/CEuGHsKeldrBquXl9f1vc8qf8E
+0bR6KI20aL6BbrCIp3QR2QtRk6QKgOIi7mEa/moUMxPCc0thPAUSviVvv6eXiINn
+gO7vAoGAcvwVy9gDcGTL+4mMjZ07jc/TmQPmOpqosXuDTQZITuovpzY0Nf9KPNJs
+0dTuCaO+N5ZjttxIm6L9h/Ah0BN2Ir+JbplJ5uScWldz0MFJXm1wz7KJCRZQpVIO
+6SJCLSmh4nZ0TIL8V0ABhaFVQK0qq2z/ASljIF6iC68DBEDfuzY=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
index 6a253d830..2e0f059c6 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
@@ -1,7 +1,7 @@
 moon::cat /var/log/daemon.log::authentication of.*carol.*successful::YES
 moon::cat /var/log/daemon.log::libcurl http request failed::YES
 moon::cat /var/log/daemon.log::certificate status is not available::YES
-moon::cat /var/log/daemon.log::constraint check failed: RULE_OCSP_VALIDATION is FAILED, but requires at least SKIPPED::YES
+moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES
 moon::ipsec status::ESTABLISHED.*carol::YES
 moon::ipsec status::ESTABLISHED.*dave::NO
 carol::ipsec status::ESTABLISHED::YES
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
index aeca7e1db..a1c57b0f0 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem
@@ -1,26 +1,95 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 39 (0x27)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA
+        Validity
+            Not Before: Mar 15 06:42:00 2012 GMT
+            Not After : Mar 14 06:42:00 2017 GMT
+        Subject: C=CH, O=Linux strongSwan, OU=OCSP, CN=carol@strongswan.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b0:33:dd:ed:c0:d6:9d:01:de:eb:08:c4:f9:6a:
+                    e9:46:10:f6:a4:cd:7d:aa:79:4b:c2:33:1f:61:40:
+                    40:de:06:9f:b8:2a:b0:84:cd:a7:79:c8:ee:a7:24:
+                    69:08:04:89:f8:7b:62:7e:03:9e:0a:d9:df:ff:7c:
+                    20:3c:a7:b1:86:7f:cc:e6:ad:0c:7e:6f:c4:9b:31:
+                    55:57:92:df:7b:94:86:f1:27:3a:0e:fa:0b:92:58:
+                    ad:64:8a:40:46:5d:87:ca:11:20:03:ad:86:68:a5:
+                    0c:8a:19:ce:36:d0:55:bf:1f:00:47:c9:1a:af:c5:
+                    ad:14:3c:d7:0c:9e:28:d9:61:1b:a2:a8:b7:f1:56:
+                    a7:d9:3b:fa:09:08:2c:9b:75:e3:30:64:5e:93:80:
+                    48:94:35:0d:97:ca:ac:57:66:02:86:b6:1b:6b:f1:
+                    4a:86:30:74:48:38:46:1a:7d:07:61:30:15:33:b0:
+                    9d:50:fc:4d:8c:16:1e:30:13:9f:07:04:7a:3b:92:
+                    54:33:c7:3a:0b:67:e2:ba:46:b0:b3:0d:79:7f:e4:
+                    ed:81:bd:34:cb:e5:30:f3:af:d4:dd:52:3e:f5:13:
+                    0e:c0:79:f8:43:c7:f5:b9:b0:12:6a:46:38:db:61:
+                    44:c8:4a:68:7b:77:34:68:63:ef:88:16:be:ae:89:
+                    ff:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment, Key Agreement
+            X509v3 Subject Key Identifier: 
+                C5:E8:58:D7:63:B0:B8:D4:2E:22:04:E1:CB:35:34:95:DA:74:F0:E6
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF
+                DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA
+                serial:00
+
+            X509v3 Subject Alternative Name: 
+                email:carol@strongswan.org
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.strongswan.org:8880
+
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.strongswan.org/strongswan.crl
+
+    Signature Algorithm: sha256WithRSAEncryption
+        b6:2d:d8:bb:40:e9:cf:a9:33:31:6c:91:c7:40:79:8c:5f:89:
+        8e:26:d8:ef:91:67:da:71:75:f9:27:84:21:c3:6c:d1:a5:fb:
+        50:de:b2:02:ad:3c:a4:6b:40:58:30:41:c7:bd:31:ca:df:77:
+        00:c9:ac:5b:10:e3:66:71:6c:be:4a:49:7e:58:92:de:f4:16:
+        51:12:00:2c:33:e2:2c:b5:e5:d4:6e:36:a2:50:ba:86:e3:c6:
+        bb:50:a2:e5:11:69:c4:86:91:fc:4d:65:7e:09:49:bd:d2:ae:
+        cd:70:f8:98:5d:a8:b6:cf:38:c3:19:49:fd:8b:72:3b:1a:cc:
+        fc:19:c9:c1:36:b2:39:ba:ed:9a:cd:db:2d:27:15:b0:ba:8a:
+        64:4a:5c:8f:ff:db:78:7d:cd:78:c3:c6:13:ba:93:7b:b7:57:
+        da:a3:f2:16:9f:f7:24:95:57:df:f4:4f:c5:9f:d6:12:b1:69:
+        39:a7:5a:88:9c:74:be:f7:b0:f3:b4:89:82:46:57:de:7d:a1:
+        42:a2:c2:de:1c:37:19:66:60:2a:df:ed:25:e3:72:d3:f9:9b:
+        84:05:b6:97:6a:63:63:5c:30:5d:01:7a:15:c4:6e:2c:a0:21:
+        d2:31:30:98:60:94:26:44:9a:08:b4:85:8d:52:00:98:ef:cb:
+        07:4f:b7:8e
 -----BEGIN CERTIFICATE-----
-MIIEWzCCA0OgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEWzCCA0OgAwIBAgIBJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA3MDIyNTA3NTg1N1oXDTEyMDIyNDA3NTg1N1owVjELMAkGA1UE
+b290IENBMB4XDTEyMDMxNTA2NDIwMFoXDTE3MDMxNDA2NDIwMFowVjELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDTALBgNVBAsTBE9DU1Ax
 HTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAyO4WxrPomcQSspX+ZnPit3t+tzYE/wi1E8rH3h5aO3e5
-vVZX3YxNvBqge2RPB3oQHrWwWT8vKmqzZNjJUx4bRIqd1JdTRI7L0f6XJHjnrRv8
-G7M2uHe+JbHQKPRT7IefJ4PZ1FEA8SCwKfWs5vk1/w/cabM6DVzzjtWTV9DXKD6J
-5rRlvXtJDbhAvI2w8pCC1Gt6H8qjVSb7ItJ+SD3BlW3tq3nBsYFJRL24TyQg+Kdt
-kkCRQYirog29q+J59SErjolse59dte+MhNTv+SnVFgpQE9IGEo6yaKMAWLSTv0If
-pPr/QaEV9rcsYFmR3RtHc+QaaP0hvDAPMaKdhQMIUwIDAQABo4IBQzCCAT8wCQYD
-VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDRTWKccFIi95BslK3U92mIQ
-2rWGMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD
+AAOCAQ8AMIIBCgKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gaf
+uCqwhM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG
+8Sc6DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEb
+oqi38Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAV
+M7CdUPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMO
+wHn4Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABo4IBQzCCAT8wCQYD
+VR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFMXoWNdjsLjULiIE4cs1NJXa
+dPDmMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYD
 VQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ry
 b25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4u
 b3JnMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3Auc3Ry
 b25nc3dhbi5vcmc6ODg4MDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0
-cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAc
-1bBYLYcc+js3UsHVk7W17Nr/qoNFzQZJ5Er3RjhNAgzAX1wOTrNgKXztwZde1Alj
-o05ZLXUFkB4coQwl7xo7I3EMJPUmSdHoyYyG7c7AgfcL/wwnzz4rWQl74WIZjySc
-ON0Ny9vrzbVboktYof/9Yp/+HgeKopfsaIiuNCAwmAWxiYqvDmlxxn16oOXeJFV8
-pFzZMirQ5l7QRD9iuabOdcnBp8ASH+5AbD4KjFQjo5RBVg92LwOkJo3Pf1twI57s
-pObrcM4JbHVohDornYQYfr9ymkMxJbqqkEgD8oIip0NFSbziam4ZkwgUlRIMUMU1
-/xsH+BXYZtKJbYjlnyc8
+cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC2
+Ldi7QOnPqTMxbJHHQHmMX4mOJtjvkWfacXX5J4Qhw2zRpftQ3rICrTyka0BYMEHH
+vTHK33cAyaxbEONmcWy+Skl+WJLe9BZREgAsM+IsteXUbjaiULqG48a7UKLlEWnE
+hpH8TWV+CUm90q7NcPiYXai2zzjDGUn9i3I7Gsz8GcnBNrI5uu2azdstJxWwuopk
+SlyP/9t4fc14w8YTupN7t1fao/IWn/cklVff9E/Fn9YSsWk5p1qInHS+97DztImC
+RlfefaFCosLeHDcZZmAq3+0l43LT+ZuEBbaXamNjXDBdAXoVxG4soCHSMTCYYJQm
+RJoItIWNUgCY78sHT7eO
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
index 603f071d0..d6a762b1b 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAyO4WxrPomcQSspX+ZnPit3t+tzYE/wi1E8rH3h5aO3e5vVZX
-3YxNvBqge2RPB3oQHrWwWT8vKmqzZNjJUx4bRIqd1JdTRI7L0f6XJHjnrRv8G7M2
-uHe+JbHQKPRT7IefJ4PZ1FEA8SCwKfWs5vk1/w/cabM6DVzzjtWTV9DXKD6J5rRl
-vXtJDbhAvI2w8pCC1Gt6H8qjVSb7ItJ+SD3BlW3tq3nBsYFJRL24TyQg+KdtkkCR
-QYirog29q+J59SErjolse59dte+MhNTv+SnVFgpQE9IGEo6yaKMAWLSTv0IfpPr/
-QaEV9rcsYFmR3RtHc+QaaP0hvDAPMaKdhQMIUwIDAQABAoIBAFTGd5+gmpv96TGm
-LW8Gp/poRX+BcDw2bUgLf6aMwd9jVV+4RVw5bTbXOSy2ls19x71dRSlyijDoUgZT
-nSXPhwu1PIBM1JoRcZeJRjXiOUWFkCoTxBuykeyPiFcvNxWN5y2h6M822iHie9FI
-UYomTYzvIT0LnIu00yJJpGAhwhW9BcL+Mo9lfWmhv4I1hXC9RTqZZ4rjPojDeFvL
-maZNCk3kX2pxIJ1kG41/PJjg3JD2uEVrvV7SRuOknM+7f3SDtY60/Wnqx8dfBtjJ
-hEdIxG+XXEOafdqwEPmmM++6V76uD8Rs1eFrrI4rfK6/H2PjppJCYtQeryug0q+0
-UN2u00kCgYEA5qJOcDSzb7CQAi58yYicYc3ShEbaL75V7G5rlnFg4/G1axU19hXQ
-wEPDf87So9hnVroCMewjyDiNgI/OyYK2cv1TABUGAEFAHPzj99jtBT0/R0kX+Jd2
-kPwCU4/T2cHrezwNobrJf010JAvwc52b+U3lWtHxBWeq5KALUVT+BhcCgYEA3wdx
-OwVxTf+OBOBcxPPGUcfsKbf9uVTcXFLNRSBbjzRIOR/bIVgUQaBXem2fJJTm1mWN
-Yl/U14G5orv9693GKgE5IDAMMrDF7mOsX808o3pcXM04MTAyGmQEDDEO8tgmWzWo
-nrYzxe9uBR1tej9IsiEPlD9ZLtWix9C2uV7EcSUCgYBKOrDuMjgSWYxv91BYeOyE
-Gf+IbVlqBmOXPg7Ik+MwWioetevxMSJHz0eLyiBHda4E3sc4FB2MIo+AckiG2Ngp
-+FiPbTTKPjYJXmds7NeUWRsVsXPSocUactG43VC9BEnrFu/4Pqr9mwsnUuRoAbEi
-syx/Z5SgPbZl8RDTc3xyrwKBgBFpB1HQLvQjyvZefV9ymDyyGqF3F3tsQHeEjzmi
-OQOI1UqATh7gPVSSK8IG5LF6XjrGWq8fRAI+wjsN6diLy3hj+A2nMoySeCEP7tjb
-sKwiVSt5abWNSZv9ysMY4U3bycK9AZjCKHB/LFuB3JX6crZVFl5AQ7oAO2DVzi3S
-VAtxAoGALzFZH7o1ZvVJGa23dW7p96G5vgop6Ulp2DLz4Qg6NYIeatZhwX3lls2J
-P7ZxmHiECC7zR67xwv5QKjKfg6t/sOKU/bsyp6c3hOWQjcFbWU3AwlO1TeVX9TMG
-SmPYcKM+KQ969qKD3aP9MQ+t4FERvlQcBAr0Qun3quN2i3eDkDo=
+MIIEogIBAAKCAQEAsDPd7cDWnQHe6wjE+WrpRhD2pM19qnlLwjMfYUBA3gafuCqw
+hM2necjupyRpCASJ+HtifgOeCtnf/3wgPKexhn/M5q0Mfm/EmzFVV5Lfe5SG8Sc6
+DvoLklitZIpARl2HyhEgA62GaKUMihnONtBVvx8AR8kar8WtFDzXDJ4o2WEboqi3
+8Van2Tv6CQgsm3XjMGRek4BIlDUNl8qsV2YChrYba/FKhjB0SDhGGn0HYTAVM7Cd
+UPxNjBYeMBOfBwR6O5JUM8c6C2fiukawsw15f+Ttgb00y+Uw86/U3VI+9RMOwHn4
+Q8f1ubASakY422FEyEpoe3c0aGPviBa+ron/iQIDAQABAoIBAEEGwy5M7mb/G79t
+exP5CqHa/MsRMwFIxlai+z+usMG/fA5BYud/5gCh0MFKRKC63BghoNWUjCzA/1OQ
+AW2hDXjvjTTMREIdCVekuzQYdfVreOliaqDAUqjtpP/nrZTKS6Sc8U2qKmJQFvKY
+V2wPMrXXwQi9BOY9c4R2d36ml7iw6veYhPj0XHy3spJc3V6k7YmbApOQgWDqRwid
+GGnnvDpdD0gAGAOxadCCpV+N9NK+AMSk03Qpcc2ki4THEn2e8Rs1/dH1k5nics/E
+cG9VT9pZtvGXjEX7Wo06v0lXsTRWGWLKhHvzfhIb6uWnC/YUR+7Cv8JYRz+RZn98
+bv5lXokCgYEA1iRf3gH8qwvxQjLtaNKRyr8Bheo3tsOLh2tYriWaUTXqeKAd46zI
+KcWAKtYWJQenVyFvnsMwKNFvFq/HgJGhKTOvZRwsrTb2wXgxcAleOBO+Ts4Vhb9J
+xil8/WcWCKU+GPf8hQOkwVnhv4CxLscCXT2g9zxTpP/JCKmHaucQog8CgYEA0qUC
+NBRMh55bjiHaqsSRvr45iwxzNzd8KK5A/xKyScEl+A4HWdqDpZ+8w9YC4GUQClvH
+cHn5NpWfq9hrNAXPjBzVGXk+JqFcJM/yPImH+Vg8MupJprwVSHJ1mqQ/MPSpxxhy
+iNaWeJX6bhPAgQSOAYbH22uNOGePmMQ8kk3v/OcCgYA7ZzPA3kQ9Hr76Yi5Bmcgf
+ugSuJV73MB+QnVKoXH4GcTJt69zev5t3GvaG64SRGSJupTPVksfVSuPKI1DwdXWD
+fHb3UW2DT2/8E1+DeNXOMIvmSHzn8TyB4BhwIxyVoWEsg/5k17HogQqCmSyNkV8y
+hloUu4NojhwybvTFzvtqOQKBgDL0IVVRt7Vyk/kMrWVziUHXp/m/uDsaG9mHVUee
+USxQIYwgcJzGo+OzgSjqIuX+7GNlEhheGO+gP/CEuGHsKeldrBquXl9f1vc8qf8E
+0bR6KI20aL6BbrCIp3QR2QtRk6QKgOIi7mEa/moUMxPCc0thPAUSviVvv6eXiINn
+gO7vAoGAcvwVy9gDcGTL+4mMjZ07jc/TmQPmOpqosXuDTQZITuovpzY0Nf9KPNJs
+0dTuCaO+N5ZjttxIm6L9h/Ah0BN2Ir+JbplJ5uScWldz0MFJXm1wz7KJCRZQpVIO
+6SJCLSmh4nZ0TIL8V0ABhaFVQK0qq2z/ASljIF6iC68DBEDfuzY=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
index 44945bf5f..45c6ce7c5 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
@@ -2,6 +2,6 @@ moon::cat /var/log/daemon.log::requesting ocsp status from::YES
 moon::cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES
 moon::cat /var/log/daemon.log::ocsp response verification failed::YES
 moon::cat /var/log/daemon.log::certificate status is not available::YES
-moon::cat /var/log/daemon.log::constraint check failed: RULE_OCSP_VALIDATION is FAILED, but requires at least GOOD::YES
+moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/reauth-late/evaltest.dat b/testing/tests/ikev2/reauth-late/evaltest.dat
index 7f083a05e..c0893df65 100644
--- a/testing/tests/ikev2/reauth-late/evaltest.dat
+++ b/testing/tests/ikev2/reauth-late/evaltest.dat
@@ -1,7 +1,7 @@
 moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES
 carol::ipsec statusall::home\[2\].*ESTABLISHED::YES
 carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES
-carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 3600s, reauthentication already scheduled in 2[0-5]s::YES
+carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf
index bdd186a04..cb5e86a66 100755
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf
@@ -6,8 +6,8 @@ config setup
 	plutostart=no
 
