summaryrefslogtreecommitdiff
path: root/testing/tests/ikev2
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-01-02 14:18:20 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-01-02 14:18:20 +0100
commitc1343b3278cdf99533b7902744d15969f9d6fdc1 (patch)
treed5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /testing/tests/ikev2
parentb34738ed08c2227300d554b139e2495ca5da97d6 (diff)
downloadvyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz
vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip
Imported Upstream version 5.0.1
Diffstat (limited to 'testing/tests/ikev2')
-rw-r--r--testing/tests/ikev2/after-2038-certs/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-3des-md5/evaltest.dat18
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-aes-ccm/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-aes-ctr/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-aes-gcm/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-aes-xcbc/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-blowfish/evaltest.dat19
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/evaltest.dat20
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha256-96/evaltest.dat20
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha256/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha384/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/alg-sha512/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/any-interface/evaltest.dat21
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/compress/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload-swapped/evaltest.dat20
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/config-payload/evaltest.dat20
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf3
-rw-r--r--testing/tests/ikev2/critical-extension/evaltest.dat10
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-from-cache/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-ldap/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-revoked/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/crl-to-cache/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/default-keys/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf4
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf4
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/double-nat-net/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/double-nat/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-clear/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-hold/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dpd-restart/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/dynamic-initiator/description.txt12
-rw-r--r--testing/tests/ikev2/dynamic-initiator/evaltest.dat10
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem25
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem30
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ikev2/dynamic-initiator/posttest.dat9
-rw-r--r--testing/tests/ikev2/dynamic-initiator/pretest.dat13
-rw-r--r--testing/tests/ikev2/dynamic-initiator/test.conf21
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/description.txt14
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/evaltest.dat14
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/hosts.stale67
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/ipsec.conf27
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/posttest.dat8
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/pretest.dat12
-rw-r--r--testing/tests/ikev2/dynamic-two-peers/test.conf21
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-md5-128/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-null/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/farp/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/force-udp-encaps/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-cert/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-swapped/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/host2host-transport/evaltest.dat9
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/inactivity-timeout/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool-db/evaltest.dat32
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool-wish/evaltest.dat26
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-pool/evaltest.dat32
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-split-pools-db/evaltest.dat32
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/evaltest.dat44
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/description.txt5
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat9
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/ipsec.conf20
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/ipsec.conf19
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat5
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat6
-rw-r--r--testing/tests/ikev2/ip-two-pools-v4v6/test.conf (renamed from testing/tests/ikev2/nat-one-rw/test.conf)8
-rw-r--r--testing/tests/ikev2/ip-two-pools/evaltest.dat24
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike-nat/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike-virtual-ip/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mobike/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat36
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/multi-level-ca/evaltest.dat36
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/nat-one-rw/description.txt5
-rw-r--r--testing/tests/ikev2/nat-one-rw/evaltest.dat5
-rw-r--r--testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf6
-rwxr-xr-xtesting/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf35
-rw-r--r--testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-one-rw/posttest.dat6
-rw-r--r--testing/tests/ikev2/nat-one-rw/pretest.dat12
-rw-r--r--testing/tests/ikev2/nat-portswitch/description.txt6
-rw-r--r--testing/tests/ikev2/nat-portswitch/evaltest.dat10
-rw-r--r--testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf17
-rw-r--r--testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem24
-rw-r--r--testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem25
-rw-r--r--testing/tests/ikev2/nat-portswitch/posttest.dat6
-rw-r--r--testing/tests/ikev2/nat-portswitch/pretest.dat9
-rw-r--r--testing/tests/ikev2/nat-rw-mark/description.txt (renamed from testing/tests/ikev2/nat-two-rw-mark/description.txt)0
-rw-r--r--testing/tests/ikev2/nat-rw-mark/evaltest.dat (renamed from testing/tests/ikev2/nat-two-rw-mark/evaltest.dat)14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf)3
-rw-r--r--testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf5
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf)3
-rwxr-xr-xtesting/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown (renamed from testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown)0
-rw-r--r--testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf5
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf)3
-rw-r--r--testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-rw-mark/posttest.dat (renamed from testing/tests/ikev2/nat-two-rw-mark/posttest.dat)0
-rw-r--r--testing/tests/ikev2/nat-rw-mark/pretest.dat (renamed from testing/tests/ikev2/nat-two-rw-mark/pretest.dat)4
-rw-r--r--testing/tests/ikev2/nat-rw-mark/test.conf (renamed from testing/tests/ikev2/nat-two-rw-mark/test.conf)0
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/description.txt6
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/evaltest.dat9
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf17
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem24
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf31
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem25
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem24
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/posttest.dat6
-rw-r--r--testing/tests/ikev2/nat-rw-mixed/pretest.dat11
-rw-r--r--testing/tests/ikev2/nat-rw-psk/description.txt (renamed from testing/tests/ikev2/nat-two-rw-psk/description.txt)0
-rw-r--r--testing/tests/ikev2/nat-rw-psk/evaltest.dat9
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf)1
-rw-r--r--testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets (renamed from testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf5
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf)1
-rw-r--r--testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets (renamed from testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf5
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf)1
-rw-r--r--testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets (renamed from testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-rw-psk/posttest.dat (renamed from testing/tests/ikev2/nat-two-rw-psk/posttest.dat)0
-rw-r--r--testing/tests/ikev2/nat-rw-psk/pretest.dat (renamed from testing/tests/ikev2/nat-two-rw-psk/pretest.dat)2
-rw-r--r--testing/tests/ikev2/nat-rw-psk/test.conf (renamed from testing/tests/ikev2/nat-rw-mixed/test.conf)0
-rw-r--r--testing/tests/ikev2/nat-rw/description.txt (renamed from testing/tests/ikev2/nat-two-rw/description.txt)0
-rw-r--r--testing/tests/ikev2/nat-rw/evaltest.dat18
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf)5
-rw-r--r--testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf7
-rw-r--r--testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf)16
-rw-r--r--testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf5
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf)5
-rw-r--r--testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf7
-rw-r--r--testing/tests/ikev2/nat-rw/posttest.dat (renamed from testing/tests/ikev2/nat-two-rw/posttest.dat)0
-rw-r--r--testing/tests/ikev2/nat-rw/pretest.dat (renamed from testing/tests/ikev2/nat-two-rw/pretest.dat)0
-rw-r--r--testing/tests/ikev2/nat-rw/test.conf (renamed from testing/tests/ikev2/nat-two-rw-psk/test.conf)0
-rw-r--r--testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw-psk/evaltest.dat9
-rw-r--r--testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw/evaltest.dat9
-rw-r--r--testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-virtual-ip/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-cert/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-esn/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-pgp-v3/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-pgp-v4/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf11
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf11
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/description.txt4
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf)15
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets4
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf)23
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets7
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/posttest.dat4
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/pretest.dat8
-rw-r--r--testing/tests/ikev2/net2net-psk-fail/test.conf (renamed from testing/tests/ikev2/nat-two-rw/test.conf)8
-rw-r--r--testing/tests/ikev2/net2net-psk/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-pubkey/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/evaltest.dat24
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-route/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-rsa/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-same-nets/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-start/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/net2net-start/pretest.dat2
-rw-r--r--testing/tests/ikev2/ocsp-local-cert/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/evaltest.dat18
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-revoked/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-root-cert/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-signer-cert/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat15
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat10
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/protoport-dual/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/protoport-route/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/reauth-early/evaltest.dat4
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/reauth-late/evaltest.dat4
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-cert/evaltest.dat13
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat10
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/description.txt5
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/evaltest.dat23
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.conf21
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.conf22
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.conf22
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.secrets5
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf12
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/posttest.dat6
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/pretest.dat10
-rw-r--r--testing/tests/ikev2/rw-eap-dynamic/test.conf (renamed from testing/tests/ikev2/nat-portswitch/test.conf)6
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat10
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat10
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat10
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat10
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat26
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat24
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat18
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat18
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf4
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf4
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/evaltest.dat6
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat8
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat22
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-hash-and-url/evaltest.dat20
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/evaltest.dat12
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-pkcs8/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/description.txt2
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/description.txt2
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/evaltest.dat13
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-no-idr/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat19
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat19
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf6
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf6
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-radius-accounting/evaltest.dat11
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf1
-rw-r--r--testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/rw-radius-accounting/test.conf5
-rw-r--r--testing/tests/ikev2/rw-whitelist/evaltest.dat20
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/shunt-policies/evaltest.dat18
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/strong-keys-certs/evaltest.dat14
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/two-certs/evaltest.dat15
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf4
-rw-r--r--testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip-override/evaltest.dat24
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf4
-rw-r--r--testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/virtual-ip/evaltest.dat32
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/ikev2/wildcards/evaltest.dat16
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf2
-rw-r--r--[-rwxr-xr-x]testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf2
848 files changed, 2155 insertions, 2303 deletions
diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat
index 1bb9c105f..3efaa5a98 100644
--- a/testing/tests/ikev2/after-2038-certs/evaltest.dat
+++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf
index bcdb8641b..e72f78742 100755..100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf
index 274521386..1ee751360 100755..100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/evaltest.dat b/testing/tests/ikev2/alg-3des-md5/evaltest.dat
index 6f598c6f3..a553ff168 100644
--- a/testing/tests/ikev2/alg-3des-md5/evaltest.dat
+++ b/testing/tests/ikev2/alg-3des-md5/evaltest.dat
@@ -1,13 +1,15 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
-carol::ipsec statusall::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*3DES_CBC/HMAC_MD5_96,::YES
-carol::ipsec statusall::home.*3DES_CBC/HMAC_MD5_96,::YES
-moon::ip xfrm state::enc cbc(des3_ede)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES
+moon:: ip xfrm state::enc cbc(des3_ede)::YES
carol::ip xfrm state::enc cbc(des3_ede)::YES
-moon::ip xfrm state::auth hmac(md5)::YES
+moon:: ip xfrm state::auth hmac(md5)::YES
carol::ip xfrm state::auth hmac(md5)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf
index f2c71061d..1be5f1d8f 100755..100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf
index c4fd80fc0..e961f081d 100755..100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat
index 0834a8db0..e2cf773ea 100644
--- a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::IKE proposal: AES_CCM_12_128::YES
-carol::ipsec statusall::IKE proposal: AES_CCM_12_128::YES
-moon::ipsec statusall::AES_CCM_12_128,::YES
-carol::ipsec statusall::AES_CCM_12_128,::YES
-moon::ip xfrm state::aead rfc4309(ccm(aes))::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
+moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES
+carol::ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES
+moon:: ip xfrm state::aead rfc4309(ccm(aes))::YES
carol::ip xfrm state::aead rfc4309(ccm(aes))::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf
index 6bcfbc28d..03707f89f 100755..100644
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
index db2c09bae..d70d7b989 100644
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf
index 1d6f13861..d7ed92f7e 100755..100644
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
index db2c09bae..d70d7b989 100644
--- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat
index 522ce6088..177e0ea62 100644
--- a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::IKE proposal: AES_CTR_128::YES
-carol::ipsec statusall::IKE proposal: AES_CTR_128::YES
-moon::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES
-carol::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES
-moon::ip xfrm state::rfc3686(ctr(aes))::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
+moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES
+carol::ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES
+moon:: ip xfrm state::rfc3686(ctr(aes))::YES
carol::ip xfrm state::rfc3686(ctr(aes))::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf
index 70c482835..3be20c613 100755..100644
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
index be46d6d3e..e607bbae7 100644
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf
index bf103742f..1cf16ee38 100755..100644
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
index be46d6d3e..e607bbae7 100644
--- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat
index 9cd3e8e15..39f8b1cc4 100644
--- a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::IKE proposal: AES_GCM_16_256::YES
-carol::ipsec statusall::IKE proposal: AES_GCM_16_256::YES
-moon::ipsec statusall::AES_GCM_16_256,::YES
-carol::ipsec statusall::AES_GCM_16_256,::YES
-moon::ip xfrm state::aead rfc4106(gcm(aes))::YES
+moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
+moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES
+carol::ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES
+moon:: ip xfrm state::aead rfc4106(gcm(aes))::YES
carol::ip xfrm state::aead rfc4106(gcm(aes))::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf
index e3f19aff8..7a808ff65 100755..100644
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
index 7fe7619f1..e063e446a 100644
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf
index 0d51a3ea8..12a35cb8a 100755..100644
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
index 7fe7619f1..e063e446a 100644
--- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
index 24e36eb77..7a9874528 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
+++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES
-carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES
-moon::ip xfrm state::auth xcbc(aes)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
+moon:: ip xfrm state::auth xcbc(aes)::YES
carol::ip xfrm state::auth xcbc(aes)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
index 33e6a842b..74668e7fb 100755..100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
index 208477deb..3cda72935 100755..100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat
index f1b33895b..a458f0241 100644
--- a/testing/tests/ikev2/alg-blowfish/evaltest.dat
+++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat
@@ -1,14 +1,15 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES
+dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES
carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-dave::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec statusall::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES
-dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
index a78724926..89674b2a1 100755..100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="cfg 2"
conn %default
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index fed4f5ece..1f0fd41a8 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf
index 26f3f3a04..df3242d61 100755..100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index fed4f5ece..1f0fd41a8 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
index 5183e26d2..82804a0fe 100755..100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="cfg 2"
conn %default
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index fed4f5ece..1f0fd41a8 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
dh_exponent_ansi_x9_42 = no
- load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 revocation hmac stroke kernel-netlink socket-default updown
+ load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
index 80df206bf..0acd6d2ce 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
+++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
@@ -1,13 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[4]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES
-dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
-moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
+dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
+dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
index 257923d02..84c9c8c7c 100755..100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
index 9b5247973..5402f24f3 100755..100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
index 2b66e3400..84b3d6880 100755..100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat
index 7ec47aadf..4bbc82d9b 100644
--- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat
@@ -1,13 +1,15 @@
-moon::cat /var/log/daemon.log::received strongSwan vendor id::YES
-carol::cat /var/log/daemon.log::received strongSwan vendor id::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES
+carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES
-moon::ip xfrm state::auth hmac(sha256)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES
+moon:: ip xfrm state::auth hmac(sha256)::YES
carol::ip xfrm state::auth hmac(sha256)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf
index 47cf1e12c..0d3b9fd45 100755..100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
index 53061a59b..eacadc544 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf
index d340aaf70..b0a5c4616 100755..100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
index 53061a59b..eacadc544 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
send_vendor_id = yes
}
diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat
index 2d1cc92bb..7b5640af8 100644
--- a/testing/tests/ikev2/alg-sha256/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha256/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
-moon::ip xfrm state::auth hmac(sha256)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
+moon:: ip xfrm state::auth hmac(sha256)::YES
carol::ip xfrm state::auth hmac(sha256)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf
index d2b763a1b..22d2cd38a 100755..100644
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf
index 0e38bbb84..543374d76 100755..100644
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat
index 31bb64c5e..21b3d5a4f 100644
--- a/testing/tests/ikev2/alg-sha384/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha384/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-moon::ip xfrm state::auth hmac(sha384)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+moon:: ip xfrm state::auth hmac(sha384)::YES
