New upstream version 5.7.2

5 files changed, 37 insertions, 27 deletions

diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 195710a7f..000000000
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-	ike=aes128-sha256-modp3072!
-	esp=aes128gcm16!
-	mobike=no
-
-conn net-net 
-	left=PH_IP_MOON
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	rightsubnet=10.2.0.0/16
-	auto=add
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 802cfc681..000000000
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: P12 moonCert.p12 "kUqd8O7mzbjXNJKQ"
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
index 2448837f3..a8ed13448 100644
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = pem nonce revocation openssl curl stroke kernel-netlink socket-default updown
+  load = pem nonce revocation openssl curl vici kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/swanctl/pkcs12/moonCert.p12
index 365da741f..365da741f 100644
--- a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/swanctl/pkcs12/moonCert.p12
diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b11cf0f3e
--- /dev/null
+++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+   gw-gw {
+      local_addrs  = 192.168.0.1
+      remote_addrs = 192.168.0.2
+
+      local {
+         auth = pubkey
+         id = moon.strongswan.org
+      }
+      remote {
+         auth = pubkey
+         id = sun.strongswan.org
+      }
+      children {
+         net-net {
+            local_ts  = 10.1.0.0/16
+            remote_ts = 10.2.0.0/16
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128gcm128-modp3072
+         }
+      }
+      version = 2
+      mobike = no
+      proposals = aes128-sha256-modp3072
+   }
+}
+
+secrets {
+
+   pkcs12-moon {
+      file = moonCert.p12
+      secret = "kUqd8O7mzbjXNJKQ"
+   }
+}