 conn %default
-	ikelifetime=60m
-	keylife=20m
+	ikelifetime=3601
+	keylife=1200
 	rekeymargin=0s
 	keyingtries=1
 
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index bbb5a76fd..e070f9a27 100644
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index bbb5a76fd..e070f9a27 100644
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index bbb5a76fd..e070f9a27 100644
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/description.txt b/testing/tests/ikev2/rw-eap-aka-rsa/description.txt
index b4f766d6f..1277081b9 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/description.txt
@@ -3,5 +3,5 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
 in association with the <i>Authentication and Key Agreement</i> protocol
 (<b>EAP-AKA</b>) to authenticate against the gateway. This protocol is used
 in UMTS, but here a secret from <b>ipsec.secrets</b> is used instead of a USIM/(R)UIM.
-Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate itself
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate itself
 against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index 5821bc12d..d8c77f5b1 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+}
+
+libstrongswan {
+  integrity_test = yes
 }
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index 5821bc12d..d8c77f5b1 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+}
+
+libstrongswan {
+  integrity_test = yes
 }
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/description.txt b/testing/tests/ikev2/rw-eap-md5-id-prompt/description.txt
new file mode 100644
index 000000000..b1590090e
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/description.txt
@@ -0,0 +1,9 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+<b>carol</b> uses the <i>Extensible Authentication Protocol</i>
+in association with an  <i>MD5</i> challenge and response protocol
+(<b>EAP-MD5</b>) to authenticate against the gateway. The EAP identity and password
+of the user is kept in <b>ipsec.secrets</b> on the gateway <b>moon</b> and 
+is entered interactively on the client <b>carol</b> using the command
+<b>ipsec stroke user-creds home carol "Ar3etTnp"</b>.
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate itself
+against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
new file mode 100644
index 000000000..3f828141c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
@@ -0,0 +1,13 @@
+carol::cat /var/log/daemon.log::configured EAP-Identity carol::YES
+carol::cat /var/log/daemon.log::added EAP secret for carol moon.strongswan.org::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES
+moon::cat /var/log/daemon.log::received EAP identity.*carol::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+
+
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf
index c19192dae..7859ee9cc 100755
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf
@@ -2,7 +2,6 @@
 
 config setup
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
@@ -13,11 +12,10 @@ conn %default
 