carol::ip xfrm state::auth hmac(sha384)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf
index d38b7dfcf..e02d90b78 100755..100644
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf
index ea84cd8a4..990fce1d0 100755..100644
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/evaltest.dat b/testing/tests/ikev2/alg-sha512/evaltest.dat
index e0f5fb7a3..7b94d2182 100644
--- a/testing/tests/ikev2/alg-sha512/evaltest.dat
+++ b/testing/tests/ikev2/alg-sha512/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-moon::ip xfrm state::auth hmac(sha512)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+moon:: ip xfrm state::auth hmac(sha512)::YES
carol::ip xfrm state::auth hmac(sha512)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf
index 583522d1b..13ab244bb 100755..100644
--- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf
index 40fec93c0..e6d410442 100755..100644
--- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/any-interface/evaltest.dat b/testing/tests/ikev2/any-interface/evaltest.dat
index f475ba70b..800ae4353 100644
--- a/testing/tests/ikev2/any-interface/evaltest.dat
+++ b/testing/tests/ikev2/any-interface/evaltest.dat
@@ -1,10 +1,17 @@
-moon::cat /var/log/daemon.log::creating acquire job::YES
-bob::cat /var/log/daemon.log::creating acquire job::YES
-moon::ipsec statusall::alice.*INSTALLED, TRANSPORT::YES
-moon::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
-alice::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
-sun::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
-bob::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
+moon:: cat /var/log/daemon.log::creating acquire job::YES
+bob:: cat /var/log/daemon.log::creating acquire job::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*CN=moon.strongswan.org.*CN=alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=moon.strongswan.org.*CN=sun.strongswan.org::YES
+alice::ipsec status 2> /dev/null::remote.*ESTABLISHED.*CN=alice@strongswan.org.*CN=moon.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::remote\[1]: ESTABLISHED.*CN=sun.strongswan.org.*CN=moon.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::remote\[2]: ESTABLISHED.*CN=sun.strongswan.org.*CN=bob@strongswan.org::YES
+bob:: ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=bob@strongswan.org.*CN=sun.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TRANSPORT::YES
+moon:: ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES
+alice::ipsec status 2> /dev/null::remote.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::remote[{]1}.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::remote[{]2}.*INSTALLED, TRANSPORT::YES
+bob:: ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES
alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf
index eb7dfe848..4f2c78fd3 100755..100644
--- a/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
index cb1485446..a14fc560c 100644
--- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
index 40d029b3e..c232c4332 100755..100644
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
index cb1485446..a14fc560c 100644
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
index ab0534331..17fcf0a7a 100755..100644
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
index cb1485446..a14fc560c 100644
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf
index 71699b08e..fce24ef25 100755..100644
--- a/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
index cb1485446..a14fc560c 100644
--- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/compress/evaltest.dat b/testing/tests/ikev2/compress/evaltest.dat
index 22dd94866..b989a7774 100644
--- a/testing/tests/ikev2/compress/evaltest.dat
+++ b/testing/tests/ikev2/compress/evaltest.dat
@@ -1,8 +1,10 @@
-moon::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
-moon::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
-carol::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::rw.*INSTALLED::YES
-moon::ip xfrm state::proto comp spi::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES
+moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
+moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
+moon:: ip xfrm state::proto comp spi::YES
carol::ip xfrm state::proto comp spi::YES
carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES
moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
index 670a50c00..7502175e7 100755..100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
index 91abfd4da..aa1be047e 100755..100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat
index 73d5ea206..3c41a596c 100644
--- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat
+++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat
@@ -1,15 +1,19 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*INSTALLED::YES
-moon::ipsec status::rw-dave.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf
index 6894a952c..c453475e0 100755..100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf
index cefbc8270..9da73d9a2 100755..100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf
index 222673704..ef974c98f 100755..100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat
index 3451112cc..a429e9b32 100644
--- a/testing/tests/ikev2/config-payload/evaltest.dat
+++ b/testing/tests/ikev2/config-payload/evaltest.dat
@@ -1,17 +1,21 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ipsec status::home.*INSTALLED::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*INSTALLED::YES
-moon::ipsec status::rw-dave.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
index cb5f6406b..0e4e57729 100644
--- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
index cb5f6406b..0e4e57729 100644
--- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf
index bb558fe25..a8cf08544 100755..100644
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
index f763e3ef1..002166a54 100644
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
+
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
}
diff --git a/testing/tests/ikev2/critical-extension/evaltest.dat b/testing/tests/ikev2/critical-extension/evaltest.dat
index 8c2f8ec9d..05c2c2f4d 100644
--- a/testing/tests/ikev2/critical-extension/evaltest.dat
+++ b/testing/tests/ikev2/critical-extension/evaltest.dat
@@ -1,6 +1,8 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO
moon::cat /var/log/daemon.log::sending end entity cert::YES
moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-sun::cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES
-sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES
-sun::cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES
-sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES
+sun:: cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES
+sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES
+sun:: cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES
+sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES
diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf
index 2e3c9dde4..3b065774f 100755..100644
--- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
index bfc83ab4d..c393b298a 100644
--- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf
index 19e197131..2b4406d75 100755..100644
--- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/crl-from-cache/evaltest.dat b/testing/tests/ikev2/crl-from-cache/evaltest.dat
index 2f4cf7afa..2d649bbee 100644
--- a/testing/tests/ikev2/crl-from-cache/evaltest.dat
+++ b/testing/tests/ikev2/crl-from-cache/evaltest.dat
@@ -1,10 +1,12 @@
-moon::cat /var/log/daemon.log::loaded crl from::YES
-moon::cat /var/log/daemon.log::crl is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec listcrls:: ok::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::loaded crl from::YES
+moon:: cat /var/log/daemon.log::crl is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
+moon:: cat /var/log/daemon.log::using cached crl::YES
+moon:: ipsec listcrls 2> /dev/null:: ok::YES
carol::cat /var/log/daemon.log::loaded crl from::YES
carol::cat /var/log/daemon.log::crl is valid::YES
carol::cat /var/log/daemon.log::certificate status is good::YES
-carol::ipsec listcrls:: ok::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
+carol::cat /var/log/daemon.log::using cached crl::YES
+carol::ipsec listcrls 2> /dev/null:: ok::YES
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf
index 4d47c831c..17a58545c 100755..100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
cachecrls=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf
index 9488a6822..3314f7538 100755..100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
cachecrls=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-ldap/evaltest.dat b/testing/tests/ikev2/crl-ldap/evaltest.dat
index 5ab094401..b0774c64d 100644
--- a/testing/tests/ikev2/crl-ldap/evaltest.dat
+++ b/testing/tests/ikev2/crl-ldap/evaltest.dat
@@ -1,12 +1,12 @@
-moon::cat /var/log/daemon.log::loaded crl from::YES
-moon::cat /var/log/daemon.log::crl is stale::YES
-moon::cat /var/log/daemon.log::fetching crl from.*ldap::YES
-moon::cat /var/log/daemon.log::crl is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::loaded crl from::YES
+moon:: cat /var/log/daemon.log::crl is stale::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap::YES
+moon:: cat /var/log/daemon.log::crl is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
carol::cat /var/log/daemon.log::loaded crl from::YES
carol::cat /var/log/daemon.log::crl is stale::YES
carol::cat /var/log/daemon.log::fetching crl from.*ldap::YES
carol::cat /var/log/daemon.log::crl is valid::YES
carol::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf
index 26d34de47..69ba4205f 100755..100644
--- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
cachecrls=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
index cccd6ae27..d0c3f8c49 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf
index 1d2a68528..25656cbda 100755..100644
--- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
cachecrls=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
index cccd6ae27..d0c3f8c49 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/crl-revoked/evaltest.dat b/testing/tests/ikev2/crl-revoked/evaltest.dat
index 62ed8676a..4f3e10ba1 100644
--- a/testing/tests/ikev2/crl-revoked/evaltest.dat
+++ b/testing/tests/ikev2/crl-revoked/evaltest.dat
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::certificate was revoked::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
+moon:: cat /var/log/daemon.log::certificate was revoked::YES
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-moon::ipsec status::rw.*ESTABLISHED::NO
-carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf
index cbab29414..95cd144ba 100755..100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf
index dd50c335b..918d97413 100755..100644
--- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/evaltest.dat b/testing/tests/ikev2/crl-to-cache/evaltest.dat
index afc8f67e4..fe6a55aae 100644
--- a/testing/tests/ikev2/crl-to-cache/evaltest.dat
+++ b/testing/tests/ikev2/crl-to-cache/evaltest.dat
@@ -1,4 +1,4 @@
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
-moon::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
carol::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf
index 4d47c831c..17a58545c 100755..100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
cachecrls=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf
index 9488a6822..3314f7538 100755..100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
cachecrls=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat
index 2c1e11c97..1c206fff0 100644
--- a/testing/tests/ikev2/default-keys/evaltest.dat
+++ b/testing/tests/ikev2/default-keys/evaltest.dat
@@ -1,7 +1,9 @@
carol::cat /var/log/auth.log::scepclient::YES
-moon::cat /var/log/auth.log::scepclient::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-moon::ipsec statusall::carol.*ESTABLISHED::YES
+moon:: cat /var/log/auth.log::scepclient::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES
+moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf
index 9574f18bb..15aba18e5 100755..100644
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
index eabe265ca..5a243caab 100644
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce
}
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf
index 5b2c4e3f4..278943d28 100755..100644
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
index eabe265ca..5a243caab 100644
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
scepclient {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce
}
diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
index b3814084f..4b0ddace7 100644
--- a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
+++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.51/32::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
index 3868a7a38..a774f2a76 100755..100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
index 317e4ddc0..609d35754 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
index 8abd2416a..830094c7a 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
+++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
index 3868a7a38..a774f2a76 100755..100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
index 317e4ddc0..609d35754 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
index 8abd2416a..830094c7a 100644
--- a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
+++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
-moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
index 3868a7a38..a774f2a76 100755..100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
index ecfc51d44..75c605f60 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/ikev2/double-nat-net/evaltest.dat b/testing/tests/ikev2/double-nat-net/evaltest.dat
index aa69dabfa..05dc82d70 100644
--- a/testing/tests/ikev2/double-nat-net/evaltest.dat
+++ b/testing/tests/ikev2/double-nat-net/evaltest.dat
@@ -1,5 +1,7 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-bob::ipsec statusall::nat-t.*INSTALLED::YES
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES
+bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES
moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf
index c8aa460cf..38629d12a 100755..100644
--- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf
index f0c5b6f15..1c4a80769 100755..100644
--- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/evaltest.dat b/testing/tests/ikev2/double-nat/evaltest.dat
index 77deea2a7..b080482f9 100644
--- a/testing/tests/ikev2/double-nat/evaltest.dat
+++ b/testing/tests/ikev2/double-nat/evaltest.dat
@@ -1,5 +1,7 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-bob::ipsec statusall::nat-t.*INSTALLED::YES
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES
+bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf
index 26830f390..fe5b5f299 100755..100644
--- a/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf
index b4a24cb1f..1004ee971 100755..100644
--- a/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/evaltest.dat b/testing/tests/ikev2/dpd-clear/evaltest.dat
index 86c0227bd..c1a271903 100644
--- a/testing/tests/ikev2/dpd-clear/evaltest.dat
+++ b/testing/tests/ikev2/dpd-clear/evaltest.dat
@@ -1,6 +1,8 @@
-carol::ipsec statusall::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::sleep 180::no output expected::NO
-moon::cat /var/log/daemon.log::sending DPD request::YES
-moon::cat /var/log/daemon.log::retransmit.*of request::YES
-moon::cat /var/log/daemon.log::giving up after 5 retransmits::YES
+moon:: sleep 180::no output expected::NO
+moon:: cat /var/log/daemon.log::sending DPD request::YES
+moon:: cat /var/log/daemon.log::retransmit.*of request::YES
+moon:: cat /var/log/daemon.log::giving up after 5 retransmits::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf
index bcdb8641b..e72f78742 100755..100644
--- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf
index cdb40d72d..75b377f5f 100755..100644
--- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-hold/evaltest.dat b/testing/tests/ikev2/dpd-hold/evaltest.dat
index 2cf063762..4c035a6e9 100644
--- a/testing/tests/ikev2/dpd-hold/evaltest.dat
+++ b/testing/tests/ikev2/dpd-hold/evaltest.dat
@@ -1,14 +1,14 @@
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
-moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
carol::sleep 180::no output expected::NO
carol::cat /var/log/daemon.log::sending DPD request::YES
carol::cat /var/log/daemon.log::retransmit.*of request::YES
carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES
carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
carol::ping -c 1 PH_IP_ALICE::trigger route::NO
carol::sleep 2::no output expected::NO
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf
index bfc8ac34c..aa1a05169 100755..100644
--- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf
index cdb40d72d..75b377f5f 100755..100644
--- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dpd-restart/evaltest.dat b/testing/tests/ikev2/dpd-restart/evaltest.dat
index 28edd4823..962bd0636 100644
--- a/testing/tests/ikev2/dpd-restart/evaltest.dat
+++ b/testing/tests/ikev2/dpd-restart/evaltest.dat
@@ -1,13 +1,13 @@
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
-moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
carol::sleep 180::no output expected::NO
carol::cat /var/log/daemon.log::sending DPD request::YES
carol::cat /var/log/daemon.log::retransmit.*of request::YES
carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES
carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
carol::sleep 10::no output expected::NO
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf
index 631eac9b6..dfc77a43a 100755..100644
--- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf
index cdb40d72d..75b377f5f 100755..100644
--- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/dynamic-initiator/description.txt b/testing/tests/ikev2/dynamic-initiator/description.txt
new file mode 100644
index 000000000..e74ee1569
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/description.txt
@@ -0,0 +1,12 @@
+The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that the remote end
+is defined symbolically by <b>right=&lt;hostname&gt;</b>. The ipsec starter resolves the
+fully-qualified hostname into the current IP address via a DNS lookup (simulated by an
+/etc/hosts entry). Since the peer IP addresses are expected to change over time, the option
+<b>rightallowany=yes</b> will allow an IKE_SA rekeying to arrive from an arbitrary
+IP address under the condition that the peer identity remains unchanged. When this happens
+the old tunnel is replaced by an IPsec connection to the new origin.
+<p>
+In this scenario <b>carol</b> first initiates a tunnel to <b>moon</b>. After some time <b>carol</b>
+suddenly changes her IP address and restarts the connection to <b>moon</b> without deleting the
+old tunnel first (simulated by iptables blocking IKE packets to and from
+<b>carol</b> and starting the connection from host <b>dave</b> using <b>carol</b>'s identity).
diff --git a/testing/tests/ikev2/dynamic-initiator/evaltest.dat b/testing/tests/ikev2/dynamic-initiator/evaltest.dat
new file mode 100644
index 000000000..9d050ecde
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/evaltest.dat
@@ -0,0 +1,10 @@
+carol::ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
+moon:: cat /var/log/daemon.log::destroying duplicate IKE_SA for.*carol@strongswan.org.*received INITIAL_CONTACT::YES
+moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..6fca045f6
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn moon
+ left=%any
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=%moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..6fca045f6
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn moon
+ left=%any
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=%moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
new file mode 100644
index 000000000..6c41df9c7
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
+6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
+Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
+Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
+I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
+x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
+tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
+d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
+GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
+ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
+F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
+L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
+ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
+Rf5Z0GOR
+-----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
new file mode 100644
index 000000000..41a139954
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429
+
+mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq
+i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH
+jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx
+m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce
+pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq
+J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf
+dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB
+h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC
+/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY
+EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV
+pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe
+sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz
+kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk
+gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja
+OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53
+D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM
+bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo
+BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx
+7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB
+UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs
+H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB
+y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA
+zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty
+AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6
+nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..6a2aea811
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..2e5f01a06
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn carol
+ left=%any
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+ right=%carol.strongswan.org
+ rightid=carol@strongswan.org
+ rightsourceip=PH_IP_CAROL1
+ auto=add
diff --git a/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev2/dynamic-initiator/posttest.dat b/testing/tests/ikev2/dynamic-initiator/posttest.dat
new file mode 100644
index 000000000..4dbf3d4a4
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/posttest.dat
@@ -0,0 +1,9 @@
+dave::ipsec stop
+carol::ipsec stop
+dave::sleep 1
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+dave::rm /etc/ipsec.d/certs/*
+dave::rm /etc/ipsec.d/private/*
diff --git a/testing/tests/ikev2/dynamic-initiator/pretest.dat b/testing/tests/ikev2/dynamic-initiator/pretest.dat
new file mode 100644
index 000000000..92681011f
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/pretest.dat
@@ -0,0 +1,13 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up moon
+carol::sleep 1
+carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+dave::ipsec up moon
+dave::sleep 2
diff --git a/testing/tests/ikev2/dynamic-initiator/test.conf b/testing/tests/ikev2/dynamic-initiator/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-initiator/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/dynamic-two-peers/description.txt b/testing/tests/ikev2/dynamic-two-peers/description.txt
new file mode 100644
index 000000000..a1616011e
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/description.txt
@@ -0,0 +1,14 @@
+The peers <b>carol</b>, <b>dave</b>, and <b>moon</b> all have dynamic IP addresses,
+so that the remote end is defined symbolically by <b>right=%&lt;hostname&gt;</b>.
+The ipsec starter resolves the fully-qualified hostname into the current IP address
+via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are
+expected to change over time, the prefix '%' is used as an implicit alternative to the
+explicit <b>rightallowany=yes</b> option which will allow an IKE_SA rekeying to arrive
+from an arbitrary IP address under the condition that the peer identity remains unchanged.
+When this happens the old tunnel is replaced by an IPsec connection to the new origin.
+<p>
+In this scenario both <b>carol</b> and <b>dave</b> initiate a tunnel to
+<b>moon</b> which has a named connection definition for each peer. Although
+the IP addresses of both <b>carol</b> and <b>dave</b> are stale, thanks to
+the '%' prefix <b>moon</b> will accept the IKE negotiations from the actual IP addresses.
+
diff --git a/testing/tests/ikev2/dynamic-two-peers/evaltest.dat b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat
new file mode 100644
index 000000000..1d5ff68ec
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::moon.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..6fca045f6
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn moon
+ left=%any
+ leftsourceip=%config
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ leftfirewall=yes
+ right=%moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..6493ce0b1
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn moon
+ left=%any
+ leftsourceip=%config
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftfirewall=yes
+ right=%moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightid=@moon.strongswan.org
+ auto=add
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/hosts.stale b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/hosts.stale
new file mode 100644
index 000000000..ebff4ec25
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/hosts.stale
@@ -0,0 +1,67 @@
+# /etc/hosts: This file describes a number of hostname-to-address
+# mappings for the TCP/IP subsystem. It is mostly
+# used at boot time, when no name servers are running.
+# On small systems, this file can be used instead of a
+# "named" name server. Just add the names, addresses
+# and any aliases to this file...
+#
+
+127.0.0.1 localhost
+
+192.168.0.254 uml0.strongswan.org uml0
+10.1.0.254 uml1.strongswan.org uml1
+10.2.0.254 uml1.strongswan.org uml2
+
+10.1.0.10 alice.strongswan.org alice
+10.1.0.20 venus.strongswan.org venus
+10.1.0.1 moon1.strongswan.org moon1
+192.168.0.1 moon.strongswan.org moon
+192.168.0.110 carol.strongswan.org carol
+10.3.0.1 carol1.strongswan.org carol1
+192.168.0.150 winnetou.strongswan.org winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
+192.168.0.220 dave.strongswan.org dave
+10.3.0.2 dave1.strongswan.org dave1
+192.168.0.2 sun.strongswan.org sun
+10.2.0.1 sun1.strongswan.org sun1
+10.2.0.10 bob.strongswan.org bob
+
+# IPv6 versions of localhost and co
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
+
+# IPv6 solicited-node multicast addresses
+ff02::1:ff00:1 ip6-mcast-1
+ff02::1:ff00:2 ip6-mcast-2
+ff02::1:ff00:10 ip6-mcast-10
+ff02::1:ff00:15 ip6-mcast-15
+ff02::1:ff00:20 ip6-mcast-20
+
+# IPv6 site-local addresses
+fec1::10 ip6-alice.strongswan.org ip6-alice
+fec1::20 ip6-venus.strongswan.org ip6-venus
+fec1::1 ip6-moon1.strongswan.org ip6-moon1
+fec0::1 ip6-moon.strongswan.org ip6-moon
+fec0::10 ip6-carol.strongswan.org ip6-carol
+fec3::1 ip6-carol1.strongswan.org ip6-carol1
+fec0::15 ip6-winnetou.strongswan.org ip6-winnetou
+fec0::20 ip6-dave.strongswan.org ip6-dave
+fec3::2 ip6-dave1.strongswan.org ip6-dave1
+fec0::2 ip6-sun.strongswan.org ip6-sun
+fec2::1 ip6-sun1.strongswan.org ip6-sun1
+fec2::10 ip6-bob.strongswan.org ip6-bob
+
+# IPv6 link-local HW derived addresses
+fe80::fcfd:0aff:fe01:14 ip6-hw-venus.strongswan.org ip6-hw-venus
+fe80::fcfd:0aff:fe01:0a ip6-hw-alice.strongswan.org ip6-hw-alice
+fe80::fcfd:0aff:fe01:01 ip6-hw-moon1.strongswan.org ip6-hw-moon1
+fe80::fcfd:c0ff:fea8:01 ip6-hw-moon.strongswan.org ip6-hw-moon
+fe80::fcfd:c0ff:fea8:64 ip6-hw-carol.strongswan.org ip6-hw-carol
+fe80::fcfd:c0ff:fea8:96 ip6-hw-winnetou.strongswan.org ip6-hw-winnetou
+fe80::fcfd:c0ff:fea8:c8 ip6-hw-dave.strongswan.org ip6-hw-dave
+fe80::fcfd:c0ff:fea8:02 ip6-hw-sun.strongswan.org ip6-hw-sun
+fe80::fcfd:0aff:fe02:01 ip6-hw-sun1.strongswan.org ip6-hw-sun1
+fe80::fcfd:0aff:fe02:0a ip6-hw-bob.strongswan.org ip6-hw-bob
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..d510e2e0c
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+ left=%any
+ leftsubnet=10.1.0.0/16
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn carol
+ right=%carol.strongswan.org
+ rightid=carol@strongswan.org
+ rightsourceip=PH_IP_CAROL1
+ auto=add
+
+conn dave
+ right=%dave.strongswan.org
+ rightid=dave@strongswan.org
+ rightsourceip=PH_IP_DAVE1
+ auto=add
diff --git a/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+ dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev2/dynamic-two-peers/posttest.dat b/testing/tests/ikev2/dynamic-two-peers/posttest.dat
new file mode 100644
index 000000000..e120b87db
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/posttest.dat
@@ -0,0 +1,8 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::sleep 1
+moon::ipsec stop
+moon::mv /etc/hosts.ori /etc/hosts
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/dynamic-two-peers/pretest.dat b/testing/tests/ikev2/dynamic-two-peers/pretest.dat
new file mode 100644
index 000000000..6596a2527
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/pretest.dat
@@ -0,0 +1,12 @@
+moon::mv /etc/hosts /etc/hosts.ori
+moon::mv /etc/hosts.stale /etc/hosts
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up moon
+dave::ipsec up moon
+carol::sleep 1
diff --git a/testing/tests/ikev2/dynamic-two-peers/test.conf b/testing/tests/ikev2/dynamic-two-peers/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/dynamic-two-peers/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
index 9377d9fd2..74150fb04 100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::NULL_AES_GMAC_256::YES
-carol::ipsec statusall::NULL_AES_GMAC_256::YES
+moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
+carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
carol::ip xfrm state::aead rfc4543(gcm(aes))::YES
-moon::ip xfrm state::aead rfc4543(gcm(aes))::YES
+moon:: ip xfrm state::aead rfc4543(gcm(aes))::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
index f3a266c7d..8f5b77cac 100755..100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
index bbdb38301..d41ba72e8 100755..100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
index d65d71240..a66edc5fe 100644
--- a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES
-carol::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES
-moon::ip xfrm state::auth hmac(md5)::YES
+moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
+carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
+moon:: ip xfrm state::auth hmac(md5)::YES
carol::ip xfrm state::auth hmac(md5)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf
index 09797799f..a85034243 100755..100644
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf
index ae83aaf58..13908da14 100755..100644
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat
index bebca1f61..937d85ed2 100644
--- a/testing/tests/ikev2/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::NULL/HMAC_SHA1_96::YES
-carol::ipsec statusall::NULL/HMAC_SHA1_96::YES
-moon::ip xfrm state::enc ecb(cipher_null)::YES
+moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+moon:: ip xfrm state::enc ecb(cipher_null)::YES
carol::ip xfrm state::enc ecb(cipher_null)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf
index 5640d74fc..1d8509115 100755..100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf
index 91f4a7c7f..38f8bd619 100755..100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
index b0277271d..52c27cba5 100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
+++ b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES
-carol::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES
-moon::ip xfrm state::auth hmac(sha1)::YES
+moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
+carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
+moon:: ip xfrm state::auth hmac(sha1)::YES
carol::ip xfrm state::auth hmac(sha1)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 204::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 204::YES
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
index 3991d517d..52629873e 100755..100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
index 893419585..d4cc3fbaf 100755..100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat
index d48812f47..21b10d170 100644
--- a/testing/tests/ikev2/farp/evaltest.dat
+++ b/testing/tests/ikev2/farp/evaltest.dat
@@ -1,11 +1,15 @@
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::home.*INSTALLED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*INSTALLED::YES
-moon::ipsec status::rw-dave.*INSTALLED::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
index 19dd5d3e6..25ec162fe 100755..100644
--- a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
index 379edeefc..56eaebfc0 100644
--- a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr farp
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
}
diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat
index 35f01d491..d7fe707ab 100644
--- a/testing/tests/ikev2/force-udp-encaps/evaltest.dat
+++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat
@@ -1,6 +1,8 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::nat-t.*INSTALLED::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf
index 2074646cc..3e10155a3 100755..100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf
index a2c168601..3f00d6e1a 100755..100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-cert/evaltest.dat b/testing/tests/ikev2/host2host-cert/evaltest.dat
index 8d5d8167a..53e5589ca 100644
--- a/testing/tests/ikev2/host2host-cert/evaltest.dat
+++ b/testing/tests/ikev2/host2host-cert/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec statusall::host-host.*ESTABLISHED::YES
-sun::ipsec statusall::host-host.*ESTABLISHED::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf
index ec9ac5b80..1f4843f7d 100755..100644
--- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf
index 484eb995f..2b2b26097 100755..100644
--- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/evaltest.dat b/testing/tests/ikev2/host2host-swapped/evaltest.dat
index 8d5d8167a..53e5589ca 100644
--- a/testing/tests/ikev2/host2host-swapped/evaltest.dat
+++ b/testing/tests/ikev2/host2host-swapped/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec statusall::host-host.*ESTABLISHED::YES
-sun::ipsec statusall::host-host.*ESTABLISHED::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf
index 981c7f073..d8ef0c7be 100755..100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf
index e3fc2b728..517bb3d41 100755..100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat
index b3cade48c..3021b5e04 100644
--- a/testing/tests/ikev2/host2host-transport/evaltest.dat
+++ b/testing/tests/ikev2/host2host-transport/evaltest.dat
@@ -1,8 +1,7 @@
-moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
-moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
-sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
-moon::ip xfrm state::mode transport::YES
-sun::ip xfrm state::mode transport::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf
index 7f6c5a58a..de273e53a 100755..100644
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf
index af52fb22b..e96c1ca2e 100755..100644
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat
index a8975481f..dceceaef6 100644
--- a/testing/tests/ikev2/inactivity-timeout/evaltest.dat
+++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat
@@ -1,8 +1,8 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
carol::sleep 15::NO
carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES
-moon::ipsec statusall::rw.*INSTALLED::NO
-carol::ipsec statusall::home.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf
index 5fbb99617..a7a53a4b7 100755..100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf
index c3d417302..efc5b6cbd 100755..100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat
index f9d0cbb37..941cb34c0 100644
--- a/testing/tests/ikev2/ip-pool-db/evaltest.dat
+++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat
@@ -4,26 +4,30 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
-dave::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
-dave::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES
-moon::cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
-moon::cat /var/log/daemon.log::assigning virtual IP::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
+dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
+moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP::YES
moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES
moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES
moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES
moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon::ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf
index b3413830f..606b1500a 100755..100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
index e907021ce..04ffaf64d 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-pool-wish/evaltest.dat b/testing/tests/ikev2/ip-pool-wish/evaltest.dat
index d02d422ab..fd15d5209 100644
--- a/testing/tests/ikev2/ip-pool-wish/evaltest.dat
+++ b/testing/tests/ikev2/ip-pool-wish/evaltest.dat
@@ -1,18 +1,22 @@
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
-moon::cat /var/log/daemon.log::assigning virtual IP::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org.::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
index c9867c7d4..62c30cf28 100755..100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
index 98dd99271..fa99a4c86 100755..100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf
index 0b4cded6c..85c48a7bb 100755..100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/evaltest.dat b/testing/tests/ikev2/ip-pool/evaltest.dat
index b130d4565..db46646a6 100644
--- a/testing/tests/ikev2/ip-pool/evaltest.dat
+++ b/testing/tests/ikev2/ip-pool/evaltest.dat
@@ -1,21 +1,25 @@
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*INSTALLED::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES
-moon::cat /var/log/daemon.log::assigning virtual IP::YES
-moon::ipsec leases rw::2/15, 2 online::YES
-moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP::YES
+moon:: ipsec leases 10.3.0.0/28 2> /dev/null::2/14, 2 online::YES
+moon:: ipsec leases 10.3.0.0/28 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec leases 10.3.0.0/28 10.3.0.2 2> /dev/null::dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf
index 0b4cded6c..85c48a7bb 100755..100644
--- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/evaltest.dat b/testing/tests/ikev2/ip-split-pools-db/evaltest.dat
index 8fd47dc34..60a537b02 100644
--- a/testing/tests/ikev2/ip-split-pools-db/evaltest.dat
+++ b/testing/tests/ikev2/ip-split-pools-db/evaltest.dat
@@ -1,15 +1,19 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
-carol::ipsec status::home.*INSTALLED::YES
-dave::cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES
-dave::ipsec status::home.*INSTALLED::YES
-moon::cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES
-moon::cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES
-moon::cat /var/log/daemon.log::no available address found in pool.*pool0::YES
-moon::cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES
-moon::cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES
-moon::ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES
-moon::ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES
-moon::ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES
+moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/daemon.log::no available address found in pool.*pool0::YES
+moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES
+moon:: ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES
+moon:: ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES
+moon:: ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf
index c0f9756e4..136022d5c 100755..100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
@@ -19,5 +16,5 @@ conn rw
leftid=@moon.strongswan.org
leftfirewall=yes
right=%any
- rightsourceip=%pool0,pool1
+ rightsourceip=%pool0,%pool1
auto=add
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index e907021ce..04ffaf64d 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat
index ba2b07a10..fd0413d11 100644
--- a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat
@@ -1,29 +1,37 @@
-carol::ipsec status::home.*INSTALLED::YES
-dave::ipsec status::home.*INSTALLED::YES
-alice::ipsec status::home.*INSTALLED::YES
-venus::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::ext.*ESTABLISHED.*dave@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*venus.strongswan.org::YES
-moon::ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES
-moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES
-moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES
+venus::ipsec status 2> /dev/null::home.*ESTABLISHED.*venus.strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int\[3]: ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int\[4]: ESTABLISHED.*moon.strongswan.org.*venus.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext[{]1}.*INSTALLED. TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext[{]2}.*INSTALLED. TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int[{]3}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int[{]4}.*INSTALLED, TUNNEL::YES
+moon:: ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES
+moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES
+moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
+moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
-dave::cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
venus::cat /var/log/daemon.log::installing new virtual IP 10.4.0.2::YES
carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
-dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES
venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES
alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
-dave::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
+dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf
index d925a2564..19cd1c8cd 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf
index 2b673ec4d..c891c643c 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf
index 22f9b6634..4066549e8 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf
index a4c37e117..651642b04 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
index e44a3e251..2dc6a3a87 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf
index 2dbd84fe7..b8f01bd15 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
index cb5f6406b..bd19ffe3d 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
index 1505de751..3b09b32bd 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
@@ -1,12 +1,16 @@
-carol::ipsec status::home.*INSTALLED::YES
-alice::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
-moon::ipsec leases ext::1/15, 1 online::YES
-moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
-moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool.*10.3.0.0/28::YES
+moon:: ipsec leases 10.3.0.0/28 2> /dev/null::1/14, 1 online::YES
+moon:: ipsec leases 10.3.0.0/28 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
+moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
index f5ce1687e..180226eaa 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
index e647f1e36..63509bc16 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
index d80bb5305..649d567c4 100755..100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
index e44a3e251..2dc6a3a87 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
}
libhydra {
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/description.txt b/testing/tests/ikev2/ip-two-pools-v4v6/description.txt
new file mode 100644
index 000000000..32dd88d51
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/description.txt
@@ -0,0 +1,5 @@
+The host <b>carol</b> sets up a tunnel connection to gateway <b>moon</b>. It requests
+both an IPv4 and an IPv6 <b>virtual IP</b> via the IKEv2 configuration payload by using
+<b>leftsourceip=%config4,%config6</b>. Gateway <b>moon</b> assigns virtual IPs addresses
+from two in-memory pools using the <b>rightsourceip</b> option. The established tunnel
+carries both IPv4 and IPv6 in an IPv4 encapsulated tunnel.