 conn home
 	left=PH_IP_CAROL
-	leftid=carol@strongswan.org
 	leftauth=eap
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
-	rightsendcert=never
 	rightsubnet=10.1.0.0/16
+	rightauth=pubkey
 	auto=add
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..ddd495699
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..fe067d344
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf
index 6747b4a4a..c132b9ab8 100755
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf
@@ -3,7 +3,6 @@
 config setup
 	strictcrlpolicy=no
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
@@ -15,12 +14,12 @@ conn %default
 conn rw-eap
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
-	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
-	leftauth=eap-ttls
+	leftcert=moonCert.pem
+	leftauth=pubkey
 	leftfirewall=yes
-	rightauth=eap-ttls
-	rightid=*@strongswan.org
+	rightauth=eap-md5
 	rightsendcert=never
 	right=%any
+	eap_identity=%any
 	auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.secrets
index 74942afda..e11a2204c 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.secrets
@@ -1,3 +1,5 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-carol@strongswan.org : EAP "Ar3etTnp"
+: RSA moonKey.pem
+
+carol : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..fe067d344
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/posttest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/posttest.dat
index 7cebd7f25..94a400606 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/posttest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/posttest.dat
@@ -1,6 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
-dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat
new file mode 100644
index 000000000..9c301f484
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec stroke user-creds home carol "Ar3etTnp"
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/test.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/test.conf
index e28b8259b..2bd21499b 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/test.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice venus moon carol winnetou dave"
+UMLHOSTS="alice carol moon"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-v-m-c-w-d.png"
+DIAGRAM="a-m-c.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,9 +18,4 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/description.txt b/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
index a2ac00d80..d376ee5a8 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
@@ -3,5 +3,5 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
 in association with an  <i>MD5</i> challenge and response protocol
 (<b>EAP-MD5</b>) to authenticate against the gateway. The user password
 is kept in <b>ipsec.secrets</b> on both gateway and client 
-Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate itself
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate itself
 against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
index df7041a97..4feadff4c 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
@@ -4,5 +4,5 @@ in association with the <i>Microsoft CHAP version 2</i> protocol
 (<b>EAP-MSCHAPV2</b>) to authenticate against the gateway. This protocol is used
 e.g. by the Windows 7 Agile VPN client.
 In addition to her IKEv2 identity <b>PH_IP_CAROL</b>, roadwarrior <b>carol</b>
-uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionaly uses an <b>RSA signature</b>
+uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionally uses an <b>RSA signature</b>
 to authenticate itself against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
index 2c06d26a6..fd5d3f5f4 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
index 2c06d26a6..fd5d3f5f4 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
index 68d2cd95a..f5024111c 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
   multiple_authentication=no
   plugins {
     eap-peap {
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/description.txt b/testing/tests/ikev2/rw-eap-sim-rsa/description.txt
index 5fc75e1b1..686241809 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/description.txt
@@ -3,5 +3,5 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
 in association with a GSM <i>Subscriber Identity Module</i> (<b>EAP-SIM</b>)
 to authenticate against the gateway. In this scenario triplets from the file
 <b>/etc/ipsec.d/triplets.dat</b> are used instead of a physical SIM card.
-Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate
 itself against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
index e468cd4f9..0add0f360 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+}
+
+libstrongswan {
+  integrity_test = yes
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
index e468cd4f9..527cb2b37 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,10 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
 }
+
+libstrongswan {
+  integrity_test = yes
+}
+
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index 5fe84aea3..4e47e632c 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index 5fe84aea3..4e47e632c 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
index 5fe84aea3..4e47e632c 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
index 4d2d3058d..ab71e5908 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
   multiple_authentication=no
   plugins {
     eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/description.txt b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/description.txt
deleted file mode 100644
index 350aefc60..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/description.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-At the outset the gateway authenticates itself to the clients by sending an IKEv2
-<b>RSA signature</b> accompanied by a certificate.
-<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to
-the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
-The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements <b>carol</b>
-is authenticated successfully and is granted access to the subnet behind <b>moon</b> whereas 
-<b>dave</b> fails the layered EAP authentication and is rejected.
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/evaltest.dat
deleted file mode 100644
index 517ea9ab2..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/evaltest.dat
+++ /dev/null
@@ -1,14 +0,0 @@
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES         
-moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
-moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary
deleted file mode 100644
index 1a27a02fc..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary
+++ /dev/null
@@ -1,2 +0,0 @@
-$INCLUDE	/usr/share/freeradius/dictionary
-$INCLUDE	/etc/raddb/dictionary.tnc
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc
deleted file mode 100644
index f295467a9..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc
+++ /dev/null
@@ -1,5 +0,0 @@
-ATTRIBUTE	TNC-Status	3001	integer
-
-VALUE	TNC-Status	Access	0 
-VALUE	TNC-Status	Isolate	1
-VALUE	TNC-Status	None	2
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/eap.conf
deleted file mode 100644
index 31556361e..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/eap.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-eap {
-  md5 {
-  }
-  default_eap_type = ttls
-  tls {
-    private_key_file = /etc/raddb/certs/aaaKey.pem
-    certificate_file = /etc/raddb/certs/aaaCert.pem
-    CA_file = /etc/raddb/certs/strongswanCert.pem
-    cipher_list = "DEFAULT"
-    dh_file = /etc/raddb/certs/dh
-    random_file = /etc/raddb/certs/random
-  }
-  ttls {
-    default_eap_type = md5
-    use_tunneled_reply = yes
-    virtual_server = "inner-tunnel"
-    tnc_virtual_server = "inner-tunnel-second"
-  }
-}
-
-eap eap_tnc {
-      default_eap_type = tnc
-      tnc {
-      }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/default
deleted file mode 100644
index 802fcfd8d..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/default
+++ /dev/null
@@ -1,44 +0,0 @@
-authorize {
-  suffix
-  eap {
-    ok = return
-  }
-  files
-}
-
-authenticate {
-  eap
-}
-
-preacct {
-  preprocess
-  acct_unique
-  suffix
-  files
-}
-
-accounting {
-  detail
-  unix
-  radutmp
-  attr_filter.accounting_response
-}
-
-session {
-  radutmp
-}
-
-post-auth {
-  exec
-  Post-Auth-Type REJECT {
-    attr_filter.access_reject
-  }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-  eap
-}
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel
deleted file mode 100644
index e088fae14..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel
+++ /dev/null
@@ -1,32 +0,0 @@
-server inner-tunnel {
-
-authorize {
-	suffix
-	eap {
-		ok = return
-	}
-	files
-}
-
-authenticate {
-	eap
-}
-
-session {
-	radutmp
-}
-
-post-auth {
-	Post-Auth-Type REJECT {
-		attr_filter.access_reject
-	}
-}
-
-pre-proxy {
-}
-
-post-proxy {
-	eap
-}
-
-} # inner-tunnel server block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
deleted file mode 100644
index 2d4961288..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
+++ /dev/null
@@ -1,23 +0,0 @@
-server inner-tunnel-second {
-
-authorize {
-	eap_tnc {
-		ok = return
-	}
-}
-
-authenticate {
-	eap_tnc
-}
-
-session {
-	radutmp
-}
-
-post-auth {
-	Post-Auth-Type REJECT {
-		attr_filter.access_reject
-	}
-}
-
-} # inner-tunnel-second block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/tnc_config
deleted file mode 100644
index a9509a716..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for TNC@FHH-TNC-Server
-
-IMV "Dummy" /usr/local/lib/libdummyimv.so.0.7.0
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 9cf2b43c4..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn home
-	left=PH_IP_CAROL
-	leftid=carol@strongswan.org
-	leftauth=eap
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	rightauth=pubkey
-	aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-	auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index c12143cb1..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644
index f5da834c0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index c12143cb1..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644
index 621e94f0e..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-none
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/posttest.dat
deleted file mode 100644
index 132752119..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-alice::/etc/init.d/radiusd stop
-alice::rm /etc/raddb/sites-enabled/inner-tunnel-second
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/pretest.dat
deleted file mode 100644
index dc7d5934e..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/pretest.dat
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second
-alice::cat /etc/raddb/sites-enabled/inner-tunnel-second
-alice::/etc/init.d/radiusd start
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt b/testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt
deleted file mode 100644
index 7eebd3d4d..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-At the outset the gateway authenticates itself to the clients by sending an IKEv2
-<b>RSA signature</b> accompanied by a certificate.
-<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to
-the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
-The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat
deleted file mode 100644
index d0ea22ba9..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat
+++ /dev/null
@@ -1,19 +0,0 @@
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES            
-moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/clients.conf
deleted file mode 100644
index f4e179aa4..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/clients.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-client PH_IP_MOON1 {
-  secret    = gv6URkSs 
-  shortname = moon
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary
deleted file mode 100644
index 1a27a02fc..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary
+++ /dev/null
@@ -1,2 +0,0 @@
-$INCLUDE	/usr/share/freeradius/dictionary
-$INCLUDE	/etc/raddb/dictionary.tnc
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary.tnc
deleted file mode 100644
index f295467a9..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary.tnc
+++ /dev/null
@@ -1,5 +0,0 @@
-ATTRIBUTE	TNC-Status	3001	integer
-
-VALUE	TNC-Status	Access	0 
-VALUE	TNC-Status	Isolate	1
-VALUE	TNC-Status	None	2
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/eap.conf
deleted file mode 100644
index 31556361e..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/eap.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-eap {
-  md5 {
-  }
-  default_eap_type = ttls
-  tls {
-    private_key_file = /etc/raddb/certs/aaaKey.pem
-    certificate_file = /etc/raddb/certs/aaaCert.pem
-    CA_file = /etc/raddb/certs/strongswanCert.pem
-    cipher_list = "DEFAULT"
-    dh_file = /etc/raddb/certs/dh
-    random_file = /etc/raddb/certs/random
-  }
-  ttls {
-    default_eap_type = md5
-    use_tunneled_reply = yes
-    virtual_server = "inner-tunnel"
-    tnc_virtual_server = "inner-tunnel-second"
-  }
-}
-
-eap eap_tnc {
-      default_eap_type = tnc
-      tnc {
-      }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/proxy.conf
deleted file mode 100644
index 23cba8d11..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/proxy.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-realm strongswan.org {
-  type     = radius
-  authhost = LOCAL
-  accthost = LOCAL
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/radiusd.conf
deleted file mode 100644
index 1143a0473..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/radiusd.conf
+++ /dev/null
@@ -1,120 +0,0 @@
-# radiusd.conf	-- FreeRADIUS server configuration file.
-
-prefix = /usr
-exec_prefix = ${prefix}
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = ${localstatedir}/log/radius
-raddbdir = ${sysconfdir}/raddb
-radacctdir = ${logdir}/radacct
-
-#  name of the running server.  See also the "-n" command-line option.
-name = radiusd
-
-#  Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = ${raddbdir}
-
-# libdir: Where to find the rlm_* modules.
-libdir = ${exec_prefix}/lib
-
-#  pidfile: Where to place the PID of the RADIUS server.
-pidfile = ${run_dir}/${name}.pid
-
-#  max_request_time: The maximum time (in seconds) to handle a request.
-max_request_time = 30
-
-#  cleanup_delay: The time to wait (in seconds) before cleaning up
-cleanup_delay = 5
-
-#  max_requests: The maximum number of requests which the server keeps
-max_requests = 1024
-
-#  listen: Make the server listen on a particular IP address, and send
-listen {
-  type = auth
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  This second "listen" section is for listening on the accounting
-#  port, too.
-#
-listen {
-  type  = acct
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  hostname_lookups: Log the names of clients or just their IP addresses
-hostname_lookups = no
-
-#  Core dumps are a bad thing.  This should only be set to 'yes'
-allow_core_dumps = no
-
-#  Regular expressions
-regular_expressions = yes
-extended_expressions = yes
-
-#  Logging section.  The various "log_*" configuration items
-log {
-  destination = files
-  file = ${logdir}/radius.log
-  syslog_facility = daemon
-  stripped_names = no
-  auth = yes 
-  auth_badpass = yes 
-  auth_goodpass = yes 
-}
-
-#  The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-#  Security considerations
-security {
-  max_attributes = 200
-  reject_delay = 1
-  status_server = yes
-}
-
-# PROXY CONFIGURATION
-proxy_requests = yes
-$INCLUDE proxy.conf
-
-# CLIENTS CONFIGURATION
-$INCLUDE clients.conf
-
-# THREAD POOL CONFIGURATION
-thread pool {
-  start_servers = 5
-  max_servers = 32
-  min_spare_servers = 3
-  max_spare_servers = 10
-  max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-modules {
-  $INCLUDE ${confdir}/modules/
-  $INCLUDE eap.conf
-  $INCLUDE sql.conf
-  $INCLUDE sql/mysql/counter.conf
-}
-
-# Instantiation
-instantiate {
-  exec
-  expr
-  expiration
-  logintime
-}
-
-# Policies
-$INCLUDE policy.conf
-
-# Include all enabled virtual hosts
-$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel
deleted file mode 100644
index e088fae14..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel
+++ /dev/null
@@ -1,32 +0,0 @@
-server inner-tunnel {
-
-authorize {
-	suffix
-	eap {
-		ok = return
-	}
-	files
-}
-
-authenticate {
-	eap
-}
-
-session {
-	radutmp
-}
-
-post-auth {
-	Post-Auth-Type REJECT {
-		attr_filter.access_reject
-	}
-}
-
-pre-proxy {
-}
-
-post-proxy {
-	eap
-}
-
-} # inner-tunnel server block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
deleted file mode 100644
index f91bccc72..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
+++ /dev/null
@@ -1,36 +0,0 @@
-server inner-tunnel-second {
-
-authorize {
-	eap_tnc {
-		ok = return
-	}
-}
-
-authenticate {
-	eap_tnc
-}
-
-session {
-	radutmp
-}
-
-post-auth {
-	if (control:TNC-Status == "Access") {
-		update reply {
-			Tunnel-Type := ESP 
-			Filter-Id := "allow"
-		}
-	}
-	elsif (control:TNC-Status == "Isolate") {
-		update reply {
-			Tunnel-Type := ESP 
-			Filter-Id := "isolate"	
-		}
-	}
-
-	Post-Auth-Type REJECT {
-		attr_filter.access_reject
-	}
-}
-
-} # inner-tunnel-second block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/users
deleted file mode 100644
index 50ccf3e76..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/users
+++ /dev/null
@@ -1,2 +0,0 @@
-carol	Cleartext-Password := "Ar3etTnp"
-dave	Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config
deleted file mode 100644
index a9509a716..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for TNC@FHH-TNC-Server
-
-IMV "Dummy" /usr/local/lib/libdummyimv.so.0.7.0
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index c12143cb1..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644
index f5da834c0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index 998e6c2e5..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn home
-	left=PH_IP_DAVE
-	leftid=dave@strongswan.org
-	leftauth=eap
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	rightauth=pubkey
-	aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-	auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index c12143cb1..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644
index c20b5e57f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-isolate
-\ No newline at end of file
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index f4e456bbe..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
-  multiple_authentication=no
-  plugins {
-    eap-radius {
-      secret = gv6URkSs 
-      server = PH_IP_ALICE
-      filter_id = yes
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius/posttest.dat
deleted file mode 100644
index 132752119..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-alice::/etc/init.d/radiusd stop
-alice::rm /etc/raddb/sites-enabled/inner-tunnel-second
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat
deleted file mode 100644
index 8dd865819..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second
-alice::cat /etc/raddb/sites-enabled/inner-tunnel-second
-alice::/etc/init.d/radiusd start
-alice::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/description.txt b/testing/tests/ikev2/rw-eap-tnc-11/description.txt
deleted file mode 100644
index 4b4808c94..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat
deleted file mode 100644
index f7d78d1ca..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat
+++ /dev/null
@@ -1,21 +0,0 @@
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 74942afda..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index c12143cb1..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644
index f5da834c0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/log4cxx.properties
deleted file mode 100644
index b1c694107..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/log4cxx.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config
deleted file mode 100644
index d2fabe109..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"		/usr/local/lib/libdummyimc.so
-#IMC "HostScanner"	/usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index c12143cb1..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644
index c20b5e57f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-isolate
-\ No newline at end of file
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/log4cxx.properties
deleted file mode 100644
index b1c694107..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/log4cxx.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config
deleted file mode 100644
index d2fabe109..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"		/usr/local/lib/libdummyimc.so
-#IMC "HostScanner"	/usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2e277ccb0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index f8700d3c5..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644
index d00491fd7..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/dummyimv.policy
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/hostscannerimv.policy b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/hostscannerimv.policy
deleted file mode 100644
index d8215dd3c..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/hostscannerimv.policy
+++ /dev/null
@@ -1,40 +0,0 @@
-#FTP - File Transfer Protocol
-TCP 20 = whatever
-TCP 21 = close
-
-#SSH - Secure Shell
-TCP 22 = whatever
-
-#Telnet
-TCP 23 = close
-
-#E-Mail
-#
-#SMTP - Simple Mail Transfer Protocol
-TCP  25 = close
-TCP 587 = close
-#POP3 - Post Office Protocol version 3
-TCP 110 = close
-TCP 995 = close
-
-#DNS - Domain Name System
-UDP 53 = close
-TCP 53 = close
-
-#BOOTP/DHCP - Bootstrap Protocol /
-#Dynamic Host Configuration Protocol 
-UDP 67 = close
-#UDP 68 = open
-UDP 68 = whatever
-
-#www - World Wide Web
-#HTTP - Hypertext Transfer Protocol
-TCP  80 = close
-#HTTPS - Hypertext Transfer Protocol Secure
-TCP 443 = close
-
-#examples
-TCP 8080 = close
-TCP 5223 = whatever
-UDP 4444 = close
-UDP  631 = whatever
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/log4cxx.properties
deleted file mode 100644
index 122d798b3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/log4cxx.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMV] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMV] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config
deleted file mode 100644
index 140caa98f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy"		/usr/local/lib/libdummyimv.so
-#IMV "HostScanner"	/usr/local/lib/libhostscannerimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-11/pretest.dat
deleted file mode 100644
index 9896b1e4a..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-11/pretest.dat
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/description.txt b/testing/tests/ikev2/rw-eap-tnc-20-block/description.txt
deleted file mode 100644
index c7422aa46..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/description.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements
-<b>carol</b> is authenticated successfully and is granted access to the subnet behind
-<b>moon</b> whereas <b>dave</b> fails the layered EAP authentication and is rejected.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat
deleted file mode 100644
index e3c482441..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat
+++ /dev/null
@@ -1,14 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Denied'::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'no access'::YES
-moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 74942afda..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 1a39b8c57..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-    tnc-imc {
-      preferred_language = de, en
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644
index f5da834c0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index 5496df7ad..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index eb7007726..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-    tnc-imc {
-      preferred_language = ru, fr, en
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644
index 621e94f0e..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-none
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2e277ccb0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 20caf8e84..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-    tnc-imv {
-      recommendation_policy = all
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644
index 573541ac9..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc_config
deleted file mode 100644
index ac436a344..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy" /usr/local/lib/libdummyimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-20-block/pretest.dat
deleted file mode 100644
index ce897d181..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/pretest.dat
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/description.txt b/testing/tests/ikev2/rw-eap-tnc-20-tls/description.txt
deleted file mode 100644
index 54590a951..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/description.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>,
-both ends doing certificate-based EAP-TLS authentication only.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat
deleted file mode 100644
index c871bb6da..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat
+++ /dev/null
@@ -1,21 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES              
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index b2aa2806a..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644
index f5da834c0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index b2aa2806a..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644
index c20b5e57f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-isolate
-\ No newline at end of file
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config
deleted file mode 100644
index a5a9a68f3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 50514c99f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	strictcrlpolicy=no
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn rw-allow
-	rightgroups=allow
-	leftsubnet=10.1.0.0/28
-	also=rw-eap
-	auto=add
-
-conn rw-isolate
-	rightgroups=isolate
-	leftsubnet=10.1.0.16/28
-	also=rw-eap
-	auto=add
-
-conn rw-eap
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftauth=eap-ttls
-	leftfirewall=yes
-	rightauth=eap-ttls
-	rightid=*@strongswan.org
-	rightsendcert=never
-	right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2e277ccb0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 04a243cad..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      request_peer_auth = yes
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644
index 573541ac9..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config
deleted file mode 100644
index ac436a344..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy" /usr/local/lib/libdummyimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/description.txt b/testing/tests/ikev2/rw-eap-tnc-20/description.txt
deleted file mode 100644
index 6a9c5dde8..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/description.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat
deleted file mode 100644
index d334a9b97..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat
+++ /dev/null
@@ -1,21 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index c19192dae..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn home
-	left=PH_IP_CAROL
-	leftid=carol@strongswan.org
-	leftauth=eap
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsendcert=never
-	rightsubnet=10.1.0.0/16
-	auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 74942afda..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index b2aa2806a..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644
index f5da834c0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/log4cxx.properties
deleted file mode 100644
index b1c694107..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc/log4cxx.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config
deleted file mode 100644
index d2fabe109..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"		/usr/local/lib/libdummyimc.so
-#IMC "HostScanner"	/usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index 7d5ea8b83..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn home
-	left=PH_IP_DAVE
-	leftid=dave@strongswan.org
-	leftauth=eap
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsendcert=never
-	rightsubnet=10.1.0.0/16
-	auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index 5496df7ad..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index b2aa2806a..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644
index c20b5e57f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-isolate
-\ No newline at end of file
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/log4cxx.properties
deleted file mode 100644
index b1c694107..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc/log4cxx.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config
deleted file mode 100644
index d2fabe109..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"		/usr/local/lib/libdummyimc.so
-#IMC "HostScanner"	/usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 50514c99f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	strictcrlpolicy=no
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn rw-allow
-	rightgroups=allow
-	leftsubnet=10.1.0.0/28
-	also=rw-eap
-	auto=add
-
-conn rw-isolate
-	rightgroups=isolate
-	leftsubnet=10.1.0.16/28
-	also=rw-eap
-	auto=add
-
-conn rw-eap
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftauth=eap-ttls
-	leftfirewall=yes
-	rightauth=eap-ttls
-	rightid=*@strongswan.org
-	rightsendcert=never
-	right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2e277ccb0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index b76c1cd55..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644
index d00491fd7..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/dummyimv.policy
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/hostscannerimv.policy b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/hostscannerimv.policy
deleted file mode 100644
index d8215dd3c..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/hostscannerimv.policy
+++ /dev/null
@@ -1,40 +0,0 @@
-#FTP - File Transfer Protocol
-TCP 20 = whatever
-TCP 21 = close
-
-#SSH - Secure Shell
-TCP 22 = whatever
-
-#Telnet
-TCP 23 = close
-
-#E-Mail
-#
-#SMTP - Simple Mail Transfer Protocol
-TCP  25 = close
-TCP 587 = close
-#POP3 - Post Office Protocol version 3
-TCP 110 = close
-TCP 995 = close
-
-#DNS - Domain Name System
-UDP 53 = close
-TCP 53 = close
-
-#BOOTP/DHCP - Bootstrap Protocol /
-#Dynamic Host Configuration Protocol 
-UDP 67 = close
-#UDP 68 = open
-UDP 68 = whatever
-
-#www - World Wide Web
-#HTTP - Hypertext Transfer Protocol
-TCP  80 = close
-#HTTPS - Hypertext Transfer Protocol Secure
-TCP 443 = close
-
-#examples
-TCP 8080 = close
-TCP 5223 = whatever
-UDP 4444 = close
-UDP  631 = whatever
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/log4cxx.properties
deleted file mode 100644
index 122d798b3..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc/log4cxx.properties
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMV] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMV] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config
deleted file mode 100644
index 140caa98f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy"		/usr/local/lib/libdummyimv.so
-#IMV "HostScanner"	/usr/local/lib/libhostscannerimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-20/pretest.dat
deleted file mode 100644
index 1c8eebad5..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/pretest.dat
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start 
-dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start 
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/test.conf b/testing/tests/ikev2/rw-eap-tnc-20/test.conf
deleted file mode 100644
index e28b8259b..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-20/test.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/description.txt b/testing/tests/ikev2/rw-eap-tnc-dynamic/description.txt
deleted file mode 100644
index 21e9bc675..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/description.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of TNC client <b>carol</b> via the <b>TNCCS 1.1 </b> client-server interface and of
-TNC client <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface. TNC server
-<b>moon</b> dynamically detects which version of the IF-TNCCS protocol is used.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat
deleted file mode 100644
index 593ac4505..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat
+++ /dev/null
@@ -1,29 +0,0 @@
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::TNCCS 1.1 protocol detected dynamically::YES
-moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 1::YES
-moon::cat /var/log/daemon.log::final recommendation is 'allow' and evaluation is 'compliant'::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::removed TNCCS Connection ID 1::YES
-moon::cat /var/log/daemon.log::TNCCS 2.0 protocol detected dynamically::YES
-moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 2::YES
-moon::cat /var/log/daemon.log::final recommendation is 'isolate' and evaluation is 'non-compliant minor'::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::removed TNCCS Connection ID 2::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 74942afda..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 6a12318db..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-1.1
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644
index f5da834c0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config
deleted file mode 100644
index d2fabe109..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"		/usr/local/lib/libdummyimc.so
-#IMC "HostScanner"	/usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index 7d5ea8b83..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn home
-	left=PH_IP_DAVE
-	leftid=dave@strongswan.org
-	leftauth=eap
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsendcert=never
-	rightsubnet=10.1.0.0/16
-	auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index 5496df7ad..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index b2aa2806a..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644
index 33945dc1e..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc/dummyimc.file
+++ /dev/null
@@ -1 +0,0 @@
-isolate
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config
deleted file mode 100644
index d2fabe109..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"		/usr/local/lib/libdummyimc.so
-#IMC "HostScanner"	/usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 50514c99f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	strictcrlpolicy=no
-	plutostart=no
-	charondebug="tls 2, tnc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn rw-allow
-	rightgroups=allow
-	leftsubnet=10.1.0.0/28
-	also=rw-eap
-	auto=add
-
-conn rw-isolate
-	rightgroups=isolate
-	leftsubnet=10.1.0.16/28
-	also=rw-eap
-	auto=add
-
-conn rw-eap
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftauth=eap-ttls
-	leftfirewall=yes
-	rightauth=eap-ttls
-	rightid=*@strongswan.org
-	rightsendcert=never
-	right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2e277ccb0..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index a1a4a4747..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnccs-20 tnccs-dynamic tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-dynamic
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644
index d00491fd7..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config
deleted file mode 100644
index 140caa98f..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy"		/usr/local/lib/libdummyimv.so
-#IMV "HostScanner"	/usr/local/lib/libhostscannerimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat
deleted file mode 100644
index ce897d181..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf
deleted file mode 100644
index e28b8259b..000000000
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
index 378bdc540..96620d0c2 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
index 378bdc540..96620d0c2 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
index 8cdcb640c..a68a74712 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
   plugins {
     eap-ttls {
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 378bdc540..96620d0c2 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 378bdc540..96620d0c2 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
index 4d2d3058d..ab71e5908 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
   multiple_authentication=no
   plugins {
     eap-radius {
diff --git a/testing/tests/ikev2/rw-pkcs8/description.txt b/testing/tests/ikev2/rw-pkcs8/description.txt
new file mode 100644
index 000000000..d5d817f52
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
+and matching RSA private keys stored in the <b>PKCS#8</b> format. <b>moon</b>'s key
+is unencrypted, <b>carol</b>'s key is encrypted with the default PKCS#5 v1.5
+DES algorithm and <b>dave</b>'s key with the PKCS#5 v2.0 3DES algorithm.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/rw-pkcs8/evaltest.dat b/testing/tests/ikev2/rw-pkcs8/evaltest.dat
new file mode 100644
index 000000000..06a0f8cda
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/evaltest.dat
@@ -0,0 +1,10 @@
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf
index 1b6274215..bcdb8641b 100755
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf
@@ -1,24 +1,23 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev2
 