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat
new file mode 100644
index 000000000..7a0c1ed6f
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat
@@ -0,0 +1,9 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES
+carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..d19399def
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftsourceip=%config4,%config6
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=0.0.0.0/0,::/0
+ auto=add
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..0777f6db5
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,19 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftsubnet=10.1.0.0/16,fec1::0/16
+ rightsourceip=10.3.0.0/28,fec3::/120
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat
new file mode 100644
index 000000000..fafe030c1
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat
@@ -0,0 +1,5 @@
+alice::ip -6 route del default via fec1:\:1
+carol::ipsec stop
+moon::echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
+moon::ipsec stop
+moon::conntrack -F
diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat
new file mode 100644
index 000000000..f97ff54b5
--- /dev/null
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat
@@ -0,0 +1,6 @@
+alice::ip -6 route add default via fec1:\:1
+moon::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+moon::ipsec start
+carol::ipsec start
+carol::sleep 2
+carol::ipsec up home
diff --git a/testing/tests/ikev2/nat-one-rw/test.conf b/testing/tests/ikev2/ip-two-pools-v4v6/test.conf
index d84149aaf..c86dd1d66 100644
--- a/testing/tests/ikev2/nat-one-rw/test.conf
+++ b/testing/tests/ikev2/ip-two-pools-v4v6/test.conf
@@ -5,17 +5,17 @@
# All UML instances that are required for this test
#
-UMLHOSTS="alice moon winnetou sun bob"
+UMLHOSTS="alice moon carol winnetou"
# Corresponding block diagram
#
-DIAGRAM="a-m-w-s-b.png"
+DIAGRAM="a-m-c.png"
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS="moon"
+TCPDUMPHOSTS="carol"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="alice sun"
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/ip-two-pools/evaltest.dat b/testing/tests/ikev2/ip-two-pools/evaltest.dat
index ac0a3eeb3..5de62e447 100644
--- a/testing/tests/ikev2/ip-two-pools/evaltest.dat
+++ b/testing/tests/ikev2/ip-two-pools/evaltest.dat
@@ -1,13 +1,17 @@
-carol::ipsec status::home.*INSTALLED::YES
-alice::ipsec status::home.*INSTALLED::YES
-moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES
-moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
-moon::ipsec leases ext::1/15, 1 online::YES
-moon::ipsec leases int::1/15, 1 online::YES
-moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES
+alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool.*10.4.0.0/28::YES
+moon:: cat /var/log/daemon.log::adding virtual IP address pool.*10.3.0.0/28::YES
+moon:: ipsec leases 10.3.0.0/28 2> /dev/null::1/14, 1 online::YES
+moon:: ipsec leases 10.4.0.0/28 2> /dev/null::1/14, 1 online::YES
+moon:: ipsec leases 10.3.0.0/28 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec leases 10.4.0.0/28 10.4.0.1 2> /dev/null::alice@strongswan.org::YES
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf
index f5ce1687e..180226eaa 100755..100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf
index e647f1e36..63509bc16 100755..100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf
index 8435479fa..5773245d1 100755..100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat
index f2758eb35..aded7a040 100644
--- a/testing/tests/ikev2/mobike-nat/evaltest.dat
+++ b/testing/tests/ikev2/mobike-nat/evaltest.dat
@@ -1,14 +1,14 @@
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
+sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
alice::/etc/init.d/net.eth1 stop::No output expected::NO
alice::sleep 1::No output expected::NO
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
+sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
index ed670efb1..efbce1fb2 100755..100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf
index ca4d84e16..e187f9569 100755..100644
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
index 94dea0b14..c4c7b0b6f 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
+++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
@@ -1,14 +1,14 @@
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
+sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
alice::/etc/init.d/net.eth1 stop::No output expected::NO
alice::sleep 1::No output expected::NO
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
-alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
+sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
+alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
+sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
index ed670efb1..efbce1fb2 100755..100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
index 1c8be1db4..eeee6ffb0 100755..100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/evaltest.dat b/testing/tests/ikev2/mobike/evaltest.dat
index 6c49c0425..ebf5ad4cf 100644
--- a/testing/tests/ikev2/mobike/evaltest.dat
+++ b/testing/tests/ikev2/mobike/evaltest.dat
@@ -1,14 +1,14 @@
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
-alice::ipsec statusall::PH_IP_ALICE1/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE1/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
+sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
+alice::ipsec statusall 2> /dev/null::PH_IP_ALICE1/32 === 10.2.0.0/16::YES
+sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE1/32::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
alice::/etc/init.d/net.eth1 stop::No output expected::NO
alice::sleep 1::No output expected::NO
-alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
-sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
-alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES
-sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
+sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
+alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES
+sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf
index 6c87468bb..66cbce781 100755..100644
--- a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf
index 4806cd9c8..f3fa9209c 100755..100644
--- a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
index 897db40ed..4a72b4392 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
@@ -1,11 +1,11 @@
-moon::cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES
-moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES
+moon:: cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES
+moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES
carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
-moon::cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
-moon::cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES
-moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES
-carol::ipsec statusall::home.*ESTABLISHED.*228060123456001@strongswan.org::YES
+moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
+moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001@strongswan.org::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
@@ -15,7 +15,7 @@ dave::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
moon::cat /var/log/daemon.log::received EAP identity .*228060123456002::YES
moon::cat /var/log/daemon.log::RADIUS authentication of '228060123456002' failed::YES
moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 228060123456002@strongswan.org::YES
-moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO
+moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO
dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/ipsec.conf
index 26cc0cd92..df4440768 100755..100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
index 7b4ab49e4..8e872ddae 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf
index f8c52be78..01fb6b0a3 100755..100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -9,7 +8,6 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_DAVE
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
index 7b4ab49e4..8e872ddae 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf
index 37d23b1f5..8dc0daeb5 100755..100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
index 2a18af887..aba7eefdf 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat b/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat
index d2453bbee..03426ac44 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat
@@ -1,12 +1,12 @@
carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES
-dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
index a8a6d2b8f..7f045801e 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
index 8647ac813..9306bf9ec 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
index 4c84d183b..776b5a5b3 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat
index 4b827b4dd..dcd271772 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat
@@ -1,12 +1,12 @@
carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES
-dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*INSTALLED::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*INSTALLED::YES
+dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
index 9031a948c..5ee8ba076 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
index 0168be8e1..391bc91a6 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
index 75138581e..565d0d829 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
index 4a1c7208b..4abcde1e8 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
@@ -1,19 +1,19 @@
-moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-carol::ipsec status::venus.*INSTALLED::NO
-moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO
-moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
-moon::cat /var/log/daemon.log::switching to peer config.*venus::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
-dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-dave::ipsec status::alice.*INSTALLED::NO
-moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO
+carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*moon.strongswan.org.*ESTABLISHED.*dave@strongswan.org::NO
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
index 39996cf42..995b347cf 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
index bbe0d3aa7..91ded3733 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
index e25636a7d..320c0713c 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
index bbe0d3aa7..91ded3733 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
index 46f1030cd..e67c9afb0 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
index cccd6ae27..d0c3f8c49 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat
index 6b77a8161..85bbe4ab9 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::maximum path length of 7 exceeded::YES
+moon:: cat /var/log/daemon.log::maximum path length of 7 exceeded::YES
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-carol::ipsec status::alice.*INSTALLED::NO
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::NO
+carol::ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf
index 5c34528a4..991daafe1 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf
index 96e493719..7721b2347 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat
index 266f0d0da..913e8f454 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES
+moon:: cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-carol::ipsec status::home.*INSTALLED::NO
-moon::ipsec status::duck.*INSTALLED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::duck.*INSTALLED::NO
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf
index 64539ccc2..e8398629c 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
index 47dab951f..bc90242f7 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random constraints x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce constraints x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf
index 528dda39b..4d1286f4f 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
index 8335e51f6..77bd6782c 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation constraints hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation constraints hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat
index 182f9e0fc..008ff2cf8 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::certificate was revoked::YES
+moon:: cat /var/log/daemon.log::certificate was revoked::YES
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-moon::ipsec status::alice.*ESTABLISHED::NO
-carol::ipsec status::home.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
index a042da6d5..297e348ea 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
index ef1beae7e..a3517967a 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat b/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat
index a594745b7..90ee6a7a4 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat
@@ -1,6 +1,6 @@
-carol::ipsec status::alice.*INSTALLED::YES
-carol::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::ESTABLISHED.*carol@strongswan.org::YES
-dave::ipsec status::venus.*INSTALLED::YES
-dave::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::ESTABLISHED.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
index 6fcc1578e..d65d37be2 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
index c4b41aa06..121f7d41a 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
index 9c02993e7..a49c833b8 100755..100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/evaltest.dat b/testing/tests/ikev2/multi-level-ca/evaltest.dat
index b0814556d..e1c5be4ed 100644
--- a/testing/tests/ikev2/multi-level-ca/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca/evaltest.dat
@@ -1,19 +1,19 @@
-moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
-moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
-moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
-carol::ipsec status::alice.*INSTALLED::YES
-moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org::YES
carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-carol::ipsec status::venus.*INSTALLED::NO
-moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO
-moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
-moon::cat /var/log/daemon.log::switching to peer config.*venus::YES
-dave::ipsec status::venus.*INSTALLED::YES
-moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
-dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
-dave::ipsec status::alice.*INSTALLED::NO
-moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO
+carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*dave@strongswan.org::NO
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf
index 174e248c2..909118fb1 100755..100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf
index 5c90dd4a2..95777460e 100755..100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
index d0240a333..3a5aaa6b6 100755..100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/nat-one-rw/description.txt b/testing/tests/ikev2/nat-one-rw/description.txt
deleted file mode 100644
index c3b9bb820..000000000
--- a/testing/tests/ikev2/nat-one-rw/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarrior <b>alice</b> sitting behind the NAT router <b>moon</b> sets up a tunnel to
-gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnel, the NAT-ed host <b>alice</b> pings the
-client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/nat-one-rw/evaltest.dat b/testing/tests/ikev2/nat-one-rw/evaltest.dat
deleted file mode 100644
index 7395e5571..000000000
--- a/testing/tests/ikev2/nat-one-rw/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::nat-t.*INSTALLED::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 6d9e62e1d..000000000
--- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- keep_alive = 1d
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index a2c168601..000000000
--- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftfirewall=yes
-
-conn net-net
- leftsubnet=10.2.0.0/16
- right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
- rightid=@moon.strongswan.org
- auto=add
-
-conn host-host
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- auto=add
-
-conn nat-t
- leftsubnet=10.2.0.0/16
- right=%any
- rightsubnet=10.1.0.10/32
- auto=add
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index 339b56987..000000000
--- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-one-rw/posttest.dat b/testing/tests/ikev2/nat-one-rw/posttest.dat
deleted file mode 100644
index cd0d4df25..000000000
--- a/testing/tests/ikev2/nat-one-rw/posttest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-alice::ipsec stop
-sun::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-moon::iptables -t nat -F
-moon::conntrack -F
diff --git a/testing/tests/ikev2/nat-one-rw/pretest.dat b/testing/tests/ikev2/nat-one-rw/pretest.dat
deleted file mode 100644
index a4f5ecd79..000000000
--- a/testing/tests/ikev2/nat-one-rw/pretest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-alice::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::conntrack -F
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-alice::ipsec start
-sun::ipsec start
-alice::sleep 4
-alice::ipsec up nat-t
-alice::sleep 1
-
diff --git a/testing/tests/ikev2/nat-portswitch/description.txt b/testing/tests/ikev2/nat-portswitch/description.txt
deleted file mode 100644
index 93b779ee1..000000000
--- a/testing/tests/ikev2/nat-portswitch/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-The roadwarrior <b>alice</b> sitting behind the NAT router <b>moon</b> sets up a connection
-to gateway <b>sun</b> using IKEv2. UDP encapsulation is used to traverse the NAT router.
-The authentication is based on locally loaded <b>X.509 certificates</b>.
-After the IPsec Setup NAT router moon "crashes" (i.e. flushes its conntrack
-table) and with the next dpd sent from <b>alice</b> a dynamical address update
-should occur in gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/nat-portswitch/evaltest.dat b/testing/tests/ikev2/nat-portswitch/evaltest.dat
deleted file mode 100644
index 75b01a551..000000000
--- a/testing/tests/ikev2/nat-portswitch/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-sun::ipsec statusall::rw-alice.*ESTABLISHED::YES
-alice::ipsec statusall::home.*ESTABLISHED::YES
-moon::cmd::iptables -t nat -F::YES
-moon::cmd::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:3024-3100::YES
-moon::cmd::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:4000-4100::YES
-moon::cmd::conntrack -F::YES
-alice::cmd::sleep 75::YES
-bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP, length: 132::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP, length: 132::YES
diff --git a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf
deleted file mode 100644
index cd9de533a..000000000
--- a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-version 2.0 # conforms to second version of ipsec.conf specification
-
-config setup
- plutostart=no
-
-conn home
- left=PH_IP_ALICE
- leftcert=aliceCert.pem
- leftid=alice@strongswan.org
- right=PH_IP_SUN
- rightcert=sunCert.pem
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem
deleted file mode 100644
index e7825e3db..000000000
--- a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMTU1M1oXDTA5MDkwOTExMTU1M1owRTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ8
-foB9h5BZ92gA5JkQTJNuoF6FAzoq91Gh7To27/g74p01+SUnsSaBfPmNfGp4avdS
-Ewy2dWMA/7uj0Dbe8MEKssNztp0JQubp2s7n8mrrQLGsqB6YAS09l75XDjS3yqTC
-AtH1kD4zAl/j/AyeQBuLR4CyJEmC/rqD3/a+pr42CaljuFBgBRpCTUpU4mlslZSe
-zv9wu61PwTFxb8VDlBHUd/lwkXThKgU3uEhWRxLahpSldEGmiTTmx30k/XbOMF2n
-HObEHt5EY9uWRGGbj81ZRWiNk0dNtbpneUHv/NvdWLc591M8cEGEQdWW2XTVbL2G
-N67q8hdzGgIvb7QJPMcCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBQ9xLkyCBbyQmRet0vvV1Fg6z5q2DBtBgNVHSMEZjBkgBRd
-p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
-EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
-ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwOQYDVR0fBDIwMDAuoCyg
-KoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLmNybDANBgkq
-hkiG9w0BAQQFAAOCAQEAGQQroiAa0SwwhJprGd7OM+rfBJAGbsa3DPzFCfHX1R7i
-ZyDs9aph1DK+IgUa377Ev1U7oB0EldpmOoJJugCjtNLfpW3t1RXBERL/QfpO2+VP
-Wt3SfZ0Oq48jiqB1MVLMZRPCICZEQjT4sJ3HYs5ZuucuvoxeMx3rQ4HxUtHtMD3S
-5JNMwFFiOXAjyIyrTlb7YuRJTT5hE+Rms8GUQ5Xnt7zKZ7yfoSLFzy0/cLFPdQvE
-JA7w8crODCZpDgEKVHVyUWuyt1O46N3ydUfDcnKJoQ9HWHm3xCbDex5MHTnvm1lk
-Stx71CGM7TE6VPy028UlrSw0JqEwCVwstei2cMzwgA==
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem
deleted file mode 100644
index e99ae8ec7..000000000
--- a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
-MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer
-GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4
-FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W
-6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH
-v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc
-KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG
-A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa
-60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
-A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0
-cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu
-Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo
-2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ
-AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5
-D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S
-CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi
-6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re
-JGhV
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-portswitch/posttest.dat b/testing/tests/ikev2/nat-portswitch/posttest.dat
deleted file mode 100644
index 3b9f53e9b..000000000
--- a/testing/tests/ikev2/nat-portswitch/posttest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-sun::ipsec stop
-alice::ipsec stop
-sun::rm /etc/ipsec.d/certs/*
-alice::rm /etc/ipsec.d/certs/*
-moon::iptables -t nat -F
-moon::conntrack -F
diff --git a/testing/tests/ikev2/nat-portswitch/pretest.dat b/testing/tests/ikev2/nat-portswitch/pretest.dat
deleted file mode 100644
index 17cc4b070..000000000
--- a/testing/tests/ikev2/nat-portswitch/pretest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-sun::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-sun::ipsec start
-alice::ipsec start
-alice::sleep 1
-alice::ipsec up home
-alice::sleep 1
diff --git a/testing/tests/ikev2/nat-two-rw-mark/description.txt b/testing/tests/ikev2/nat-rw-mark/description.txt
index 2a93d11d8..2a93d11d8 100644
--- a/testing/tests/ikev2/nat-two-rw-mark/description.txt
+++ b/testing/tests/ikev2/nat-rw-mark/description.txt
diff --git a/testing/tests/ikev2/nat-two-rw-mark/evaltest.dat b/testing/tests/ikev2/nat-rw-mark/evaltest.dat
index 74ba178d9..db9e969d2 100644
--- a/testing/tests/ikev2/nat-two-rw-mark/evaltest.dat
+++ b/testing/tests/ikev2/nat-rw-mark/evaltest.dat
@@ -1,9 +1,11 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-venus::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::alice.*ESTABLISHED.*alice@strongswan.org::YES
-sun::ipsec statusall::venus.*ESTABLISHED.*venus.strongswan.org::YES
-sun::ipsec statusall::alice.*10.2.0.0/16 === 10.1.0.0/25::YES
-sun::ipsec statusall::venus.*10.2.0.0/16 === 10.1.0.0/25::YES
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES
+sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf
index 0f7c23845..4c29a07d5 100755..100644
--- a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
index ae4644c4b..aac963e91 100755..100644
--- a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="knl 2"
conn %default
diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown
index 0d22e684d..0d22e684d 100755
--- a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf
index c82c3e978..38ef469c5 100755..100644
--- a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat b/testing/tests/ikev2/nat-rw-mark/posttest.dat
index 89d5f534b..89d5f534b 100644
--- a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat
+++ b/testing/tests/ikev2/nat-rw-mark/posttest.dat
diff --git a/testing/tests/ikev2/nat-two-rw-mark/pretest.dat b/testing/tests/ikev2/nat-rw-mark/pretest.dat
index 105968f45..3ed13d5fa 100644
--- a/testing/tests/ikev2/nat-two-rw-mark/pretest.dat
+++ b/testing/tests/ikev2/nat-rw-mark/pretest.dat
@@ -1,6 +1,6 @@
+sun::/etc/init.d/iptables start 2> /dev/null
alice::/etc/init.d/iptables start 2> /dev/null
venus::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON
moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 500 -j SNAT --to PH_IP_MOON:510
@@ -11,9 +11,9 @@ sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3.
sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20
sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 10
sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 20
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
alice::sleep 2
alice::ipsec up nat-t
venus::sleep 2
diff --git a/testing/tests/ikev2/nat-two-rw-mark/test.conf b/testing/tests/ikev2/nat-rw-mark/test.conf
index ae3c190b8..ae3c190b8 100644
--- a/testing/tests/ikev2/nat-two-rw-mark/test.conf
+++ b/testing/tests/ikev2/nat-rw-mark/test.conf
diff --git a/testing/tests/ikev2/nat-rw-mixed/description.txt b/testing/tests/ikev2/nat-rw-mixed/description.txt
deleted file mode 100644
index 511a1a874..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b>
-set up a connection to gateway <b>sun</b>. <b>alice</b> uses the IKEv2 key exchange protocol
-whereas <b>venus</b> negotiates the connection via the IKEv1 protocol.
-UDP encapsulation is used to traverse the NAT router.
-In order to test the tunnel the NAT-ed hosts <b>alice</b> and <b>venus</b> ping the client
-<b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev2/nat-rw-mixed/evaltest.dat b/testing/tests/ikev2/nat-rw-mixed/evaltest.dat
deleted file mode 100644
index 685c1b43f..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-sun::ipsec statusall::rw-alice.*ESTABLISHED::YES
-sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
-sun::ipsec status::nat-t.*@venus.strongswan.org::YES
-alice::ipsec statusall::home.*ESTABLISHED::YES
-sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf
deleted file mode 100644
index cd9de533a..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-version 2.0 # conforms to second version of ipsec.conf specification
-
-config setup
- plutostart=no
-
-conn home
- left=PH_IP_ALICE
- leftcert=aliceCert.pem
- leftid=alice@strongswan.org
- right=PH_IP_SUN
- rightcert=sunCert.pem
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem
deleted file mode 100644
index e7825e3db..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMTU1M1oXDTA5MDkwOTExMTU1M1owRTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ8
-foB9h5BZ92gA5JkQTJNuoF6FAzoq91Gh7To27/g74p01+SUnsSaBfPmNfGp4avdS
-Ewy2dWMA/7uj0Dbe8MEKssNztp0JQubp2s7n8mrrQLGsqB6YAS09l75XDjS3yqTC
-AtH1kD4zAl/j/AyeQBuLR4CyJEmC/rqD3/a+pr42CaljuFBgBRpCTUpU4mlslZSe
-zv9wu61PwTFxb8VDlBHUd/lwkXThKgU3uEhWRxLahpSldEGmiTTmx30k/XbOMF2n
-HObEHt5EY9uWRGGbj81ZRWiNk0dNtbpneUHv/NvdWLc591M8cEGEQdWW2XTVbL2G
-N67q8hdzGgIvb7QJPMcCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBQ9xLkyCBbyQmRet0vvV1Fg6z5q2DBtBgNVHSMEZjBkgBRd
-p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
-EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
-ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwOQYDVR0fBDIwMDAuoCyg
-KoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLmNybDANBgkq
-hkiG9w0BAQQFAAOCAQEAGQQroiAa0SwwhJprGd7OM+rfBJAGbsa3DPzFCfHX1R7i
-ZyDs9aph1DK+IgUa377Ev1U7oB0EldpmOoJJugCjtNLfpW3t1RXBERL/QfpO2+VP
-Wt3SfZ0Oq48jiqB1MVLMZRPCICZEQjT4sJ3HYs5ZuucuvoxeMx3rQ4HxUtHtMD3S
-5JNMwFFiOXAjyIyrTlb7YuRJTT5hE+Rms8GUQ5Xnt7zKZ7yfoSLFzy0/cLFPdQvE
-JA7w8crODCZpDgEKVHVyUWuyt1O46N3ydUfDcnKJoQ9HWHm3xCbDex5MHTnvm1lk
-Stx71CGM7TE6VPy028UlrSw0JqEwCVwstei2cMzwgA==
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index b85bd607b..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-version 2.0 # conforms to second version of ipsec.conf specification
-
-config setup
- plutodebug=control
- crlcheckinterval=180
- nat_traversal=yes
-
-conn %default
- ikelifetime=60m
- keylife=20m
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
-
-conn rw-alice
- right=%any
- rightcert=aliceCert.pem
- rightid=alice@strongswan.org
- rightsubnet=10.1.0.0/16
- keyexchange=ikev2
- auto=add
-
-conn nat-t
- leftsubnet=10.2.0.0/16
- right=%any
- rightsubnetwithin=10.1.0.0/16
- keyexchange=ikev1
- auto=add
diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem
deleted file mode 100644
index e99ae8ec7..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
-MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer
-GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4
-FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W
-6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH
-v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc
-KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG
-A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa
-60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
-A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0
-cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu
-Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo
-2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ
-AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5
-D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S
-CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi
-6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re
-JGhV
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem
deleted file mode 100644
index 25a6941b0..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBBDANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMTgyNloXDTA5MDkwOTExMTgyNlowRzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHTAbBgNVBAMTFHZlbnVz
-LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-mlQ2s9J7bw73onkw0ZwwcM2JDJuU3KmmuzETlmLdtg7m8yFCdhoDg6cxrsIvPAWy
-Gs++1e+1qzy7LTnNHckaHHFwJQf0JoIGE1bbUrJidX8B1T3sDdvZFbyfmQTWSEyJ
-thrdqdPS92VJW/9XQOPeEhudIHr+NtWQfCm3OQFKDXGCEkHOjpVNHn3BPUiL99ON
-FiLZX3gZy6vTERpEE8ga66fHtpM3RJfIxYoUQUdRw8iIa8iOvRGtJa/MfOWX6L/H
-wquRv3SuCl4iMSph7e/VE+z5xx3OyKSAki914DgRFnQITKjyGxw1lORlDQlZy2w/
-nu0BAbXS1pb/2AiF8jDpbQIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E
-BAMCA6gwHQYDVR0OBBYEFEqPlXBYJh1knX0Q61HMcn9LOZ6sMG0GA1UdIwRmMGSA
-FF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UE
-ChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENB
-ggEAMB8GA1UdEQQYMBaCFHZlbnVzLnN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAw
-LqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmww
-DQYJKoZIhvcNAQEEBQADggEBAEx3kXh2Z5CMH+tX6cJPyi6gSeOgXy7NBiNsEdXN
-rwGp4DwN6uiSog4EYZJA203oqE3eaoYdBXKiOGvjW4vyigvpDr8H+MeW2HsNuMKX
-PFpY4NucV0fJlzFhtkp31zTLHNESCgTqNIwGj+CbN0rxhHGE6502krnu+C12nJ7B
-fdMzml1RmVp4JlZC5yfiTy0F2s/aH+8xQ2x509UoD+boNM9GR+IlWS2dDypISGid
-hbM4rpiMLBj2riWD8HiuljkKQ6LemBXeZQXuIPlusl7cH/synNkHk8iiALM8xfGh
-wTEmdo5Tp5sDI3cj3LVvhcsTxjiOA81her1F0itlxpEA/gA=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-rw-mixed/posttest.dat b/testing/tests/ikev2/nat-rw-mixed/posttest.dat
deleted file mode 100644
index 0a8ce2bbc..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/posttest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-sun::ipsec stop
-alice::ipsec stop
-venus::ipsec stop
-sun::rm /etc/ipsec.d/certs/*
-alice::rm /etc/ipsec.d/certs/*
-moon::iptables -t nat -F
diff --git a/testing/tests/ikev2/nat-rw-mixed/pretest.dat b/testing/tests/ikev2/nat-rw-mixed/pretest.dat
deleted file mode 100644
index d2c5c7df2..000000000
--- a/testing/tests/ikev2/nat-rw-mixed/pretest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-sun::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-sun::ipsec start
-alice::ipsec start
-venus::ipsec start
-alice::sleep 1
-venus::ipsec up nat-t
-alice::ipsec up home
-alice::sleep 1
diff --git a/testing/tests/ikev2/nat-two-rw-psk/description.txt b/testing/tests/ikev2/nat-rw-psk/description.txt
index c74897d9a..c74897d9a 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/description.txt
+++ b/testing/tests/ikev2/nat-rw-psk/description.txt
diff --git a/testing/tests/ikev2/nat-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-rw-psk/evaltest.dat
new file mode 100644
index 000000000..051db978a
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw-psk/evaltest.dat
@@ -0,0 +1,9 @@
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED. TUNNEL, ESP in UDP::YES
+sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_ALICE\]::YES
+sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_VENUS\]::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf
index e0ccbb812..089e91ed7 100755..100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets
index d61e3eb48..d61e3eb48 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..924fd4757
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf
index d6b5d4d6f..e939d89ae 100755..100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets
index 5f2955503..5f2955503 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..924fd4757
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf
index e0ccbb812..089e91ed7 100755..100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets
index 9cd66b1df..9cd66b1df 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets
diff --git a/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..924fd4757
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/posttest.dat b/testing/tests/ikev2/nat-rw-psk/posttest.dat
index 52572ece8..52572ece8 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/posttest.dat
+++ b/testing/tests/ikev2/nat-rw-psk/posttest.dat
diff --git a/testing/tests/ikev2/nat-two-rw-psk/pretest.dat b/testing/tests/ikev2/nat-rw-psk/pretest.dat
index 5e23259bb..6a542ec8f 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/pretest.dat
+++ b/testing/tests/ikev2/nat-rw-psk/pretest.dat
@@ -7,9 +7,9 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-
alice::rm /etc/ipsec.d/cacerts/*
venus::rm /etc/ipsec.d/cacerts/*
sun::rm /etc/ipsec.d/cacerts/*
+sun::ipsec start
alice::ipsec start
venus::ipsec start
-sun::ipsec start
alice::sleep 2
alice::ipsec up nat-t
venus::sleep 2
diff --git a/testing/tests/ikev2/nat-rw-mixed/test.conf b/testing/tests/ikev2/nat-rw-psk/test.conf
index 84317fd70..84317fd70 100644
--- a/testing/tests/ikev2/nat-rw-mixed/test.conf
+++ b/testing/tests/ikev2/nat-rw-psk/test.conf
diff --git a/testing/tests/ikev2/nat-two-rw/description.txt b/testing/tests/ikev2/nat-rw/description.txt
index dcf4b94bd..dcf4b94bd 100644
--- a/testing/tests/ikev2/nat-two-rw/description.txt
+++ b/testing/tests/ikev2/nat-rw/description.txt
diff --git a/testing/tests/ikev2/nat-rw/evaltest.dat b/testing/tests/ikev2/nat-rw/evaltest.dat
new file mode 100644
index 000000000..e0b458dba
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw/evaltest.dat
@@ -0,0 +1,18 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun:: ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon:: sleep 6::no output expected::NO
+bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+alice::cat /var/log/daemon.log::sending keep alive::YES
+venus::cat /var/log/daemon.log::sending keep alive::YES
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf
index 3da2fcf86..3e85551c9 100755..100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
@@ -13,7 +10,7 @@ conn %default
keyexchange=ikev2
conn nat-t
- left=%defaultroute
+ left=%any
leftcert=aliceCert.pem
leftid=alice@strongswan.org
leftfirewall=yes
diff --git a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..dabff38e4
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+ keep_alive = 5
+}
diff --git a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf
index a7722142f..06105ade0 100644
--- a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf
@@ -1,20 +1,20 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-version 2.0 # conforms to second version of ipsec.conf specification
-
config setup
- plutostart=no
conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn nat-t
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
+ leftfirewall=yes
leftsubnet=10.2.0.0/16
- keyexchange=ikev2
-
-conn rw-alice
right=%any
- rightcert=aliceCert.pem
- rightid=alice@strongswan.org
rightsubnet=10.1.0.0/16
auto=add
diff --git a/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca23c6971
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf
index 3a70b3434..57364be7f 100755..100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
@@ -13,7 +10,7 @@ conn %default
keyexchange=ikev2
conn nat-t
- left=%defaultroute
+ left=%any
leftcert=venusCert.pem
leftid=@venus.strongswan.org
leftfirewall=yes
diff --git a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..dabff38e4
--- /dev/null
+++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+ keep_alive = 5
+}
diff --git a/testing/tests/ikev2/nat-two-rw/posttest.dat b/testing/tests/ikev2/nat-rw/posttest.dat
index 52572ece8..52572ece8 100644
--- a/testing/tests/ikev2/nat-two-rw/posttest.dat
+++ b/testing/tests/ikev2/nat-rw/posttest.dat
diff --git a/testing/tests/ikev2/nat-two-rw/pretest.dat b/testing/tests/ikev2/nat-rw/pretest.dat
index e365ff5c5..e365ff5c5 100644
--- a/testing/tests/ikev2/nat-two-rw/pretest.dat
+++ b/testing/tests/ikev2/nat-rw/pretest.dat
diff --git a/testing/tests/ikev2/nat-two-rw-psk/test.conf b/testing/tests/ikev2/nat-rw/test.conf
index 84317fd70..84317fd70 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/test.conf
+++ b/testing/tests/ikev2/nat-rw/test.conf
diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 339b56987..000000000
--- a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index 339b56987..000000000
--- a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf
deleted file mode 100644
index 339b56987..000000000
--- a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat
deleted file mode 100644
index 2cab168f0..000000000
--- a/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-venus::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec status::nat-t.*\[PH_IP_ALICE\]::YES
-sun::ipsec status::nat-t.*\[PH_IP_VENUS\]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 882ea04a5..000000000
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index 882ea04a5..000000000
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
deleted file mode 100644
index 882ea04a5..000000000
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw/evaltest.dat b/testing/tests/ikev2/nat-two-rw/evaltest.dat
deleted file mode 100644
index bd0a4b52b..000000000
--- a/testing/tests/ikev2/nat-two-rw/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-venus::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec status::alice@strongswan.org::YES
-sun::ipsec status::venus.strongswan.org::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 339b56987..000000000
--- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index 339b56987..000000000
--- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
deleted file mode 100644
index 339b56987..000000000
--- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
-}
diff --git a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat
index 75d5ffbd3..9c98e312a 100644
--- a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat
+++ b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat
@@ -1,6 +1,6 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
-moon::cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf
index e43e0d785..46fc364dd 100755..100644
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
index cb3d46293..8e685c862 100644
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf
index 9cede8d56..1d7ba47ee 100755..100644
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
index cb3d46293..8e685c862 100644
--- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-cert/evaltest.dat b/testing/tests/ikev2/net2net-cert/evaltest.dat
index e67c39a08..c98f5d78d 100644
--- a/testing/tests/ikev2/net2net-cert/evaltest.dat
+++ b/testing/tests/ikev2/net2net-cert/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf
index 562f26826..2d31a19d2 100755..100644
--- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
index cb17a9e07..94e0b2a62 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf
index 24e5df519..06bfa038b 100755..100644
--- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
index cb17a9e07..94e0b2a62 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-esn/evaltest.dat b/testing/tests/ikev2/net2net-esn/evaltest.dat
index 928783c87..63058eb88 100644
--- a/testing/tests/ikev2/net2net-esn/evaltest.dat
+++ b/testing/tests/ikev2/net2net-esn/evaltest.dat
@@ -1,14 +1,16 @@
-sun::cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES
-sun::cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
-sun::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
-moon::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
-moon::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
+sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES
+sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES
+sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
+moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
+moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES
alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
-moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES
-sun::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
+sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
index 98f4864d3..3418e63c4 100755..100644
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="cfg 2, knl 2"
conn %default
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
index 26fde389e..f0b6c906f 100755..100644
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="cfg 2, knl 2"
conn %default
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
index 1a3759e34..97dd63c5a 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
+++ b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec status::net-net.*INSTALLED::YES
-sun::ipsec status::net-net.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed.*sun <sun.strongswan.org>::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun <sun.strongswan.org>.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
index 405cd06bf..7601113ab 100755..100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
index 949b9af16..8accff27c 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
index 4460106de..641c3d929 100755..100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
index 949b9af16..8accff27c 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
index 1a3759e34..4615c3ed8 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
+++ b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec status::net-net.*INSTALLED::YES
-sun::ipsec status::net-net.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf
index d059cb1da..06a26b64b 100755..100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
index 949b9af16..8accff27c 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf
index 198f2a8a8..cff03c4c6 100755..100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
index 949b9af16..8accff27c 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random nonce stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
index 5881d9246..1556143cf 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
+++ b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
@@ -1,7 +1,7 @@
-moon::ipsec statusall::dscp-be.*ESTABLISHED::YES
-moon::ipsec statusall::dscp-ef.*ESTABLISHED::YES
-sun::ipsec statusall::dscp-be.*ESTABLISHED::YES
-sun::ipsec statusall::dscp-ef.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*moon-be.*sun-be::YES
+moon:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*moon-ef.*sun-ef::YES
+sun:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*sun-be.*moon-be::YES
+sun:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*sun-ef.*moon-ef::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
index d78d27c1a..aeaebe1f4 100755..100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="knl 2"
conn %default
@@ -15,15 +12,15 @@ conn %default
mobike=no
conn dscp-be
- leftid=@sun-be
- rightid=@moon-be
+ leftid=@moon-be
+ rightid=@sun-be
mark=10
also=net-net
auto=add
conn dscp-ef
- leftid=@sun-ef
- rightid=@moon-ef
+ leftid=@moon-ef
+ rightid=@sun-ef
mark=20
also=net-net
auto=add
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
index 5e8f49b17..54cdfd9bc 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
index 9d2ef7471..8b54476fd 100755..100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="knl 2"
conn %default
@@ -15,15 +12,15 @@ conn %default
mobike=no
conn dscp-be
- leftid=@moon-be
- rightid=@sun-be
+ leftid=@sun-be
+ rightid=@moon-be
mark=10
also=net-net
auto=add
conn dscp-ef
- leftid=@moon-ef
- rightid=@sun-ef
+ leftid=@sun-ef
+ rightid=@moon-ef
mark=20
also=net-net
auto=add
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
index 5e8f49b17..54cdfd9bc 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-psk-fail/description.txt b/testing/tests/ikev2/net2net-psk-fail/description.txt
new file mode 100644
index 000000000..d41b2c954
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/description.txt
@@ -0,0 +1,4 @@
+A connection between the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b>
+uses a wrong PSK. Therefore the connection setup is aborted by gateway <b>sun</b>
+by sending an <b>AUTHENTICATION_FAILED</b> notify error.