 conn home
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
-	leftauth=eap
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
-	rightsendcert=never
 	rightsubnet=10.1.0.0/16
+	keyexchange=ikev2
 	auto=add
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644
index 000000000..15d775dc8
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQMwDgQI+eazNjQUVoACAggABIIEyMUe2rc1ZsQgFwUm
+MiU+qAl2g7uzI1Pz6XzgvjZrV5n62XXAbIbG4WP08slkD2VXA5iVTnfI7nj0HEtD
+d2eaLU0GKNwmW7eSAXmhwBiUA623Xo0Y/X4eAY9VUfSlVshnNKOsgETQxQhUsKK1
+NXSpXfAjSgd+HDwQ+uvFQQD9WgibO3rIxfuO9+QqwnYXWz/p2bmc128mBibaFxwa
+SdVlYhR9l1hhFHN5cdD5AXFsflbLzGVR6gJpArU1m1soOEYp6q314L75KALYAVaY
+tQTC6gcPtXRZZvNsg9iRttPKsky0XJF7t5YGIqM4NNu5b534iXATm5Lt9jkrNKqm
+3SGD+KDLrk2aIaU9jCgY73Um1MJOls8AzUU0ZqwmAQAYoaZOwMDZ/P0Uw/du3Oaz
+O9FbzfPoS46muRZHMDVXEB0Zt8laSjwryeIU26MNye1xEU0aJJRaQQP2Vq8FTGtM
+Gi4gR9vdjyBhRE51z0kd5vPc7YkpqJNGB59KHRlHVmozo3v7zjkY/ROsiy1a0Vy/
+6ZkwtS0cnFzFhUBvUefzCsRKSiWWULqGIn3Qb7o+JQYc8vxuEua8DGnEmQEUBRgE
+j/YeI8wtObYm+u6eE0lbTopdSkfHu5UzTDYpnYDhW5nwv5ZOKeRBdXyX4BOrITnR
+xEsmp34/ql3/C9W1MXkjStaSRiWfbHt35gVlFaJNXZJXtKVOlFgxFxuslrawGI0c
+DLhPu1aMfHNc8LlD8cN5W2OQ/jsYlQDDd+n1WPpn+9VuBqSlnDl/mn4/0R7Yy53m
++lgruhfA7S26NG+SxHPXBq8PE052ohDLylKRGEqBTJp2aXNEKKZLrK8I1zbdIx1h
+0YAAtERtvqPu2xSvJ7lGuHD+87TlWa54p3H+0UM803RBQUcH5lsNUzQ4lAN/eFgg
+7TK2BqRTqWTVm8he0tVY8XJ4dLPLsXxUKb/tiFvtjBdQM7bq0UlTxign8VGZro7v
+dKkGqdsEEiFzCnOvDwyjOEG7wUVmO/ejWkuI510U80x/APuOUH0zQOTBhMSrz1Eh
+AdWWeSvNuyWyRPNNzlQ4DJd3UKnu4BZu4zobe4imhwCCrkGkfE5FhnyXExA8FppT
+2BNe5AmIfI1joEQyRgXm/nAvwvN9pawKfDxg8gmhBLjVfk50tAydWurhrhF6CnBL
+4h/hhb+C6HZBbNpmY+O12bDk81unZ8Vvtbkix5n7/371XbaAQN1WYxNaH6SDeT1J
+qDRWAZhGPBn7VLVaQ6ZmLB73U8vkcju8r6atWasZTPsZQl2eng9J/5UoL/0Ubri2
+Jlmj/fScAhlK7yM62dVYVwezYtKV8QUcaDmcqO8qhuVCnYlaqu6SO5ApYWkOMzMW
+EpvY0SqD6QkfKvT8bVU9GOaNSMaEKUR7NPPgettVcEkg50TeyBRvXvOAexD6qcE0
+NO/sYx9do0WpY4u85DZt3Toper0hchbEmXVHlxh8CKPgUTFVsDQ6AVyrVWrtoY1k
+VpJutwWV5sPIxq17bFLTJ7pP2NIvNBvwnDedn5WKNDFu9E2U8vAujVdzlQd/gsJi
+JLCreDt+rcmJVBJHMxZC+SpLbR4kNMAe5vwwESVo6wBsxMuyn1b+82C8rum5qbJ9
+RGF8RGrZzrPWbBITPw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.secrets
index 74942afda..6a2aea811 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-carol@strongswan.org : EAP "Ar3etTnp"
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..3c22edc23
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf
index 54c06b12e..ea8bc92a7 100755
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf
@@ -1,24 +1,23 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev2
 
 conn home
 	left=PH_IP_DAVE
 	leftcert=daveCert.pem
 	leftid=dave@strongswan.org
-	leftauth=eap
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
-	rightsendcert=never
 	rightsubnet=10.1.0.0/16
+	keyexchange=ikev2
 	auto=add
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
new file mode 100644
index 000000000..199d78984
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRwFyB7jCGskCAggA
+MBQGCCqGSIb3DQMHBAjDqug87twvJwSCBMiBb1Y4B1FxGPGQwAgZd6aE8J6xH4VZ
+MNpkm4+MPCVYBvpG1q3I1YcvIw0GcAlLQASGLXEytuVEH5xCUaGdCsa5zVpf+6Ex
+i8Oyqf0dbRRafzN+K+jVLBa+higxXESE6jYxBP/auH4v5pcEy+fbljwDauyEP0bF
+EgURF5nTsa5c+MTmWho+OMy/1pAuP92XmwLeeBXWuRWs+s3wkBOIe3SerW5MOyMN
+mwqqu/6J4RU9VL7kooVE/B0oWJblvBTjeJoKDy5iX/iE2oRqXjihWPXYIhWqeCEB
+2QCpZ1/9hEN7FLX87GBD7yivhhQMF/uBnTRIjmgbKmNtwY1+rybz0MUJrXVfS1iE
+JYHlo4/cqudjsMjtjhTV9n4FJd9IsuSmZjMHVk3enIyhZ1oliugS25OpWKHnybzj
+65cgxVGPTW31o21w/fEqRRR/KzrEaMZiPyO2EEMcKlB7xmEX9cIdvD99OvLMPEuQ
+UA2hzRKO+A4roidNUT7yp8yy3BkQGLAr4JYaFINreeD+9BrIFx1jRbG3z8xqxtwh
+8P+uR2pyLYaDxeyxkjM7zDV4ax/iV1+L+z3GiC5GnPZEKkpm89MdI7fzeChttVVk
+CtpnxR3vxK2HqfcQFrTG5HNldzpAJk/tBrHRcyAnXrKs+XZhpOQ3gYoNY4fGeGYM
+c9NyeAUZkqJ1nCfHBAR9bmmCEwZSmhSt5voqZ+zS3DWKG30WtNpYMNEEchtWq8Op
+IEimZ341pZOjWqJ396zJ8qJ1XncffC/yAnRsb0xvhS149dwkDyH+17qVyF+V/pyb
+5unjg6V9g0yZ9TKyH858sRG8acVXo6NhuxCg0w8mJ4LCxcJSTgDA0lXFQcuTBLlZ
+YaXfD/dr60HfyH2ll4b5hlkww9jrg1uNW++FcsCHsZu5DV5QbhyVIYdhyp4dTV/7
+9SJJPmeMacQCNJqg783bpUyVaEecHAg8H/u+Zir0vWdRdpeekO28NLVqgQuPEqzs
+Y53RCbjlbilzHud50HHUAqN3fKJK51I1GrjrSeV9xSVnB5psjmOjPvEagGu4kv+s
+fu/fEge0HPx9FUA2xJR9u1/8swYsiAugoWxXFJVBSDJh2a4759ftd7b2mid0aX86
+OeJcY164mlLbu3d905Ez5mgVBHXDuk/LRwrvdprw48tqMB0Tv77egKbSeQzyQLD0
+ZhUQFIJ1cBlmFIw2ZdXUVlV2MJcK6XMlFkdyHRBTfiHI1V/Q2QFFLkTb64X3iTHC
+Ckow0ibsT76pDCP+Buotfk7gho6WgiojC0URzZPG/KDHUHO173S6Nr23NBpVzxun
+lKf5LiAC5LDoJmAx/XouYjh77LZLsi+jhuG3/DnIULZt8aSm5RKGZ6A3VgaaCXhp
+tG3kSSCD6gKrYt7FrKHQ1dwPakPaDdOrBtd13823sPth7GMKmbhrC/x4Q768ml/i
+Gk7DQoYbRkqi7t66aiYuJASxpYpsUWwO7MYOz2vGxDdskp/AukwnNJTA8e2rL0ki
+seqJ2l7+snUXZ4SFJ/D+wfMK2WeQRTJB4hgu7AQyp543mQ+EYZaNMtKIdgQL86q7
+MZVAx5ad82GNtAMgGLyf72bE1mkTK44poT6dob25z7MxFsM7zjadNDzcgBiYdEHq
+/8U=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..ff6a247f0
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem "OJlNZBx+80dLh4wC6fw5LmBd"
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..3c22edc23
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf
index 33dcdcfb0..274521386 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf
@@ -1,6 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
 	strictcrlpolicy=no
 	plutostart=no
 
@@ -9,27 +10,13 @@ conn %default
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev2
-
-conn rw-allow
-	rightgroups=allow
-	leftsubnet=10.1.0.0/28
-	also=rw-eap
-	auto=add
 
-conn rw-isolate
-	rightgroups=isolate
-	leftsubnet=10.1.0.16/28
-	also=rw-eap
-	auto=add
-
-conn rw-eap
+conn rw
 	left=PH_IP_MOON
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
-	leftauth=pubkey
+	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
-	rightauth=eap-radius
-	rightid=*@strongswan.org
-	rightsendcert=never
 	right=%any
+	keyexchange=ikev2
+	auto=add
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644
index 000000000..02045f510
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKL2M91Lu6BYYh
+WxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+SWKGlm11rPE7
+1eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yYYpHk8VQv4vBJ
+TpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+7TDnYaVsAtnc
+gvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3Om/G48crLEVJ
+jdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVbA6agGlTXhDCr
+eDiXU8KHAgMBAAECggEAIEUH9epqO/p9uf0rqnGvPTa5fAaZpxcC1UgOg/N6NaZd
+LhADiXXseskOZ6VKeF6UMqvLyedgeROtPPuafTBDgcNbLzqj+iQlQb9MpEt3pt/v
+1pFCqqiGp3eJCQeTjcbLO5cf6gaKhUoXR9wAINbDjB+MvsUw10cJngHP0Osc7/Kw
+d70Hqu9JibdVlGFLFqd4iRouSQNp0qlXHd9c0WUzFjioo8lhhKglnrWIyqs7v6uc
+D3e2bIMOzw8pTcG2el82t14+CV4keGTxmrIS/b804JJTFsoTw0K0ukZOz5PSqOOe
+7iTdY93dk4EBqfS48N6Qdl4cH9pcYuFhzHEnlK6uoQKBgQD4XWCmmQRHkm2hq523
+8JSl1DWxH3DF/vlUGongWJgAEZDP3GUbiiPMv+jnvazSJXdvAWmdBr5a5avEaQ/p
+m4H9nzaelzQ3+8ui79vh3G+Difsr5444R/TwUyOyx7a2pMhcoKpyZCdHQ09DWPC6
+8Qqxc/nD8k6WdFcBed3iPGwkjQKBgQDQZpPrXJK21Rb2MLebG5jqORDLxMRCpHec
+4W9bCYJchY6k38xNM+6z5N6XGn+l0qFT6ag+ZfdSfKd7k+/CV5YOrdjOW1flkNkY
+nlQmUq42d8YjNDo5wdFtvvMGlAbqpJE+66BuCjrzyFOdvUvn2crzzNZUrjl65/qn
+K6gj5LAgYwKBgQDvK8TySfKEFe97O6/TPVt4YeYenn9UPBjQNApIQCiIEGJauQuo
+vJuDBd/8onx1llzwSfTxoVfYYsnJh78qIHXKzfKkQEmqC9FrI/6j/0pn6o01F3Su
+oCSw9e8vsAE023STNqlNJUNp7di7qz+PVqYMgvmoB4REgN50bm4M+lDN1QKBgHsy
+2Ok/rcAGEu/xdulsFCcLG0HLDdbz0X5dyu2/nmBB2EThxK4zMD8K4wfi82k9LoAj
+1oEk2GPcK0qj9w4lpyEAZvX/C+Q7kAu8tbR+Fl0+y1ROcMlqKfu98X+HDNuz8+WF
+eC71P0qUt9G9cV0b5J3iDya6ZGKjNwuShHDLpc9PAoGAMk/6z3BeZ0b3QdJP9qoL
+sUqtVcukHrd1jmzA1R9A/qxrSkWc43SvQkKH9gKwYUUgB5tDa46QzeDd/2eTBOnv
+3XSi/7/m5OG9EjbDYEE/LSZW4As+PLIXVnZxv3OnIqIi5ehdEJ/ix3yvWVH1ufQX
+HHRK+nF/5+kwZIjmq4c0Epg=
+-----END PRIVATE KEY-----
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..9333bcdf4
--- /dev/null
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/posttest.dat b/testing/tests/ikev2/rw-pkcs8/posttest.dat
index 7cebd7f25..7cebd7f25 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11/posttest.dat
+++ b/testing/tests/ikev2/rw-pkcs8/posttest.dat
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/pretest.dat b/testing/tests/ikev2/rw-pkcs8/pretest.dat
index ce897d181..42e9d7c24 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/pretest.dat
+++ b/testing/tests/ikev2/rw-pkcs8/pretest.dat
@@ -1,15 +1,9 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
 moon::ipsec start
 carol::ipsec start
 dave::ipsec start
 carol::sleep 1
 carol::ipsec up home
 dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/test.conf b/testing/tests/ikev2/rw-pkcs8/test.conf
index bb6b68687..70416826e 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/test.conf
+++ b/testing/tests/ikev2/rw-pkcs8/test.conf
@@ -19,8 +19,3 @@ TCPDUMPHOSTS="moon"
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS="alice"
-
diff --git a/testing/tests/ikev2/rw-radius-accounting/description.txt b/testing/tests/ikev2/rw-radius-accounting/description.txt
new file mode 100644
index 000000000..6d0224cdc
--- /dev/null
+++ b/testing/tests/ikev2/rw-radius-accounting/description.txt
@@ -0,0 +1,14 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the client by sending
+an IKEv2 <b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
+in association with an  <i>MD5</i> challenge and response protocol
+(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b>.
+In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior
+<b>carol</b> uses the EAP identity <b>carol</b>.
+The user password is kept in <b>ipsec.secrets</b> on the client <b>carol</b>
+and the gateway forwards all EAP messages to the RADIUS server <b>alice</b>.
+<p/>
+Since RADIUS accounting is enabled in <b>strongswan.conf</b>, gateway <b>moon</b>
+sends user name, connection time and data volume information to the
+RADIUS server <b>alice</b>.
diff --git a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat
new file mode 100644
index 000000000..d23d6360b
--- /dev/null
+++ b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat
@@ -0,0 +1,15 @@
+carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES
+moon::cat /var/log/daemon.log::received EAP identity .*carol::YES
+carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES
+moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES
+moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 5 -s 1392 PH_IP_ALICE::1400 bytes from PH_IP_ALICE::YES
+carol::ipsec down home::no output expected::NO
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+alice::cat /var/log/radius/radacct/10.1.0.1/*::User-Name =.*carol::YES
+alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Output-Octets = 7100::YES
+alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Input-Octets = 7100::YES
+
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/clients.conf
index f4e179aa4..f4e179aa4 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/clients.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/clients.conf
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/eap.conf
new file mode 100644
index 000000000..623f42904
--- /dev/null
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/eap.conf
@@ -0,0 +1,5 @@
+eap {
+  default_eap_type = md5
+  md5 {
+  }
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/proxy.conf
index 23cba8d11..783587b55 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/proxy.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/proxy.conf
@@ -1,4 +1,4 @@
-realm strongswan.org {
+realm LOCAL {
   type     = radius
   authhost = LOCAL
   accthost = LOCAL
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/radiusd.conf
index 1143a0473..1143a0473 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/radiusd.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/radiusd.conf
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/sites-available/default
index 802fcfd8d..2de32a6f2 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/default
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/sites-available/default
@@ -1,5 +1,4 @@
 authorize {
-  suffix
   eap {
     ok = return
   }
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/users
index 50ccf3e76..247b918e3 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/users
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/users
@@ -1,2 +1 @@
 carol	Cleartext-Password := "Ar3etTnp"
-dave	Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf
index c19192dae..5f779d1af 100755
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf
@@ -2,7 +2,6 @@
 
 config setup
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
@@ -13,11 +12,13 @@ conn %default
 
 conn home
 	left=PH_IP_CAROL
+	leftnexthop=%direct
 	leftid=carol@strongswan.org
 	leftauth=eap
 	leftfirewall=yes
+	eap_identity=carol
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
-	rightsendcert=never
 	rightsubnet=10.1.0.0/16
+	rightauth=pubkey
 	auto=add
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..23d79cf2e
--- /dev/null
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..fe067d344
--- /dev/null
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/init.d/iptables
index 56587b2e8..962a418d9 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/init.d/iptables
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/init.d/iptables
@@ -40,6 +40,10 @@ start() {
 	iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
 	iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
 
+	# allow RADIUS accounting protocol with alice
+	iptables -A INPUT  -i eth1 -p udp --sport 1813 -s PH_IP_ALICE -j ACCEPT
+	iptables -A OUTPUT -o eth1 -p udp --dport 1813 -d PH_IP_ALICE -j ACCEPT
+
 	# allow ssh
 	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
 	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf
index fc8f84638..11ff84400 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf
@@ -14,12 +14,13 @@ conn %default
 conn rw-eap
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
-	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
+	leftcert=moonCert.pem
 	leftauth=pubkey
 	leftfirewall=yes
-	rightauth=eap-radius
 	rightid=*@strongswan.org
 	rightsendcert=never
+	rightauth=eap-radius
+	eap_identity=%any
 	right=%any
 	auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.secrets
index e86d6aa5c..e86d6aa5c 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
index 4d2d3058d..52927c1fd 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
@@ -1,12 +1,12 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
-  multiple_authentication=no
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
   plugins {
     eap-radius {
-      secret = gv6URkSs 
+      secret = gv6URkSs
       server = PH_IP_ALICE
+      accounting = yes
     }
   }
 }
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/posttest.dat b/testing/tests/ikev2/rw-radius-accounting/posttest.dat
index 7cebd7f25..b1f971402 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/posttest.dat
+++ b/testing/tests/ikev2/rw-radius-accounting/posttest.dat
@@ -1,6 +1,7 @@
-moon::ipsec stop
 carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
+moon::ipsec stop
+alice::/etc/init.d/radiusd stop
+alice::cat /var/log/radius/radacct/10.1.0.1/*
 carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+
diff --git a/testing/tests/ikev2/rw-radius-accounting/pretest.dat b/testing/tests/ikev2/rw-radius-accounting/pretest.dat
new file mode 100644
index 000000000..30c8bd573
--- /dev/null
+++ b/testing/tests/ikev2/rw-radius-accounting/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::rm /var/log/radius/radacct/10.1.0.1/*
+alice::/etc/init.d/radiusd start 
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/test.conf b/testing/tests/ikev2/rw-radius-accounting/test.conf
index 2a52df203..e0d77b583 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/test.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice venus moon carol winnetou dave"
+UMLHOSTS="alice carol moon"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-v-m-c-w-d.png"
+DIAGRAM="a-m-c.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,7 +18,7 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol dave"
+IPSECHOSTS="moon carol"
 