diff --git a/testing/tests/ikev2/net2net-psk-fail/evaltest.dat b/testing/tests/ikev2/net2net-psk-fail/evaltest.dat
new file mode 100644
index 000000000..3f5092893
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/evaltest.dat
@@ -0,0 +1,6 @@
+sun:: cat /var/log/daemon.log::tried 1 shared key for.*sun.strongswan.org.*moon.strongswan.org.*but MAC mismatched::YES
+moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::NO
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::NO
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf
index 8db43213f..f495194a7 100755..100644
--- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf
@@ -1,23 +1,22 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
+ authby=secret
keyexchange=ikev2
+ mobike=no
-conn nat-t
- left=%defaultroute
- leftcert=aliceCert.pem
- leftid=alice@strongswan.org
+conn net-net
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=@moon.strongswan.org
leftfirewall=yes
right=PH_IP_SUN
- rightid=@sun.strongswan.org
rightsubnet=10.2.0.0/16
+ rightid=@sun.strongswan.org
auto=add
diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..38ebf966c
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,4 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx
+
diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..5db4358d6
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf
index d8b426318..26f16ac6e 100755..100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf
@@ -1,35 +1,22 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
+ authby=secret
keyexchange=ikev2
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftfirewall=yes
+ mobike=no
conn net-net
+ left=PH_IP_SUN
leftsubnet=10.2.0.0/16
+ leftid=@sun.strongswan.org
+ leftfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
auto=add
-
-conn host-host
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- auto=add
-
-conn nat-t
- leftsubnet=10.2.0.0/16
- right=%any
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..be95c4d99
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+
+
+
diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..5db4358d6
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/ikev2/net2net-psk-fail/posttest.dat b/testing/tests/ikev2/net2net-psk-fail/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/net2net-psk-fail/pretest.dat b/testing/tests/ikev2/net2net-psk-fail/pretest.dat
new file mode 100644
index 000000000..976a196db
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk-fail/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1
+moon::ipsec up net-net
diff --git a/testing/tests/ikev2/nat-two-rw/test.conf b/testing/tests/ikev2/net2net-psk-fail/test.conf
index 84317fd70..f6e064e7d 100644
--- a/testing/tests/ikev2/nat-two-rw/test.conf
+++ b/testing/tests/ikev2/net2net-psk-fail/test.conf
@@ -5,17 +5,17 @@
# All UML instances that are required for this test
#
-UMLHOSTS="alice venus moon winnetou sun bob"
+UMLHOSTS="moon winnetou sun"
# Corresponding block diagram
#
-DIAGRAM="a-v-m-w-s-b.png"
+DIAGRAM="m-w-s.png"
# UML instances on which tcpdump is to be started
#
-TCPDUMPHOSTS="moon"
+TCPDUMPHOSTS=""
# UML instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="alice venus sun"
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev2/net2net-psk/evaltest.dat b/testing/tests/ikev2/net2net-psk/evaltest.dat
index e67c39a08..c98f5d78d 100644
--- a/testing/tests/ikev2/net2net-psk/evaltest.dat
+++ b/testing/tests/ikev2/net2net-psk/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf
index 15d8ddb11..f495194a7 100755..100644
--- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
index 4e2fcf17b..5db4358d6 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf
index e145d9974..26f16ac6e 100755..100644
--- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
index 4e2fcf17b..5db4358d6 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-pubkey/evaltest.dat b/testing/tests/ikev2/net2net-pubkey/evaltest.dat
index 0ccfb7efd..e47e709e2 100644
--- a/testing/tests/ikev2/net2net-pubkey/evaltest.dat
+++ b/testing/tests/ikev2/net2net-pubkey/evaltest.dat
@@ -1,7 +1,7 @@
-moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status::INSTALLED, TUNNEL::YES
-sun::ipsec status::INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
index 945cf3a40..29d15a6b5 100755..100644
--- a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf
index 0581bae5c..3cd90047f 100644
--- a/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+ load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
}
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
index 5c07de8a2..c60cf918f 100755..100644
--- a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf
index 0581bae5c..3cd90047f 100644
--- a/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pubkey/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+ load = sha1 sha2 md5 aes des hmac gmp pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat
index 149cf727a..59d0372dc 100644
--- a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat
+++ b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat
@@ -1,15 +1,15 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
-moon::cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES
-moon::cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES
-moon::cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
-moon::cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
-sun::cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES
-sun::cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES
-sun::cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
-sun::cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
-moon::cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES
-sun::cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES
+moon:: cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES
+moon:: cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
+moon:: cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
+sun:: cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES
+sun:: cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES
+sun:: cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
+sun:: cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES
+moon:: cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES
+sun:: cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
index ce59d849c..9ba918893 100755..100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="cfg 2"
conn %default
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
index 025e1c222..f1e81ea2f 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
index afc2e399e..d41e43a5c 100755..100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="cfg 2"
conn %default
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
index 025e1c222..f1e81ea2f 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation addrblock hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/evaltest.dat b/testing/tests/ikev2/net2net-route/evaltest.dat
index a89e5a298..63d1cde24 100644
--- a/testing/tests/ikev2/net2net-route/evaltest.dat
+++ b/testing/tests/ikev2/net2net-route/evaltest.dat
@@ -1,6 +1,8 @@
-moon::cat /var/log/daemon.log::creating acquire job::YES
-moon::ipsec statusall::net-net.*INSTALLED::YES
-sun::ipsec statusall::net-net.*INSTALLED::YES
+moon:: cat /var/log/daemon.log::creating acquire job::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf
index 8a2f8b77c..c374cd6b4 100755..100644
--- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf
index 24e5df519..06bfa038b 100755..100644
--- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-rsa/evaltest.dat b/testing/tests/ikev2/net2net-rsa/evaltest.dat
index 0ccfb7efd..e47e709e2 100644
--- a/testing/tests/ikev2/net2net-rsa/evaltest.dat
+++ b/testing/tests/ikev2/net2net-rsa/evaltest.dat
@@ -1,7 +1,7 @@
-moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status::INSTALLED, TUNNEL::YES
-sun::ipsec status::INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf
index 61b9b710a..9cac82eaf 100755..100644
--- a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf
index 3bc16ccda..e1efec866 100644
--- a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+ load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
}
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf
index 24e20dc25..3a89b4088 100755..100644
--- a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf
index 3bc16ccda..e1efec866 100644
--- a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random curl kernel-netlink socket-default stroke updown
+ load = sha1 sha2 md5 aes des hmac gmp dnskey pem pkcs1 pubkey random nonce curl kernel-netlink socket-default stroke updown
}
diff --git a/testing/tests/ikev2/net2net-same-nets/evaltest.dat b/testing/tests/ikev2/net2net-same-nets/evaltest.dat
index bf99bb278..1ca7e2d60 100644
--- a/testing/tests/ikev2/net2net-same-nets/evaltest.dat
+++ b/testing/tests/ikev2/net2net-same-nets/evaltest.dat
@@ -1,7 +1,9 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_seq=1::YES
-bob::ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES
+bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf
index 8f43a4f6e..077a3ed08 100755..100644
--- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf
index 33e1e6656..af85e186a 100755..100644
--- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/evaltest.dat b/testing/tests/ikev2/net2net-start/evaltest.dat
index 244dec5bf..dbd06104f 100644
--- a/testing/tests/ikev2/net2net-start/evaltest.dat
+++ b/testing/tests/ikev2/net2net-start/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec statusall::net-net.*INSTALLED::YES
-sun::ipsec statusall::net-net.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf
index 1cc812864..fa611ff09 100755..100644
--- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf
index 24e5df519..06bfa038b 100755..100644
--- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/net2net-start/pretest.dat b/testing/tests/ikev2/net2net-start/pretest.dat
index 6e41d5245..8f3d17207 100644
--- a/testing/tests/ikev2/net2net-start/pretest.dat
+++ b/testing/tests/ikev2/net2net-start/pretest.dat
@@ -3,4 +3,4 @@ sun::/etc/init.d/iptables start 2> /dev/null
sun::ipsec start
sun::sleep 2
moon::ipsec start
-alice::sleep 3
+moon::sleep 3
diff --git a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat
index c08a17943..e931afb7e 100644
--- a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat
@@ -1,12 +1,12 @@
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::requesting ocsp status from::YES
-moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
-moon::cat /var/log/daemon.log::ocsp response is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
-carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
+moon:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES
+moon:: cat /var/log/daemon.log::requesting ocsp status from::YES
+moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon:: cat /var/log/daemon.log::ocsp response is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
+carol::ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES
carol::cat /var/log/daemon.log::requesting ocsp status from::YES
carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES
carol::cat /var/log/daemon.log::ocsp response is valid::YES
carol::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf
index e2602f08a..05e27f641 100755..100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf
index 119d14a42..e441e661f 100755..100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat
index 768de938b..c41a668f0 100644
--- a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat
@@ -1,10 +1,10 @@
-moon::ipsec listocspcerts::altNames.*ocsp.*strongswan.org::YES
-carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-dave::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
+moon:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.*strongswan.org::YES
+carol::ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES
+dave:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
carol::cat /var/log/daemon.log::certificate status is good::YES
-dave::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec status::ESTABLISHED.*carol::YES
-moon::ipsec status::ESTABLISHED.*dave::YES
-carol::ipsec status::ESTABLISHED::YES
-dave::ipsec status::ESTABLISHED::YES
+dave:: cat /var/log/daemon.log::certificate status is good::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*CN=carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*CN=dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::ESTABLISHED.*CN=carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::ESTABLISHED.*CN=dave@strongswan.org.*moon.strongswan.org::YES
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf
index 259997f5c..4d3aa1cc6 100755..100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf
index 0763d1734..756d6ec51 100755..100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf
index b0e8336e6..630117af9 100755..100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
index a0a045ce8..a2ce5ad93 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
@@ -1,7 +1,7 @@
-moon::cat /var/log/daemon.log::requesting ocsp status from::YES
-moon::cat /var/log/daemon.log::ocsp response verification failed::YES
-moon::cat /var/log/daemon.log::certificate status is not available::YES
-moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
-moon::ipsec status::rw.*ESTABLISHED::NO
+moon:: cat /var/log/daemon.log::requesting ocsp status from::YES
+moon:: cat /var/log/daemon.log::ocsp response verification failed::YES
+moon:: cat /var/log/daemon.log::certificate status is not available::YES
+moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-carol::ipsec status::home.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/ipsec.conf
index ba9779cb5..05e27f641 100755..100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/ipsec.conf
@@ -2,7 +2,6 @@
config setup
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/ipsec.conf
index b79c056ab..e441e661f 100755..100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/ipsec.conf
@@ -2,7 +2,6 @@
config setup
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/evaltest.dat b/testing/tests/ikev2/ocsp-revoked/evaltest.dat
index 2c3196103..97006c93e 100644
--- a/testing/tests/ikev2/ocsp-revoked/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-revoked/evaltest.dat
@@ -1,8 +1,8 @@
-moon::cat /var/log/daemon.log::requesting ocsp status from::YES
-moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
-moon::cat /var/log/daemon.log::certificate was revoked on::YES
-moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature failed
+moon:: cat /var/log/daemon.log::requesting ocsp status from::YES
+moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon:: cat /var/log/daemon.log::certificate was revoked on::YES
+moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature failed
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-moon::ipsec status::rw.*ESTABLISHED::NO
-carol::ipsec status::home.*ESTABLISHED::NO
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf
index 0d7cf5928..94eb58621 100755..100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf
index 119d14a42..e441e661f 100755..100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat
index 5bb322acc..0f852d7b1 100644
--- a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat
@@ -1,10 +1,10 @@
-moon::cat /var/log/daemon.log::requesting ocsp status::YES
-moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
-moon::cat /var/log/daemon.log::ocsp response is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
+moon:: cat /var/log/daemon.log::requesting ocsp status::YES
+moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon:: cat /var/log/daemon.log::ocsp response is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
carol::cat /var/log/daemon.log::requesting ocsp status::YES
carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES
carol::cat /var/log/daemon.log::ocsp response is valid::YES
carol::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf
index e2602f08a..05e27f641 100755..100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf
index 119d14a42..e441e661f 100755..100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
index f8bf0326a..7c7813cff 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
@@ -1,12 +1,12 @@
-carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::requesting ocsp status::YES
-moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
-moon::cat /var/log/daemon.log::ocsp response is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
+carol::ipsec listcainfos 2> /dev/null::ocspuris.*http://ocsp.strongswan.org::YES
+moon:: cat /var/log/daemon.log::requesting ocsp status::YES
+moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon:: cat /var/log/daemon.log::ocsp response is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
carol::cat /var/log/daemon.log::requesting ocsp status::YES
carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES
carol::cat /var/log/daemon.log::ocsp response is valid::YES
carol::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
index 4011a6c17..a1bc9b014 100755..100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf
index ce653cf08..2cec8851c 100755..100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
conn %default
keyexchange=ikev2
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
index 2e0f059c6..c31e05ef5 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
@@ -1,8 +1,8 @@
-moon::cat /var/log/daemon.log::authentication of.*carol.*successful::YES
-moon::cat /var/log/daemon.log::libcurl http request failed::YES
-moon::cat /var/log/daemon.log::certificate status is not available::YES
-moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES
-moon::ipsec status::ESTABLISHED.*carol::YES
-moon::ipsec status::ESTABLISHED.*dave::NO
-carol::ipsec status::ESTABLISHED::YES
-dave::ipsec status::ESTABLISHED::NO
+moon:: cat /var/log/daemon.log::authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::libcurl http request failed::YES
+moon:: cat /var/log/daemon.log::certificate status is not available::YES
+moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES
+moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO
+carol::ipsec status 2> /dev/null::ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf
index bce685c53..27af8e7a8 100755..100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=ifuri
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf
index 1ab63e84b..aa07085f4 100755..100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=ifuri
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf
index 401e9b567..02db316d7 100755..100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=ifuri
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat
index 777c32699..f50d5e88c 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat
@@ -1,13 +1,12 @@
-moon::cat /var/log/daemon.log::libcurl http request failed::YES
-moon::cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES
-moon::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES
-moon::cat /var/log/daemon.log::ocsp response is valid::YES
-moon::cat /var/log/daemon.log::certificate status is good::YES
+moon:: cat /var/log/daemon.log::libcurl http request failed::YES
+moon:: cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES
+moon:: cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES
+moon:: cat /var/log/daemon.log::ocsp response is valid::YES
+moon:: cat /var/log/daemon.log::certificate status is good::YES
carol::cat /var/log/daemon.log::libcurl http request failed::YES
carol::cat /var/log/daemon.log::ocsp request to.*bob.strongswan.org:8800.*failed::YES
carol::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES
carol::cat /var/log/daemon.log::ocsp response is valid::YES
carol::cat /var/log/daemon.log::certificate status is good::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
-
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
index ff312cc6b..816db6e1e 100755..100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf
index 394d94160..f307c12d0 100755..100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat
index 1b281507b..7c0a9a5a4 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat
@@ -1,7 +1,7 @@
-moon::cat /var/log/daemon.log::libcurl http request failed::YES
-moon::cat /var/log/daemon.log::certificate status is not available::YES
-moon::cat /var/log/daemon.log::constraint check failed::YES
+moon:: cat /var/log/daemon.log::libcurl http request failed::YES
+moon:: cat /var/log/daemon.log::certificate status is not available::YES
+moon:: cat /var/log/daemon.log::constraint check failed::YES
carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED::YES
-moon::ipsec status::rw.*ESTABLISHED::NO
-carol::ipsec status::home.*ESTABLISHED::NO
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf
index ef24ea191..459da1467 100755..100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf
index fe657b4a6..a464f017a 100755..100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,7 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
index 45c6ce7c5..6ba1be6b1 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
@@ -1,7 +1,7 @@
-moon::cat /var/log/daemon.log::requesting ocsp status from::YES
-moon::cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES
-moon::cat /var/log/daemon.log::ocsp response verification failed::YES
-moon::cat /var/log/daemon.log::certificate status is not available::YES
-moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
-moon::ipsec status::rw.*ESTABLISHED::NO
-carol::ipsec status::home.*ESTABLISHED::NO
+moon:: cat /var/log/daemon.log::requesting ocsp status from::YES
+moon:: cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES
+moon:: cat /var/log/daemon.log::ocsp response verification failed::YES
+moon:: cat /var/log/daemon.log::certificate status is not available::YES
+moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/ipsec.conf
index ba9779cb5..05e27f641 100755..100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/ipsec.conf
@@ -2,7 +2,6 @@
config setup
strictcrlpolicy=yes
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/ipsec.conf
index b79c056ab..e441e661f 100755..100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/ipsec.conf
@@ -2,7 +2,6 @@
config setup
strictcrlpolicy=yes
- plutostart=no
ca strongswan-ca
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/protoport-dual/evaltest.dat b/testing/tests/ikev2/protoport-dual/evaltest.dat