 # UML instances on which FreeRadius is started
 #
diff --git a/testing/tests/ikev2/shunt-policies/description.txt b/testing/tests/ikev2/shunt-policies/description.txt
new file mode 100644
index 000000000..dd78a5ef1
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/description.txt
@@ -0,0 +1,11 @@
+All traffic from the clients <b>alice</b> and <b>venus</b> is tunneled
+by default gateway <b>moon</b> to VPN gateway <b>sun</b>. In order to
+prevent local traffic within the <b>10.1.0.0/16</b> subnet to enter the
+tunnel, a <b>local-net</b> shunt policy with <b>type=pass</b> is set up.
+In order for the shunt to work, automatic route insertion must be disabled
+by adding <b>install_routes = no</b> to the charon section of <b>strongswan.conf</b>.
+<p/>
+In order to demonstrate the use of <b>type=drop</b> shunt policies, the
+<b>venus-icmp</b> connection prevents ICMP traffic to and from <b>venus</b>
+to use the IPsec tunnel by dropping such packets. Since this policy does not
+apply to the localnet, <b>venus</b> and <b>moon</b> can still ping each other.
diff --git a/testing/tests/ikev2/shunt-policies/evaltest.dat b/testing/tests/ikev2/shunt-policies/evaltest.dat
new file mode 100644
index 000000000..2f6e1a91f
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/evaltest.dat
@@ -0,0 +1,16 @@
+moon::ipsec statusall::net-net.*ESTABLISHED::YES
+sun::ipsec statusall::net-net.*ESTABLISHED::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO
+venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+moon::ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+bob::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+venus::ssh PH_IP_BOB hostname::bob::YES
+bob::ssh PH_IP_VENUS hostname::venus::YES
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/init.d/iptables
index 56587b2e8..2b90a14c7 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/init.d/iptables
+++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/init.d/iptables
@@ -36,14 +36,14 @@ start() {
 	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
 	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
 
-	# allow RADIUS protocol with alice
-	iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
-	iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
 	# allow ssh
 	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
 	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
 
+	# allow icmp in local net
+	iptables -A INPUT  -i eth1 -p icmp -j ACCEPT
+	iptables -A OUTPUT -o eth1 -p icmp -j ACCEPT
+
 	eend $?
 }
 
diff --git a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..a4958f295
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,43 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+
+conn local-net
+	leftsubnet=10.1.0.0/16
+	rightsubnet=10.1.0.0/16
+	authby=never
+	type=pass
+	auto=route
+
+conn venus-icmp
+	leftsubnet=10.1.0.20/32
+	rightsubnet=0.0.0.0/0
+	leftprotoport=icmp
+	rightprotoport=icmp
+	leftauth=any
+	rightauth=any	
+	type=drop
+	auto=route
+
+conn net-net 
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	lefthostaccess=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=0.0.0.0/0
+	auto=add
diff --git a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..a2e9134c0
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  multiple_authentication = no
+  install_routes = no
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf
index 7d5ea8b83..c3b36fb7c 100755
--- a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf
@@ -1,23 +1,25 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
 	plutostart=no
-	charondebug="tls 2, tnc 3"
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
-	keyingtries=1
+        keyingtries=1
 	keyexchange=ikev2
+	mobike=no
 
-conn home
-	left=PH_IP_DAVE
-	leftid=dave@strongswan.org
-	leftauth=eap
+conn net-net 
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftsubnet=0.0.0.0/0
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
-	rightsendcert=never
 	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..cb17a9e07
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/shunt-policies/posttest.dat b/testing/tests/ikev2/shunt-policies/posttest.dat
new file mode 100644
index 000000000..a4c96e10f
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+
diff --git a/testing/tests/ikev2/shunt-policies/pretest.dat b/testing/tests/ikev2/shunt-policies/pretest.dat
new file mode 100644
index 000000000..2d7a78acb
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1 
+moon::ipsec up net-net
diff --git a/testing/tests/ikev2/shunt-policies/test.conf b/testing/tests/ikev2/shunt-policies/test.conf
new file mode 100644
index 000000000..cf2ef7424
--- /dev/null
+++ b/testing/tests/ikev2/shunt-policies/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev2/strong-keys-certs/description.txt b/testing/tests/ikev2/strong-keys-certs/description.txt
index 9d0ca5528..fc1280729 100644
--- a/testing/tests/ikev2/strong-keys-certs/description.txt
+++ b/testing/tests/ikev2/strong-keys-certs/description.txt
@@ -2,6 +2,6 @@ This scenario is derived from <a href="../rw-cert"><b>ikev2/rw-cert</b></a>.
 The gateway <b>moon</b> uses a 2048 bit RSA private key protected by <b>AES-128</b>
 encryption whereas the roadwarriors <b>carol</b> and <b>dave</b> have an
 <b>AES-192</b> and <b>AES-256</b> envelope, respectively. 
-The X.509 certificate of the gateway <b>moon</b> uses a <b>SHA-256</b> hash in
+The X.509 certificate of the gateway <b>moon</b> uses a <b>SHA-224</b> hash in
 its signature whereas the certificates of the roadwarriors <b>carol</b>
 and <b>dave</b> use <b>SHA-384</b> and <b>SHA-512</b>, respectively.
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem
index d4b532323..929f737c8 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIEITCCAwmgAwIBAgIBETANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEITCCAwmgAwIBAgIBJTANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA2MTAwODEyMTI1MFoXDTExMTAwNzEyMTI1MFowWTELMAkGA1UE
+b290IENBMB4XDTExMTAxNzEyNDc1OVoXDTE2MTAxNTEyNDc1OVowWTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0z
 ODQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAtCwjB6Yni4jSTbPJ4GX0kM06nr2tDBdU0PH6dZra
-IXNaNiBthBNPNDeCYAQDG/ouwuywAJ6L2Lt0GYEhJSwfXMm87fYSG8qRP+C/nlKz
-3fCfsuZ8yOAo5NAp2kgvbFVdB5cMeOtid21UqUvDxkncjFRDgpERtrjSthalUFYu
-ObIcSMPdlcDho73jzq6zVK5XDJ4l1LHUQLbS4SzyrphCYKekTIoDy3YwRUys6Pdm
-4QlFBIXuBwOYHjclvVu0HQVNSM4nWAJd+204KUm/+8neO0kn1Yakv9yoa47o3KGP
-3XjtmcgY9SqBbuF+8yDcZQ7+5zUBjc0J+d8txdPoIjLi7wIDAQABo4IBBjCCAQIw
-CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFIUlEfDm3V0eDmRrpIvj
-4FiPpGlpMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw
+AQEFAAOCAQ8AMIIBCgKCAQEAuByYUPGv67XSQHjpfFjhuH/l/sMIQGhsFcO4ebYv
+7otSsjbH4gasmAOvEFxoIxkOG9IWFAHP1WyiqG3sOsyyfUg6wHl1FTe4Y3kHWZp0
+DvtT6CWnnxQwKibIhXfB3IPHRTcRG1zGN4J3Vl6IofIRlrl0K3NYUUofn0xMKAoS
+hLjwuqq2eviX5NIQDOTnoga2C5Ed58hIc6/YWXzfg9EpB194tcCWmSj7yfq6ruD9
+xAh32ywd10fsi4tt3F/BWzXjySxBlBhvvh6kL/Nqa6OSWaXsvZqXmrYm+hm4LKkO
+ZLZYzBqJRpRm1rEhYqMg2u0SSSTXsNFuw+027n7Vt8+DzwIDAQABo4IBBjCCAQIw
+CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFPk6ATSleHErWFAYkCZD
+BhDo8X1qMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw
 CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMS
 c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3
 YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAL5ZmFmy8lW4Vdwq
-hWB6qTtLLa1wwCvTXwbV9V+F8dK39AvHj6CHFqTiFhAbGIq/Ryt9cg2XGy1TDjVj
-hQEua7mjp8XH2j2NLY2SiFTMjchbHmMylFk2FrHy2ZnmlRCiH83TAw+EnUWsQKj+
-gL+7Of9SpiaaIblrl+aCiBVktRuXcFSaxjYWTVXOeTCwnxQdF2SNtUKDoCuVPk1J
-XCrs86mj575xL/FGjyN4SVbjTEZ4lm1emxrf/RblZOhCKp7mUic8KyP0kf7o6X8E
-MXXjq9fDQVrSDG/q62uhZu7CyInnBpWnoUKiMImSxRn/cs0r7RUspC5DtJyhE33Y
-DW2BzIc=
+cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAHiE/MMyXJXuMuhw
+/lu/UwjCHbbJMA9QrBJe++34OwAV0siM98loVLs23vHXk/52QHRIwZgMLO2FF9Pk
+4JkFOvTXCgNPZKrUL28UhHsnJe8EZVOuir5o6yTSti+J/tR4M2YoY67JjW/KeTwU
+BVBtBVH88gf/xm2mSlIrkHxG3/GWqyEdeY7BOaft1sFTTZ1gKKXQlARtWidho1mf
+5Y1lZ//kOuvMjnk+hEWPWESq8lBzLOmQGBk65vaEH3LVZxSQVJbfG2E0dHgPZNgc
+hFOS8Oc6L6AfKlWHAT0ZCR5+1YsxxnlsftHzxiA0ayGCgpn2qcN+OPjfzPCtC80N
+6oXDLZM=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem
index 979740525..497d957e3 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-192-CBC,3127472197F76F3E81FF26DCD894FE6F
+DEK-Info: AES-192-CBC,0BFCA887A0607C7629452B14E865F782
 
-ixCdabns1DD2EVjOUQYbxes+mSU6WmfUnRPBthTw1K3X7/jYEVRrApZlPoRxfitg
-7aHdqsV70elT48ucP4z410jupq80OI5/3I31zHiqDpmUNXr0ZGs69dC2g01op98Q
-IWfbHygALh0PDjhczHWhDBOx+gJDN58qgMfCI2hUDqpcYD9gvEpkkdM/R3Ggwgiq
-f+HBD4rQHcpvuKCPIOBVAR/4cXE3D8pcls3FJALwNGf03yIm24hEG2mTz5cDIVTw
-m0Bjk5Hbiym4LBreUoVQUF04wDXsuDtz7m1IPkw4GsYpeiomqRyAs7bKUJhbKwaK
-/l2MKoQ06Ofx0kc20CG7/qoboiqUgDEOsNd/qdMVOXcqinONW2v2T8+mEi/iLZDJ
-B6WXoV15PBkHXfaKeA66oFfF8EqggF4gLoPwekz1jvz5hbeTNYCiuFsMV9ntTxoE
-opohFNBvY2ZbJUmmkecgSJcmmByR2cahukh91PjssfZUjMOJjoTpuB3OXF9J6g9U
-RKWYxgcyT1n0e0MbYxe4TXHxxUDa5UBkquELQ2gcmJDO5GFuXF40mcvcz3Bse6I7
-GTRvhSL3hmRvbODE3JVI2dISHJ60Fethjxo5JNmCuBqnSkc2KPvsS7ulqANMnnNE
-5u2g9RMAtYKfkwscLY8zByouCZTS2pAI+LQd/eTm3/TAZWDJx/Z2UA5peFm2At4n
-aerRYP20TeaAI4tcnqsrOpBj0ouphgkGUTGAbBhjR3c2rSoOHxmjQXJOAc59vjgG
-zBl2F9M1xtjuTFZxFLMbnx15W1l5rmhZmSTdDY8C5ePBcjn6umxl6QdwvPjbkMIL
-MoeyM6w1Eqweg+m25CFOCWrFnglZNM6lcsR3X88oz+gzmHOs/VtAQn7vCA2Ukc5m
-RuLro/1juBjMrXd63Mqvxml/0lcSrXH1/ZiTdrdakU5rHNk9554tSL14rBSD86tQ
-u7unnobiXTmE0l/fDVuRYzW/Y8GGEr5S2t7SOuNFnU+tXTdavftJD0D7F8v4/bTf
-ObDe5qJ/7Y7X/8i6L+va1cm5rXNDI1qrBgwmNv7FbY1G0qBIP80ie7FbcsCpXauE
-T5HWTOdJX+xpTVCHXnBriMhlFHXAIKUVdAZqbzgRFWPCOYpzpztgny4l83qP0OLw
-vYxvU7RSGFAamRz05t3vHXy3X8n7JulleE8laBFpwx9Xq/bEAkwwmZq1Y6tbksae
-4G9aJ6Tdr4SA7BsH+FrtLtwFUkzgmKg+MqDGXamFSx0rvhksl3u67tMpGh0Il8KS
-xGfpPXRKaeQwZ18AA1xfPVl01Ajuxhnmmr/ng8WR+DfBpx7uK3lSpUX37Gh06DP5
-Of9oPHpc+Z0Asx/k6XWYGP9G15azUXP5ejebl19QQdZex/wP0MkKNlZ/BH0xJO+a
-FLOkg4OhtTppIA0dOhj/v/WCLC+pdl+78pBOQO7dpuJeYrcVvhiQKMhEJdYiYLXY
-ZcbN+E0Ta8I9fX1D6qgIEhL0NOczEYT9kYYQZJf2LW9k+dxICPV/0hEjaRNyMrei
-C9ZP1k9cEhNMSVRVV2jm2PhOW3nvOFUNkG8OIfFhCri8dXWaGVS/DMb18rpSoB+B
+NG0IHVWcpgMabsPpHUOQeWi5pbAaXeQMkBMAJt2v5UIkB8oKojx4tFt98IKxlkPX
+oUNYiw5Ku5Iz61EgO2Lk7NKYB1RPVYSvqnNOtqOdnbU6mb+rZD8dP42wLmVU91SP
+VkBGCutAV3jP+lP5WYxTqUJI+MHaWaQxxDABgVYwpOgRdri1hqvcqVU0+BIEgnq0
+PzjOGF34zOyProCo3T8R4Y3QkuFy9KJAKfBRVQVyx2Mmu/3cGB6k+7YiU614WBxM
+MlG7gMWx054QrYte5G9RvLCv98katprqbxSFF9Co1aOkLMxdY8vdyEn0I+oUfZuB
+bZ8e5cdWEzdkz34rquh7cty+WyMfwboYgndXtnke33k2nltoP4Nhvgehyo3hQcio
+4elGTyYTlzzSR+bcAtF2otcPL3idTlcCJQ/8gcydotY3oBI44lUhPbIYONKQYYUX
+wYrKdZDHa2zxKRyWLEgbEqfN3S20iITREUu5pTAB4nzNtNf7Af6R81bS5/WsfdDk
+VfJJC+ICX2GWxNefUPR+/wMtHLv2lIDzuBFFborF7v5YYHbQpXpjWbpFVaw7/0Gf
+d5XuHG3OBMmZL0q0rLbSrOfWISJ2QnPmC9bqp6OgncTMDuMXkmyXTDu1F+oT8gZ2
+IBRL94gPvG5hJYaAIZXxxElbxhzmNb4E1nnYikYJXJDvjOk2+yPVZkVOCBGqP5Mn
+p2ieW5ZBBlUtnVcRAalJKxU9l/vPjtQjE1/aeH2Z/B01Rjn65kiVXwyLQxnxBtDA
+ed7Rpdc+wcnlleMLkIg8FntXpb7CIxqNx3eC8yaq7kHDCaWHL+6/4bexb/Q7Nzxi
+H70ITSHu7L4p1KpLJIyaYHRYG0AKjr+vezK5SjREjZMpH+w805QLz5d0QpJSDTWI
+XOkPW/vKvnacvUlPIlQrAS5fxMCQJgQmTGvbKnC+qE1Tbkc4Bz19cZn6Fseq1tPa
+i8w2AKno1t+pRfXXrh7p8A0YxEBA0atf1O7gnyg6aMcMHfm3kSxq6xuPhNI4gG9z
+v3yLNBd/08GGEtHNa6jG3cvankHpG6VUjFd5jwaHpvLZCh8U4sA7r4soXXag49LC
+Y5UkHcjFkcbacBKX39x/AnGUCmP/bq+PLJQ7z35XQ360rqFTlGPISGzLaDiBKFxc
+53xtkkgTqcrZq5Tv9xOIT+EhH7Z7ndAtA4hIs4rSc0d6zde206w3hzqzUwooPppj
+qEd+FSb/lPnKQ5Q9z8pod28+CxCaxqxFBqfDT6ORlegdlvIWDvw4HS6BVWK9ZVy+
+xODJ4t1hTuTNEZUiyG6DMkhuQ41L39mnHxcSjWicS6BLYql+BAxM+Yp62VC5q3p6
+qIG17JjTSOm4FuyO2R9l2/jXjj4l4adPDtCmpJfI6PXjXdptWBITl1YrgHgeEme5
+H+Ag9HQgqbuP8REc4TwwCoMOV38KLsvlxK2oa1o2dJPF3Tck1rQNVM5mY8TnxSN2
+ozygG/ECyMoCyBDJYELfh1SN4OmX8kbsl4t6YxqydmRy9AqaLOwwSCKIWLH0graF
+HwDujb3VkM9nhplw8aNeLZef4M1EpCwVVW+i6h9ADfWClePjJlJ9XTtgZku1TPEA
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem
index 73088cd1d..fc769c1c9 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBEjANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ
+MIIEHzCCAwegAwIBAgIBJjANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA2MTAwODEyMjExMloXDTExMTAwNzEyMjExMlowWDELMAkGA1UE
+b290IENBMB4XDTExMTAxNzEyNTAzMFoXDTE2MTAxNTEyNTAzMFowWDELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS01
 MTIxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDL4+PsltDM0QCCS08tkefhll5Q0nb2VEdRZotBIdt6
-XEY1kmDlw0yQOp0XUznnIhcrxXpKeWpLqJdbo56jSxMaUB3Mod1u+aKvVhCgkOT8
-uQa7gIdcNMuXnfnch7yYYS6YxVfzdr/qXBxmVYNbR9sXy48vAD6glZLEVjDITHJO
-a6tEVSrAOMyeuA9XTYJiGw5loj63YbUr6Ikp6W9SncPCtfX6G2Amk38MTuITu93W
-Pd/bGB06ra6gmMQGAhXuGs14n3QZfQz9PWTp9TPsQNqQZdEjQyNdfeAKtPuz5jnO
-cnZuhvVR0q4sxWuy64vkyZ57luTZAXyxdInBeBOp7sC3AgMBAAGjggEFMIIBATAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU0wvMMeoe59mocM/RiYnD
-iw9NUm0wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+AQUAA4IBDwAwggEKAoIBAQCs5SBCzV3Is/w7CIzfBXRGv6uXwyDivRXXYsczeSRf
+5mw/slRVAEtNbX8rQ8BWLIqiJPCLDek5ODkqKI+hArZVpJqMzZyql2Teosrtnokb
+h/yA8EWtEr0jII2RxQ0xb8r25h+DwBosAM15B1rCAMmJOjbEMMBGmAb7y7N0K8nr
+Z8RctwrRdCGVcg+f+LFrklF1tBLs0zGIrJsk1eB0XbrB+fEPar9Lmn+/q2QHGPCt
+aOlR2ZxRsjqsYJW9yI8r33PVVm2aGmS/19UguEG8FC3owud0boHfP91/NvSIWfhP
+iIuDPjJOBPEJ/I6OYjYXXQuOZYwFGau2WrpNDQioPgedAgMBAAGjggEFMIIBATAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU5re6olyWAt1HfN2l92Rb
+7DDCnxMwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
 BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
 dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdzd2Fu
 Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQC/uKe2O9elbSFgpKP5
-7ZjJrCkYu493iH/PDm5G4D76q6WkRvZDqTgGDSIrXrt1xRLIsVJES+HERxfED0DB
-yXNe22p1jR8iZdCesZxmEsKYyLh9XmeixKCfnLvStWCVs0+vqwhJlIkyEAveZ4HR
-Yq121khdmCDDUugpjEl/nU7CLvCRVgFrlhDm1QLs2rYqxwQrJ2SH4/1W0YRdkY2R
-vKZ2ngjLBNjBfXWNXSOpEAG367nVam5lFAepUC0wZTshyCUXt1NzClTnxWABm6M6
-x2Qwg4D6Qt5iXSjR8+DGVh+LaBL/alQi1YYcjkxufdFHnko294c0HsZcTZ3KRghk
-ue1F
+L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQAtRPFMSuEnPmqeC2mF
+OE5N26r2p8HfB4FAPwarlg66IIvKvkk1zqn5YfZIXfMU/x5q+85aO31iQmjlAPpo
+KXqRq7V0a0ldjXEr+Tz7xG3jno989dBrD3kQZnwXR57xGt1qTVGY7uQdbgXWzVHM
+GYS6gjUw7Df9vAQcTfUxUpZc5wlDoiRrFkyPc1raFCZF3//Ig9agjO4r1SzPHYw7
+LrHJR1xkd0IWVTW8Z6xB14j452IiimhyK1zAR3zmh1vH9VuHDLHMhyjSl1R+gk5U
+KzDPaqXd4NA7eIQNiAhysYTXfmUYytbFNZw9bamxTxlCmca1snuTIcFM5OYOfxRT
+iKMh
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem
index e2a1ccb26..3223c1dfc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,088DA49D259D5876324277FE7C38F22B
+DEK-Info: AES-256-CBC,8AF4F2ED0B6D096AD675CFDC4F41083B
 
-fChe2r3NjWQnfK3tFIUHtrnYsU+CzbGKmWE1T8ARaLeVC7XtPN99odBYTBOzJj98
-REHk41NWHlVjcY+2ACedniTsQcvuuN3bMHGvyikQeLmg7tc54pQrc85BHfdGrU49
-5Bzhxn29kqY33Dt2aeAMyP3k/b5HyZlCGuQUJx71uPsaEl1so5QE0aIBLaCutIUz
-zZcAAa6ahFhw2oOcU2kj8ACGzXrJvBhVU97/yZTdfqrTJauoPXL/WQ+ScfMBhQ0x
-vaJbaVy8On1SXTMH2K1ehszjpeFTeRVgndkWuUipwm/xlyzoubs8L4BhJZNzV23r
-04ZGYxwSQ0rZBEt+TqopVpc/iMx/vg33P8PHrI45DeoztvjHpD6Fgj5Yh2kGgU5R
-cKD1ejgX3FMwTSI5xumUi8mQ+N2pUIK9polS146dpQRoM8F9hsXkYoK/l9Em5jJA
-V4vBBbVr6E9G0fVyHboqIzAHgFiC3xnCvVC/Cnyit4zD7D0E86pktR0y4Imtxten
-3WUV4rNAVkLR0D5Hoslk9nsqEaOxDBzUVU/zfG8GXItpWQgug5sb6RjcrK0b4Fit
-iHsEO5qLZ09cM+1hoddgibUQd0G+iZDPfPc++SCdZVjcvdSOOtcUCJwQGjOdGi9U
-I30gjh1Vtql67CnykRmk38duTFFNpL3zLNGfiA+kUeHDr0C4zeD2NsK4v/4nLAO1
-OWSYYFGrhbU5C96q3rgczdh+TurgIhM+ktBUJ/7yYV2eTRlRT35Wk03O7STBLinV
-jaXuDBOKb/NAYgA+xtOeBqd1c4cSdOxJEv80G9hhXxxNgf1W1OHDNY6+qXhnLZJU
-o1kbF6QNI+R+ip8643GwdLEcz5s49V7x53TDcCGnW2TwzVVHvj+63u5RPcfu8b9e
-gz0ey++z6OWvEIt/7NiTzA0dZdmiNLY24uHDHvQ5XmMs4XVM1r5wSFXvs/tDuUpK
-/a9zMbr12RDsObVcXXr07FD5Zyh/y2mBEB7xRFXKk5tt++Hvlzbgqxypgq9t5+m8
-PBddV4GarMuZw8bRjMHJ2CVY1VyRGIx+StsHehVMWdfzZTm/Uizq/yPaxqbQE8wY
-Vcm6wgYRekAga6I9XsHZ0TBfKtfZqXf0kXX0A+ymQYbfyUm2MqWV5avOKtBRIqcW
-B9jCKxah7rjQNlI7vzwZ/whePHU2sL4D23aGGZa373Ql2CmB3AetxYtkRGTSILw9
-aT+ZNgh+BGq6lcdlyks29fFuWRlE+NyJIAwmIVEisZGFijFe5WXBhKWsvEt2JT1v
-3qW9lMimOgpkClroPSdb9gQMt1yXDR6z1ty+B41kgy5qSxUiL8z8EUCWPEBPrz5+
-+3KGi1cU5BsfptnkFYCSnVSyRxARh310mruQ2Mb6ipIXX95ejQPSskz5P4u26Olt
-UHyS0lgDc8hZTwJUchE5wqj4bAJs12mKbIbapjYv83OAEW8ybGz8R6QVMp3pAad3
-O2WGef6evGrbGKHI6ACMEHaz8fP8GIMjhbJkPxsXYGRsHbUsqYcSmew3EYW51qSA
-xMhrzZ6e9ow4PYDuNnUc4bFeV0BIVl6kH7KscT1LBtJVJkXDDoddxFiEhcRjOLDr
+2ezZg1fOw6Wcvk2ei1VLqpA1Z5lxroSsibmDu5+UuyJyTtdbPPY0iWxnryVoaXBq
+9VK4AD7lkoJOX/CymbzSSOkBL4t9fN6akefTN6rEY6g8zN2q4al3xxIvZv0WgCDg
+XxqJ8ZsdZmUoe12RbJ6HvMw9UR2m2XZYvwcD9+hzT8Agsy5JBV5Nkgxc52ZVYoIh
+O5E+PI3w1yrXrzIPx9H8nj3VKRGguZCVFtae7ChSSxotoaIQxM6weVkEDUQXtSs9
+CmtXrn/o6uiafzfHx2pPELdsARlnuyvbKATrOr5lwnM4kwUl+bBvoRI7YaUsg/A5
+48gy82PQRZoWH3ofQv1d24sGc6ZctrzRRrCLzDAGDd3fw8bJkV2b/9D1u9O5Df7+
+Vs0fdrRoP8ooa9d131zBy1brDUckTsTIQZ3Sn4FdBI610MX7l5gJ+7vXYqp/rMOt
+Rq8LZoKggzeklwYjum77YFdtbv4m4ihI4DUYHY0xWgMDUMQTFLEUgvAeNrPNRRwI
+Ep1JmV9I7it6DHrCD9QmVWUoxSgRqodQDV4p3npH8WlrJMlL0ReiOJZ45PWOsmvI
+AAjdsKLwqQEfXkckCvtCM7Nuu8pNA7UUm9TqNLFOFR3HWtm0si1IE8iXu3v/o/tx
+OzzRl5pxc1tg8TFiFrNT2+6+HcAJOnWboYJRJzkcW2UzVpSZ04BLiXHPfGue1gG7
+uPZ+pp3k4iQrRRC45I1I0MwE2gOpppt/MUmNVPGqvL/Uu4RGzOjPk6Re4mm3GvIs
+JOD1Pqsg01OUqKTNqsTPEld8vLwFPlOgXwmPLr5cpC/hGo0YUx3ysJ8Hw3FN20V6
++nm9xWpPytNqfaY7jaxhMYZPgz81WOuGrlCv48VkoJiWlrTxbaq2t4IzR2SdyXKd
+HNu6ryFn0WVw6hVm2aE8Al9mLxmaiMhg6HaonPoQSVoHRCCM8/GoJQRx9I6lonTC
+ZY04BuAUT+nmMlEa0vlLI+tbS7gNkSNG/UyUFGRN++vzQE6s2LPfe9FRsdOfnhaO
+W2VqbFbiKkPK+pKXjh7ln+NMrXIGxYVtuKWFEUEp9drh5MQCUFNLTn2Jblb6u0kQ
+WdBP9Ku+ea9VprmUVnTYhaRZbuMwQFlfx9eImZ1UQPs8MWSUWI0t4RB+9kdN66n2
++H3aJTpGv4BGNdSohSCbKKe/VttflnkMQHZmSY1iTDQJhZqbMSAuNv/H3DV1ZBWv
+pR1MYwG/kXbaKaFRTctPE8tLxTvO8GG9JmOPuMgldYD2wq4zAu4Fr+Ve0jjznQGN
+nGDtG7NoUJxJBbcFFPY4pRH3wtLWXlc1WUnPAxen17ZjbYHrvA3WJqTNCdtQ9tan
+StaDqbhDTwSS9HDAvdH7tXLk+lQ+xlaeKFDRd/6K3Tngtjwly+kJjTH1bWR9BXyc
+rHeDSpexPdMgVccuDTGDloebjZ/lZVKqkyL0f4/gDOtw7/0kjTZZXkkoVeVKqQyW
+aHREhiszCHhJzW2c+Uw7mPrd4tfolPsI6mneNtt/6CCf0kl5Nkx1rg7Anzo0YSvK
+vHj7ciRZLri/B4fOFhfZvk4Qgjoq2t7cBKnuAcZuN7pNM8DRruDekrHKY2+uHJnU
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
index 64d160f12..f33f26797 100755
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
@@ -14,7 +14,7 @@ conn %default
 