index bd24b911c..a65460cc8 100644
--- a/testing/tests/ikev2/protoport-dual/evaltest.dat
+++ b/testing/tests/ikev2/protoport-dual/evaltest.dat
@@ -1,7 +1,7 @@
-carol::ipsec statusall::home-icmp.*INSTALLED::YES
-carol::ipsec statusall::home-ssh.*INSTALLED::YES
-moon::ipsec statusall::rw-icmp.*INSTALLED::YES
-moon::ipsec statusall::rw-ssh.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf
index 51971a13c..e15382bad 100755..100644
--- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf
index 0d7e8db3f..bc131cd71 100755..100644
--- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/evaltest.dat b/testing/tests/ikev2/protoport-route/evaltest.dat
index 78d062918..83a5e1bde 100644
--- a/testing/tests/ikev2/protoport-route/evaltest.dat
+++ b/testing/tests/ikev2/protoport-route/evaltest.dat
@@ -2,9 +2,9 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
carol::ssh PH_IP_ALICE hostname::alice::YES
carol::cat /var/log/daemon.log::creating acquire job::YES
-carol::ipsec statusall::home-icmp.*INSTALLED::YES
-carol::ipsec statusall::home-ssh.*INSTALLED::YES
-moon::ipsec statusall::rw-icmp.*INSTALLED::YES
-moon::ipsec statusall::rw-ssh.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf
index d76a6ee17..f4d112daf 100755..100644
--- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf
index 0d7e8db3f..bc131cd71 100755..100644
--- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/evaltest.dat b/testing/tests/ikev2/reauth-early/evaltest.dat
index b4cbe2f41..1d3a35916 100644
--- a/testing/tests/ikev2/reauth-early/evaltest.dat
+++ b/testing/tests/ikev2/reauth-early/evaltest.dat
@@ -1,5 +1,5 @@
-moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES
-carol::ipsec statusall::home\[2\].*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf
index 311dc3dc5..2277bcd59 100755..100644
--- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf
index 64a7aef6d..fb09e74b3 100755..100644
--- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=30s
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/evaltest.dat b/testing/tests/ikev2/reauth-late/evaltest.dat
index c0893df65..d86758f9a 100644
--- a/testing/tests/ikev2/reauth-late/evaltest.dat
+++ b/testing/tests/ikev2/reauth-late/evaltest.dat
@@ -1,5 +1,5 @@
-moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES
-carol::ipsec statusall::home\[2\].*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES
carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf
index 32a43efac..9de0dda86 100755..100644
--- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=30s
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf
index cb5e86a66..225e2aab1 100755..100644
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=3601
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat
index 06a0f8cda..f8cfb111b 100644
--- a/testing/tests/ikev2/rw-cert/evaltest.dat
+++ b/testing/tests/ikev2/rw-cert/evaltest.dat
@@ -1,8 +1,13 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf
index bcdb8641b..dd2ceea60 100755..100644
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf
@@ -1,15 +1,13 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
+ keyexchange=ikev2
conn home
left=PH_IP_CAROL
@@ -19,5 +17,4 @@ conn home
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
- keyexchange=ikev2
auto=add
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index e070f9a27..102801a92 100644
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf
index ea8bc92a7..4c6e11f16 100755..100644
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf
@@ -1,15 +1,13 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
+ keyexchange=ikev2
conn home
left=PH_IP_DAVE
@@ -19,5 +17,4 @@ conn home
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
- keyexchange=ikev2
auto=add
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index e070f9a27..102801a92 100644
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf
index 274521386..e67d9af9b 100755..100644
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf
@@ -1,15 +1,13 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
+ keyexchange=ikev2
conn rw
left=PH_IP_MOON
@@ -18,5 +16,4 @@ conn rw
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
- keyexchange=ikev2
auto=add
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index e070f9a27..102801a92 100644
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
index 661e6cfe7..a39bf3afe 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
@@ -1,10 +1,12 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::server requested EAP_AKA authentication::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::received EAP identity.*carol::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf
index 22bba57a7..f1f761186 100755..100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
index ccf446f79..2f8bf5d9e 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf
index 16171feb3..12431486c 100755..100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
index ccf446f79..2f8bf5d9e 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
index 3064f02a6..2abfdd19b 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
@@ -1,9 +1,11 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::server requested EAP_AKA authentication::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap-aka.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf
index ba9294f6a..b4825fb82 100755..100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index d8c77f5b1..69f9845af 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf
index 3a1fd98d3..cd2e42d9f 100755..100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index d8c77f5b1..69f9845af 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-dynamic/description.txt b/testing/tests/ikev2/rw-eap-dynamic/description.txt
new file mode 100644
index 000000000..2bd9aaaac
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/description.txt
@@ -0,0 +1,5 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+<b>carol</b> uses the default <i>EAP-MD5</i> password-based client authentication
+method as proposed by EAP server <b>moon</b> whereas <b>dave</b> requests an <i>EAP-TLS</i>
+certificate-based client authentication by sending this proposal in an <i>EAP-NAK</i> message
+back to the EAP server.
diff --git a/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat
new file mode 100644
index 000000000..9c6ae73e9
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat
@@ -0,0 +1,23 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::EAP method EAP_MD5 succeeded, no MSK established::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+dave:: cat /var/log/daemon.log::requesting EAP_TLS authentication, sending EAP_NAK::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::EAP method EAP_TLS succeeded, MSK established::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..b8b628758
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_CAROL
+ leftid=carol@strongswan.org
+ leftauth=eap-md5
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightauth=pubkey
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..74942afda
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..0fd7117dd
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+}
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..981dee3cd
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn home
+ left=PH_IP_DAVE
+ leftcert=daveCert.pem
+ leftid=dave@strongswan.org
+ leftauth=eap-tls
+ leftfirewall=yes
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ rightauth=pubkey
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..0979b9afd
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5f9eedba1
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-tls updown
+}
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..191989e7b
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev2
+
+conn rw-eap
+ left=PH_IP_MOON
+ leftsubnet=10.1.0.0/16
+ leftid=@moon.strongswan.org
+ leftcert=moonCert.pem
+ leftauth=pubkey
+ leftfirewall=yes
+ rightid=*@strongswan.org
+ rightauth=eap-dynamic
+ right=%any
+ auto=add
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..c991683b8
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..a0682268d
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,12 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-md5 eap-tls eap-dynamic updown
+
+ plugins {
+ eap-dynamic {
+ prefer_user = yes
+ preferred = md5, tls
+ }
+ }
+}
diff --git a/testing/tests/ikev2/rw-eap-dynamic/posttest.dat b/testing/tests/ikev2/rw-eap-dynamic/posttest.dat
new file mode 100644
index 000000000..1777f439f
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/posttest.dat
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-dynamic/pretest.dat b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat
new file mode 100644
index 000000000..369596177
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/ikev2/nat-portswitch/test.conf b/testing/tests/ikev2/rw-eap-dynamic/test.conf
index d84149aaf..a71d09e9d 100644
--- a/testing/tests/ikev2/nat-portswitch/test.conf
+++ b/testing/tests/ikev2/rw-eap-dynamic/test.conf
@@ -5,11 +5,11 @@
# All UML instances that are required for this test
#
-UMLHOSTS="alice moon winnetou sun bob"
+UMLHOSTS="alice moon carol winnetou dave"
# Corresponding block diagram
#
-DIAGRAM="a-m-w-s-b.png"
+DIAGRAM="a-m-c-w-d.png"
# UML instances on which tcpdump is to be started
#
@@ -18,4 +18,4 @@ TCPDUMPHOSTS="moon"
# UML instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="alice sun"
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
index 3f828141c..a239b56e7 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
@@ -2,10 +2,12 @@ carol::cat /var/log/daemon.log::configured EAP-Identity carol::YES
carol::cat /var/log/daemon.log::added EAP secret for carol moon.strongswan.org::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES
-moon::cat /var/log/daemon.log::received EAP identity.*carol::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES
+moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf
index 7859ee9cc..176c1af2e 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
index fe067d344..b1b418060 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf
index c132b9ab8..ea4185355 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
index fe067d344..b1b418060 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
index 2ee440cdb..73f606be3 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
@@ -1,10 +1,12 @@
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES
-moon::cat /var/log/daemon.log::received EAP identity .*carol::YES
+moon:: cat /var/log/daemon.log::received EAP identity .*carol::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf
index 5f779d1af..881971e80 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
index fe067d344..b1b418060 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf
index 11ff84400..8ce1721f5 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
index 2a18af887..aba7eefdf 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
index 5e8dce9cf..525d987af 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
@@ -1,11 +1,11 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-
-
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf
index ba9294f6a..b4825fb82 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
index 57bd6cceb..0fd7117dd 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf
index 4a885babc..efdf6f7ed 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
index f21745bcd..f634316f8 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
index fadcdc635..dd67704eb 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
@@ -1,8 +1,10 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf
index ba9294f6a..b4825fb82 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
index 57bd6cceb..0fd7117dd 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
index 28d52b9eb..5d799a870 100755..100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
index 57bd6cceb..0fd7117dd 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
index 5b632bfe8..eafd09b80 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
@@ -1,10 +1,12 @@
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES
carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES
-moon::cat /var/log/daemon.log::received EAP identity.*carol::YES
-moon::cat /var/log/daemon.log::authentication of .*PH_IP_CAROL.* with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES
+moon:: cat /var/log/daemon.log::authentication of .*PH_IP_CAROL.* with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf
index c1497ca0e..59a0d66c3 100755..100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
index fd717317c..66dee832b 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf
index a4a45f06c..086a734e3 100755..100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
index fd717317c..66dee832b 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
index 0908e1c97..871d3b931 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
@@ -3,17 +3,21 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
-dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
-dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-moon::cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
+dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap\[1]: ESTABLISHED.*CN=moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap\[2]: ESTABLISHED.*CN=moon.strongswan.org.*dave@stronswan.org::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*CN=moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*CN=moon.strongswan.org::NO
+moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf
index 2f8b9dfda..dd1b89302 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -17,6 +16,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
index fd5d3f5f4..e9958df28 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf
index 3a29329d5..a46071a3a 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -17,6 +16,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
index fd5d3f5f4..e9958df28 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf
index 129486c05..d12eafbb2 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
index f5024111c..5f00ef57f 100644
--- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
plugins {
eap-peap {
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
index 8743b9643..643b2c39d 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
@@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
-dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
-dave::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-moon::cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MSCHAPV2 successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
+dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+dave:: cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MSCHAPV2 successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@stronswan.org::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf
index 2f8b9dfda..dd1b89302 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -17,6 +16,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
index 2cbfb2484..613ceee06 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf
index 3a29329d5..a46071a3a 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -17,6 +16,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
index 2cbfb2484..613ceee06 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf
index 129486c05..d12eafbb2 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
index 19d12447f..58e8df0da 100644
--- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
plugins {
eap-peap {
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
index 39a24f15e..81244bd85 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
@@ -3,19 +3,17 @@ carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
-dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
-moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES
+dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-
-
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf
index b2eef5785..944546ff8 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
index 2c06d26a6..0e20d1c68 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf
index 3c8ea5c58..b1a22e78a 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
index 2c06d26a6..0e20d1c68 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf
index fc8f84638..98e2525ba 100755..100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
index 4d2d3058d..38d78e7a0 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
index 4305a1400..7f1def4a5 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
@@ -1,12 +1,12 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-moon::cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
+moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-
-
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf
index d3a99fe41..97ce965a0 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -12,7 +11,6 @@ conn %default
conn home
left=PH_IP_CAROL
- leftnexthop=%direct
leftid=carol@strongswan.org
leftfirewall=yes
leftauth=eap
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
index 7b4ab49e4..8e872ddae 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf
index a86bb3d73..8216627ba 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
index 2a18af887..aba7eefdf 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
index 852d424af..f2654766a 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
@@ -1,15 +1,15 @@
carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
-moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf
index 11b9f0d71..0e6090c40 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -17,5 +16,6 @@ conn home
leftauth=eap
right=PH_IP_MOON
rightid=@moon.strongswan.org
+ rightauth=any
rightsubnet=10.1.0.0/16
auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
index e468cd4f9..691bec865 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf
index dca65c09f..0507a6b6c 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
index e468cd4f9..691bec865 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf
index e3f4694bd..b80a47bf1 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
index f21745bcd..f634316f8 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
index b4d66adc6..8e12c29d0 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
@@ -1,15 +1,15 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
-moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf
index 4f0d40b3e..951008d2b 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -9,13 +8,14 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_CAROL
leftid=carol@strongswan.org
+ leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
+ rightauth=pubkey
rightsubnet=10.1.0.0/16
auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
index e468cd4f9..691bec865 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf
index 511eb6172..a9d04ebfa 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -9,13 +8,14 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=eap
conn home
left=PH_IP_DAVE
leftid=dave@strongswan.org
+ leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
+ rightauth=pubkey
rightsubnet=10.1.0.0/16
auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
index e468cd4f9..691bec865 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf
index 825994278..a246bd172 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
@@ -13,13 +11,14 @@ conn %default
conn rw-eap
authby=rsasig
- eap=radius
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
+ leftauth=pubkey
leftcert=moonCert.pem
leftfirewall=yes
rightid=*@strongswan.org
+ rightauth=eap-radius
rightsendcert=never
right=%any
auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
index f21745bcd..f634316f8 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
index 53c7e71ce..ade9306cf 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
@@ -1,10 +1,10 @@
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap-sim.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap-sim.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap-sim.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-
-
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf
index ba9294f6a..b4825fb82 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
index 0add0f360..8caa11c97 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
index ea62749be..ab49aa0f3 100755..100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
index 527cb2b37..6c8911e5a 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
index f4d534051..4db0a30b4 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
@@ -1,9 +1,9 @@
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.d.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
index 889a47d80..b7b27b720 100755..100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
@@ -18,6 +17,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=strongSwan Project, CN=moon.d.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
index dc0bcdff5..535b37210 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
plugins {
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
index 9f979e17b..ee4bfd27d 100755..100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
charondebug="tls 2"
conn %default
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
index dc0bcdff5..535b37210 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
plugins {
diff --git a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
index 1e9bdb2af..96417face 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
@@ -1,9 +1,9 @@
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
index 3aeab002f..4272d98be 100755..100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -17,6 +16,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index 4e47e632c..2eb2adc78 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
index 430211020..b9a58e902 100755..100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index 4e47e632c..2eb2adc78 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
index f0a674063..21190669e 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
@@ -1,11 +1,9 @@
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with RSA signature successful::YES
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-
-
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
index 4f4c8abcf..fc6f1e633 100755..100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
index 4e47e632c..2eb2adc78 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf
index be907f839..deadcff6d 100755..100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
index ab71e5908..5bf9dc03b 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
index 9586fe558..941bb2985 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
@@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
-dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
-dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-moon::cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
+dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
index 967598643..8ff3c2ab6 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
@@ -18,6 +17,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
index 96620d0c2..32b4d2eb1 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
index ad1255212..367c0b527 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
@@ -18,6 +17,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
index 96620d0c2..32b4d2eb1 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
index d37848bac..cd93a48e7 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
charondebug="tls 2"
conn %default
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
index a68a74712..9401ffb00 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
plugins {
eap-ttls {
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
index 9586fe558..941bb2985 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
@@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
-dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
-dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-moon::cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
+dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
+dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
index 967598643..8ff3c2ab6 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
@@ -18,6 +17,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
index 378bdc540..8de5ec68f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
index ad1255212..367c0b527 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
@@ -18,6 +17,7 @@ conn home
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
index 378bdc540..8de5ec68f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
index d37848bac..cd93a48e7 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
charondebug="tls 2"
conn %default
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
index b065251ea..c730346a6 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
plugins {
eap-ttls {
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
index 2c0f65159..ff08ae792 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
@@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
-dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
-moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::NO
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES
+dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
+moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
index 97a2e02c9..5b1ac90a3 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 96620d0c2..32b4d2eb1 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
index d388060be..8aa168745 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
charondebug="tls 2"
conn %default
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 96620d0c2..32b4d2eb1 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf
index fc8f84638..98e2525ba 100755..100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
index ab71e5908..5bf9dc03b 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
eap-radius {
diff --git a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
index fe2a8d063..c52036028 100644
--- a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
+++ b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
@@ -1,14 +1,18 @@
-moon::cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES
-moon::cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES
carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
-dave::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+dave:: cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf
index 77046eb7d..acf5789d8 100755..100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
index d9349846c..b294b7c22 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf
index febaf9be2..1e1439560 100755..100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
index d9349846c..b294b7c22 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf
index cbc60000a..cd626a720 100755..100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
index d9349846c..b294b7c22 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat
index c248a508a..4a93dc921 100644
--- a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat
+++ b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat
@@ -1,9 +1,9 @@
-alice::ipsec statusall::home.*INSTALLED::YES
-venus::ipsec statusall::home.*INSTALLED::YES
-sun::ipsec statusall::alice.*ESTABLISHED.*alice@strongswan.org::YES
-sun::ipsec statusall::venus.*ESTABLISHED.*venus.strongswan.org::YES
-sun::ipsec statusall::alice.*10.2.0.0/16 === 10.1.0.0/25::YES
-sun::ipsec statusall::venus.*10.2.0.0/16 === 10.1.0.0/25::YES
+alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES
+sun:: ipsec statusall 2>::venus.*10.2.0.0/16 === 10.1.0.0/25::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
moon::tcpdump::IP alice.strongswan.org > sun.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf
index dd0240b07..726aa616b 100755..100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
index 5fa211c2a..4b549cbd5 100755..100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
charondebug="knl 2"
conn %default
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf
index 4af93df8d..cb9b27ed7 100755..100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-pkcs8/evaltest.dat b/testing/tests/ikev2/rw-pkcs8/evaltest.dat
index 06a0f8cda..b545c2289 100644
--- a/testing/tests/ikev2/rw-pkcs8/evaltest.dat
+++ b/testing/tests/ikev2/rw-pkcs8/evaltest.dat
@@ -1,10 +1,14 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf
index bcdb8641b..e72f78742 100755..100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
index 3c22edc23..9802ea724 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf
index ea8bc92a7..65c9819bb 100755..100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
index 3c22edc23..9802ea724 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf
index 274521386..1ee751360 100755..100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
index 9333bcdf4..597aebf61 100644
--- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/description.txt b/testing/tests/ikev2/rw-psk-fqdn/description.txt
index d4a7c3878..47f6968ae 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/description.txt
+++ b/testing/tests/ikev2/rw-psk-fqdn/description.txt
@@ -1,6 +1,6 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
-and fully qualified domain names. Upon the successful establishment of the IPsec tunnels,
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
let pass the tunneled traffic. In order to test both tunnel and firewall, both
<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
index 06a0f8cda..683173c30 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
@@ -1,8 +1,14 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
index 6c821010a..594affa28 100755..100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
index 1af9be7f7..57f7303be 100755..100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
index 97edc9047..8dc61b0b3 100755..100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/description.txt b/testing/tests/ikev2/rw-psk-ipv4/description.txt
index 4eb66c540..b4aaa6a6a 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/description.txt
+++ b/testing/tests/ikev2/rw-psk-ipv4/description.txt
@@ -1,6 +1,6 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
-and IPv4 addresses. Upon the successful establishment of the IPsec tunnels,
+and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels,
<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
let pass the tunneled traffic. In order to test both tunnel and firewall, both
<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
index 06a0f8cda..1ad36fcaf 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
@@ -1,8 +1,13 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*\[192.168.0.1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*\[192.168.0.1]::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
index 5990f6875..13b737a91 100755..100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
index bdd50899a..27c70c125 100755..100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
index b99f43ef4..335977da6 100755..100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
index 06a0f8cda..b545c2289 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
@@ -1,10 +1,14 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.conf
index 150687104..5bc8dbe3f 100755..100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
index 882ea04a5..924fd4757 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf
index 2397d6d6d..315634745 100755..100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
index 882ea04a5..924fd4757 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.conf
index 97edc9047..8dc61b0b3 100755..100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
index 882ea04a5..924fd4757 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+ load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
index 236684c57..51e868760 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
@@ -1,15 +1,14 @@
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES
-moon::cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-shared key::YES
-moon::ipsec statusall::rw-psk.*INSTALLED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES
-moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES
-moon::ipsec statusall::rw-rsasig.*INSTALLED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-shared key::YES
+moon:: ipsec status 2> /dev/null::rw-psk.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*\[192.168.0.1]::YES
+moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES
+moon:: ipsec status 2> /dev/null::rw-rsasig.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf
index 78c33df12..ee62325b7 100755..100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf
index e533b4b4e..65c9819bb 100755..100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- crlcheckinterval=180
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf
index 004993d94..c86e82b64 100755..100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
index 0e5bd03db..9a1ab3f8f 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
@@ -1,11 +1,16 @@
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES
-moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf
index da59dfdae..72e2f7d4a 100755..100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
@@ -11,14 +8,15 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=secret
conn home
left=PH_IP_CAROL
leftsourceip=%config
leftid=carol@strongswan.org
+ leftauth=psk
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
+ rightauth=pubkey
rightsubnet=10.1.0.0/16
auto=add
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf
index f09d46c5b..cd7c7ae7f 100755..100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
@@ -11,14 +8,15 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- authby=secret
conn home
left=PH_IP_DAVE
leftsourceip=%config
leftid=dave@strongswan.org
+ leftauth=psk
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
+ rightauth=pubkey
rightsubnet=10.1.0.0/16
auto=add
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf
index fb4b9ed3a..5e743101a 100755..100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
@@ -14,9 +13,11 @@ conn rw
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
+ leftauth=pubkey
leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
+ rightauth=psk
rightsourceip=10.3.0.0/28
rightsendcert=never
auto=add
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat
index d23d6360b..5c453f8b4 100644
--- a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat
+++ b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat
@@ -1,15 +1,14 @@
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES
-moon::cat /var/log/daemon.log::received EAP identity .*carol::YES
+moon:: cat /var/log/daemon.log::received EAP identity .*carol::YES
carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::ping -c 5 -s 1392 PH_IP_ALICE::1400 bytes from PH_IP_ALICE::YES
-carol::ipsec down home::no output expected::NO
+carol::ipsec down home 2> /dev/null::no output expected::NO
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
alice::cat /var/log/radius/radacct/10.1.0.1/*::User-Name =.*carol::YES
alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Output-Octets = 7100::YES
alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Input-Octets = 7100::YES
-
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf
index 5f779d1af..881971e80 100755..100644
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
index fe067d344..b1b418060 100644
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
}
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf
index 11ff84400..8ce1721f5 100755..100644
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
index 52927c1fd..3bf573f5d 100644
--- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-radius-accounting/test.conf b/testing/tests/ikev2/rw-radius-accounting/test.conf
index e0d77b583..f2d20e984 100644
--- a/testing/tests/ikev2/rw-radius-accounting/test.conf
+++ b/testing/tests/ikev2/rw-radius-accounting/test.conf
@@ -5,11 +5,11 @@
# All UML instances that are required for this test
#
-UMLHOSTS="alice carol moon"
+UMLHOSTS="alice moon carol winnetou"
# Corresponding block diagram
#
-DIAGRAM="a-m-c.png"
+DIAGRAM="a-m-c-w.png"
# UML instances on which tcpdump is to be started
#
@@ -23,4 +23,3 @@ IPSECHOSTS="moon carol"
# UML instances on which FreeRadius is started
#
RADIUSHOSTS="alice"
-
diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat
index 733cfd844..d6f71d7c0 100644
--- a/testing/tests/ikev2/rw-whitelist/evaltest.dat
+++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat
@@ -1,14 +1,14 @@
-moon::cat /var/log/daemon.log::whitelist functionality was already enabled::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES
-moon::cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES
-carol::ipsec status::home.*INSTALLED::YES
+moon:: cat /var/log/daemon.log::whitelist functionality was already enabled::YES
+moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES
+moon:: cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES
-dave::ipsec status::home.*INSTALLED::NO
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::NO
+dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf
index a19f6cfae..8c6c28bd6 100755..100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf
index 1a89f4e5d..72b8a59c0 100755..100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf
index 0b4cded6c..85c48a7bb 100755..100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
index 938b45518..984985a1a 100644
--- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown
plugins {
whitelist {
enable = yes
diff --git a/testing/tests/ikev2/shunt-policies/evaltest.dat b/testing/tests/ikev2/shunt-policies/evaltest.dat
index 2f6e1a91f..f40437e3e 100644
--- a/testing/tests/ikev2/shunt-policies/evaltest.dat
+++ b/testing/tests/ikev2/shunt-policies/evaltest.dat
@@ -1,16 +1,16 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO
venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-moon::ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
venus::ssh PH_IP_BOB hostname::bob::YES
-bob::ssh PH_IP_VENUS hostname::venus::YES
+bob:: ssh PH_IP_VENUS hostname::venus::YES
diff --git a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf
index a4958f295..90a5d61b1 100755..100644
--- a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf
index a2e9134c0..a5cd14b30 100644
--- a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
install_routes = no
}
diff --git a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf
index c3b36fb7c..cd8ea23c3 100755..100644
--- a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf
index cb17a9e07..8e685c862 100644
--- a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/ikev2/strong-keys-certs/evaltest.dat b/testing/tests/ikev2/strong-keys-certs/evaltest.dat
index 06a0f8cda..b545c2289 100644
--- a/testing/tests/ikev2/strong-keys-certs/evaltest.dat
+++ b/testing/tests/ikev2/strong-keys-certs/evaltest.dat
@@ -1,10 +1,14 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf
index a7b55db24..732966f20 100755..100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf
index 080073cd3..13636bc1e 100755..100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
index f33f26797..f36555445 100755..100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat
index d32e32660..f50e7c30d 100644
--- a/testing/tests/ikev2/two-certs/evaltest.dat
+++ b/testing/tests/ikev2/two-certs/evaltest.dat
@@ -1,12 +1,11 @@
-moon::cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES
-moon::ipsec statusall::alice.*INSTALLED::YES
-carol::ipsec statusall::alice.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/daemon.log::signature validation failed, looking for another key::YES
-moon::cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES
-moon::ipsec statusall::venus.*INSTALLED::YES
-carol::ipsec statusall::venus.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES
+moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf
index 08b95659f..a0f44e312 100755..100644
--- a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
uniqueids=no
strictcrlpolicy=yes
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
index a93ccbc9a..dac656243 100755..100644
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,8 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
uniqueids=no
- plutostart=no
+ strictcrlpolicy=yes
ca strongswan
cacert=strongswanCert.pem
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/evaltest.dat b/testing/tests/ikev2/virtual-ip-override/evaltest.dat
index 34ccb76ca..cb023b1fc 100644
--- a/testing/tests/ikev2/virtual-ip-override/evaltest.dat
+++ b/testing/tests/ikev2/virtual-ip-override/evaltest.dat
@@ -1,13 +1,17 @@
-moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-dave::ipsec statusall::home.*INSTALLED::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO
-moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES
-moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO
+moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::src PH_IP_CAROL1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::src PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::src PH_IP_DAVE1::YES
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf
index c9867c7d4..62c30cf28 100755..100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf
index 98dd99271..fa99a4c86 100755..100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf
index bafd1b155..a8cf08544 100755..100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
@@ -13,7 +10,6 @@ conn %default
keyexchange=ikev2
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
- leftsourceip=PH_IP_MOON1
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftfirewall=yes
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat
index e3c3c7f3c..dd3143ae7 100644
--- a/testing/tests/ikev2/virtual-ip/evaltest.dat
+++ b/testing/tests/ikev2/virtual-ip/evaltest.dat
@@ -1,21 +1,25 @@
-moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES
-moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-dave::ipsec statusall::home.*INSTALLED::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
-moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES
-moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES
-moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
carol::ip route list table 220::src PH_IP_CAROL1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::src PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::src PH_IP_DAVE1::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf
index c9867c7d4..62c30cf28 100755..100644
--- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf
index b58ba5460..3ecb3b830 100755..100644
--- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf
index fb7abe556..42e4ff453 100755..100644
--- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
index 339b56987..dc937641c 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
diff --git a/testing/tests/ikev2/wildcards/evaltest.dat b/testing/tests/ikev2/wildcards/evaltest.dat
index 2bc83eacd..4789640ec 100644
--- a/testing/tests/ikev2/wildcards/evaltest.dat
+++ b/testing/tests/ikev2/wildcards/evaltest.dat
@@ -1,8 +1,8 @@
-carol::ipsec status::alice.*PH_IP_CAROL.*PH_IP_ALICE::YES
-moon::ipsec status::alice.*PH_IP_ALICE.*PH_IP_CAROL::YES
-carol::ipsec status::venus.*PH_IP_CAROL.*PH_IP_VENUS::NO
-moon::ipsec status::venus.*PH_IP_VENUS.*PH_IP_CAROL::NO
-dave::ipsec status::venus.*PH_IP_DAVE.*PH_IP_VENUS::YES
-moon::ipsec status::venus.*PH_IP_VENUS.*PH_IP_DAVE::YES
-dave::ipsec status::alice.*PH_IP_DAVE.*PH_IP_ALICE::NO
-moon::ipsec status::alice.*PH_IP_ALICE.*PH_IP_DAVE::NO
+carol::ipsec status 2> /dev/null::alice..*PH_IP_CAROL.*PH_IP_ALICE::YES
+moon:: ipsec status 2> /dev/null::alice.*PH_IP_ALICE.*PH_IP_CAROL::YES
+carol::ipsec status 2> /dev/null::venus.*PH_IP_CAROL.*PH_IP_VENUS::NO
+moon:: ipsec status 2> /dev/null::venus.*PH_IP_VENUS.*PH_IP_CAROL::NO
+dave:: ipsec status 2> /dev/null::venus.*PH_IP_DAVE.*PH_IP_VENUS::YES
+moon:: ipsec status 2> /dev/null::venus.*PH_IP_VENUS.*PH_IP_DAVE::YES
+dave:: ipsec status 2> /dev/null::alice.*PH_IP_DAVE.*PH_IP_ALICE::NO
+moon:: ipsec status 2> /dev/null::alice.*PH_IP_ALICE.*PH_IP_DAVE::NO
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf
index 043160a0f..2ff604dfa 100755..100644
--- a/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf
index a01676be3..fbdc9c6a3 100755..100644
--- a/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf
index 0523d56dd..a8183f59e 100755..100644
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf
@@ -1,9 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
- plutostart=no
conn %default
ikelifetime=60m
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
index 88f162098..85d8c191f 100644
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
}