 conn rw
 	left=PH_IP_MOON
-	leftcert=moonCert-sha256.pem
+	leftcert=moonCert-sha224.pem
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem
new file mode 100644
index 000000000..bda4f528e
--- /dev/null
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENDCCAxygAwIBAgIBJDANBgkqhkiG9w0BAQ4FADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTExMTAxNzEyNDUwN1oXDTE2MTAxNTEyNDUwN1owWDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y
+MjQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDEPYW1tmcbkgNMcnOHXAKHlgL2k7r1+rVWJ/8NF9vI
+7MpQ8qomHPV3G00CYSQsCDgBVvK71pasiz+dsYdHAY28ihb2m/lsaSquwsb0Fexj
+hJiqaohcLJk0MjTDUdArh6iddvDAYMDkfApM49TaXNxdz0sffV5KOIH0hrQe0wsw
+P2p/SHTATNh3ebTLr8Y7dMKecxFrKQswZc+d7gvIftZXRvjsUprc77dDURGByPw3
+N+/23chuDXNNaxMylWQhmiTUne8tIyg0vtur3do5Dq1IqQKqvxSfBjRL6ZJU0/6l
+KuhChV0cSVd2H2zzovuke5XzHzUsoESWXWYK9qIEj2HRAgMBAAGjggEaMIIBFjAJ
+BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUT4FJonJgeZBpFHc8iosc
+WWM+mPswbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
+BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
+dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu
+Lm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRw
+Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEB
+DgUAA4IBAQA60WN0QwQuFVYg/C156POjKENZP9CGF8NyiC/NUYqgbIrGGTTpwTxs
+pW/+YDG1tVtCkqtLGsO0uZRe8Ihs3afNsPMNlCiTCPgrs5erc4ZTv5MB7Ap2lyL5
+NSQ9SggICbQhkHQHP6TINtas9+FrAw10jWIa107DYLLC7Ea77Y5vryL6/ymrpwdL
+Vwm9kAkGYvm0lmzw6YfzPskKc3MpWnjBTraPG42Z8oWTEDJnBtS761k60lNwndKC
+JdRUxoOOegzsKIIzorRz9xCN2zA2CAeChqHMbBpNCRwl0dQ00ztXReONl97iNgw6
+NrdHsqCiH8Q+I2JCxU230Zl6UFKARLo+
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem
deleted file mode 100644
index 307f4953e..000000000
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBEDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA2MTAwODEwNTgxMVoXDTExMTAwNzEwNTgxMVowWDELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y
-NTYxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDzXHm8D8sY1lmX7o1KK0jt/M+UzAI2Ifpx7nAqoviH
-XQIPe56BOAm4zHhEIlojEMFd1nncplXvDDGjuV/2F0KK1bFxbNtom88Ix1jrRWtk
-FLopYwj3ERC2970OhNO3nuPLrnEAzj6k3XPGMTA3drGnpRf162f7mHAdmYIRXtWm
-mfaecs4wGFs8BFGdeDfo6SPhQXZSBwZqjzQxvk1PA7E1qifgR5IGNZkNQRQ9IZD0
-86xzjmZgg5DaJcQKw45elpiVKQN6OkdWTngR3uUBfseWNeRGP5UxCUbDnPijWUbA
-6ZAdEfFXLgSpSoXHLNttvGg+SWm0kgKTpHYWYhvpflKNAgMBAAGjggEFMIIBATAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU0gL3aEo/H8c/Ld/GkBTb
-W9Ma+nUwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
-BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
-dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu
-Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCItzRn3TNWUzczBd8z
-MtdPEsRl5Oi4fV3UecQxhjxAmJDLsEZT5I4uNa1XoLkJm6jVdSL7k+bjzjmpNJ1H
-uL49cqia2yTdGP4IU0K8dTGaflg3ccaLLGGXTWU/NtgdI1o6yuZTwb6a9ZL7wWZT
-x21BAsvyPTzCpUS1yCK4bFeYOxOYDphUGcwb0JTuRxx2/710b+p64BYiCfVkQJxT
-eF1ZtjSW6nJgzMRg5n2zNpdrdXMMCPI6Nl7V6wxbs3Cphmz5qx3lijwi7nZt+jE5
-qK5gphph1MkKIhnA7MF66KEcx5Rknao68yLBBDIA/AISZ3bCIj8R1SGgl/tMYfep
-sbRF
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem
index bc9ed38c8..90631fb98 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,381AA672F615E55CD044FB981754FDA6
+DEK-Info: AES-128-CBC,3EEEC63B86A4F0864B610F29D446AB99
 
-whvkSUJ2sAIH4EOu8vT9LHcKKKG6W9hl/hO++/awU2AVtHn6mYlkkAqDRJiOZbbT
-vo0ndy+0B0tCoTyKZbiMRNc6bzHPNgS17cVa2wXrzzMo64xRcElzdN14L8UGA7Cc
-Wu3aD0zmzawU9uRZjaQ4qA46FPz/S9/REImZ02QSALIzZJSIIDoUbznBitaHYFve
-eLl7e/0vMS/s03FaRNKrVhids3Z3q7lQoF/z5BzBaKNBaDYDLhMeScjNF6QZnDUe
-k+++/l54pozl+RvQI6RljPhOzutIC5D627zfordITsBRYEhv6KPShy673H4McaRz
-tx2zkflsDyPWDWmRLxA0GfD5jQvbS7aZU1R3iyi/TDXacHXlR92bzVu4AHZClOSn
-fypT1h2YnUQOMMw9XlVKklHCWvgpWbVmjiBbnsIh1WjORLgSielrGP/iXVemgzEI
-kaTErf7B7sx1pIMyQ8IFdniFryUSuGDvOV4Dt/PZhxh2oKIBIaVYwrl3jQvYlyNv
-vpBD6MU2wXU4iP7kt9SN63RjzQoYk7TA7f9JlfXlBrjjwSjPYB1R+MoEfovvEr4j
-PHghYnwtwZ4Ok3kR+zxR/M37iJ252IDkOwTuqEXWQMlOlxIeESlh1OYKVLptZwgB
-0mFzzx4JapkHP34c4ntsFc3AbUh8uSt67zLJ7JDFhSQ6ltNu1/92nOjXh5tzwGvo
-ak5lrUpi2zrgyxSgF7fxOxjXr604f7yxOcoWfXQd354dUXdxrMZigh3ajwsGwXxh
-o5Zv+EVXaIpnHnUYmupJwrKQR1ffdVCPlvys99/BlGnvsBzLx+hmut1pjnFwQCPf
-aj8Z3NhSdWspQiUzWm+DXpqPKt+4CL5mdxcjyye9ATOPf+30iuY25WvwelT4rgGt
-NS0iVMJSHnPVMlcibCwVtCl8hvjzq2TYHGo6cCKDaYJ4+Hy6MjgNrHA011HkJ9iC
-P4Ysyq04/OiFPrl0RS+om29By+4/O+w1t0HpuZIFTm6oRg7zWcXtDWkfrhu9WY7e
-m7FI8O2f3ezPoMbiRJmdEi0RFsgyqkTdQLOUUF1ad5ZHEAVghsgvaPG5aRLhXQin
-gqNvHlDmpekOTDLbEn9cyDf5po45LrUgGOBp6DK+AGb6SymjonNxczlG/eNYHtch
-AXBdz5A/n6uP1DXfmGVyI6kZKU+Fotsly5Iov6SLcEicLcfA2oKHK6AIJL+IWGGL
-kkShWx0Dv/2UbEkKDjFl36Z0oD5wSW6fyYeslD4IFCjXwkdgWd7l4nreisW9YTl/
-PdnVOBq6yQxfK0WlAxfGzAabmknIXkSE/BlTb5y8q92U3tR3YFLFQ1hPaSPIokIu
-Op51DMXOfrbnd1iBrybduktdljoxlcAGmg5Dfz+s9fdkESQfw6oNOP5cHxfctAy9
-k21dKvkI/PqWkgwVv94wX8bWx0LgC0aV3F62qM+Y7/r5N4ZsD76GY7VFIFeSoPKx
-Fn9yZOl8JzszvlWNtG7G6DwBL+ZyHS0rM7UEyTwWp8mLasEO96V6dYxD8LqWNbo4
-hY/6xsZOtNDsPdW/Os7MBD+Wf2fL/gzrD7QJyqcy41K8Oxhn2W+Aso3s9DnJ4eSt
+aUw9rzSBLmvzVlWlCePyRXs2LL10A2QGVjB9jiarsjVLd5k1uVPrLVb6lcTVuGR6
+9pC9sA7+F9Ub1V6oe/n5f1UiHiLeaqdYShfVan7N1z0Kvoaqg1qaVNmbGuZH81Mv
+VH/kvfKbig6Gxyn2wxhxoQ84r5uVyzzrfQlrqcwQze43NuRaxh6Eov/vpel8yB4/
+HNSEyItiDenT6tDO4Exw4H91GYWPbutaTmcsbaDSQS54LMcZZA/NVu0Y/uiJ6lxJ
+5qQ8xejBC07nc/g+GJgFRxetd56FdiTXR4ADVUiSgOrUaUu2t9NIMig9VBNYWsmv
+wlKI1NB/Jt111AhbF+wdw9M0Yqe3O4V0N+jTxTzff+0gky61T5CxbhCMosD/Ohzy
+IhRjeuL2gFvCENd2kn0U/1POe9anPJEo7mYfA8oYpxb/jl8KxIxssxLKGDE5qF8n
++J8jGDFbLkiwm/pDeFSWc1LZqKfZsSsBMhffC4NR/hhCi3eY3HnMpnyngzpWpwwY
+eZnElVXFYro3qEuJbLRUkD/7rrLgU+LMoetdB5I8oaEvKucRo7dulLNXUFCt6tbK
+AXLWn+pTCuLpjtAXxWjF6Hyr7ssLEcLjixDwdb66Ypqm3YncjFemsRFncVQe0R0b
+3LY0FH4+GFFXAOywrMP1rQ+2mhl+BH079bu+BhP3bjusJwqBhlz8j4cnbv/STWGl
+B9XnMXYx1NVOMFF23zMm9ftkPa6PvkZ3TcGJX2S849pxPTPrA0oFLfIPqyYLqZ42
++a2jmMdr7lPtcT4ENshpWZ1L8O25Bl10yll+Upx4T7yDrSD/9P+yv/MyIlGiV1x4
+N1oaaVdTLU+ZZbpjVUmD/eSprGye8FzblEhSkY990m5kupWxiPmHzLCKHRYBOnBS
+rNdyiz7pTXAQQLZBP4/RLDlYuIyXmbmn61PSdF7u6K/daUf+voKHHGi5m5NUhnS7
+zkUx+ZrHUoWhybOeMoQT0lsx0BsD+NiuqUbthkTFXyLD2dhvWcyAtsOW2yLMATa3
+09HPwdjI2ntJx4Msz1jqBY8XicXd+NHS5yx1jvg0POnygX4sU9xF0J3hfk/Phwfd
+Cc7I+jWi+1yPwKi85PHEs0F6SW2kxOx9rmdwXi4EC7Lii3d8LtCR4jEKswzLNwRn
+uceH3+vUv6UZC7EA9cdcmh6RWe3HvTrHNyPoYHng35jT5aZ1lhYx4bg67TJg7I6y
+j2OyP48YhbKvpF2S8uUGdhCZSYJHLqh3yDI1DrzABMZ/9s0xpSfQtzhQYVz5svHk
+Hv93VcbqrYf2Cx0OlxuZG4EEObyYdSqFnqMQBEf/L53oDe9jJKVaXt9IA2XHtyBD
+SAjQeDUUKlzfD+CctjX407qpF2Z22xblGVKzYL1V1oXdN4E8GXq6VWQ8SSwQF/2H
+wQYubDOJ6xxP1PdW+ws2eXhe5g49cSW4PgIpvmxyUEEnKro16RQL4M3Hv5VJYic3
+CRxugrdJWLSrHGnoz/0W5QUTzMX4L2RNf+xeE3eKU74qj2lWEWZgtZLW1waiTqXE
+MBvvFYWh/qMOprpTlXWG5vTag1XLj55uutz1KAVXQRg6AbMKpLXi7wTlZ2nUpUbj
 -----END RSA PRIVATE KEY-----
author	Yves-Alexis Perez <corsac@corsac.net>	2012-06-28 21:16:07 +0200
committer	Yves-Alexis Perez <corsac@corsac.net>	2012-06-28 21:16:07 +0200
commit	b34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree	62f33b52820f2e49f0e53c0f8c636312037c8054 /testing/tests/ikev2
parent	0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
download	vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip