diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2013-01-02 14:18:20 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2013-01-02 14:18:20 +0100 |
commit | c1343b3278cdf99533b7902744d15969f9d6fdc1 (patch) | |
tree | d5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /testing/tests/p2pnat | |
parent | b34738ed08c2227300d554b139e2495ca5da97d6 (diff) | |
download | vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip |
Imported Upstream version 5.0.1
Diffstat (limited to 'testing/tests/p2pnat')
14 files changed, 35 insertions, 45 deletions
diff --git a/testing/tests/p2pnat/behind-same-nat/evaltest.dat b/testing/tests/p2pnat/behind-same-nat/evaltest.dat index e59334db9..8c79a28c1 100644 --- a/testing/tests/p2pnat/behind-same-nat/evaltest.dat +++ b/testing/tests/p2pnat/behind-same-nat/evaltest.dat @@ -1,11 +1,11 @@ -alice::ipsec statusall::medsrv.*ESTABLISHED::YES -venus::ipsec statusall::medsrv.*ESTABLISHED::YES -carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_MOON.*6cu1UTVw@medsrv.org::YES -carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_MOON.*F1ubAio8@medsrv.org::YES +alice::ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*6cu1UTVw@medsrv.org.*carol@strongswan.org::YES +venus::ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*F1ubAio8@medsrv.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*PH_IP_MOON.*6cu1UTVw@medsrv.org::YES +carol::ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*PH_IP_MOON.*F1ubAio8@medsrv.org::YES alice::cat /var/log/daemon.log::received ME_CALLBACK::YES -alice::ipsec statusall::peer.*ESTABLISHED::YES -venus::ipsec statusall::peer.*ESTABLISHED::YES -alice::ipsec statusall::peer.*INSTALLED::YES -venus::ipsec statusall::peer.*INSTALLED::YES +alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice@strongswan.org.*venus.strongswan.org::YES +venus::ipsec status 2> /dev/null::peer.*ESTABLISHED.*venus.strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES +venus::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf index b47f157f6..4e70be4a0 100755..100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m @@ -19,10 +16,11 @@ conn %default conn medsrv leftid=6cu1UTVw@medsrv.org + leftauth=psk right=PH_IP_CAROL rightid=carol@strongswan.org + rightauth=pubkey mediation=yes - authby=psk auto=add conn peer diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/ipsec.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/ipsec.conf index e38922cf4..4e8a50fb9 100755..100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/ipsec.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m @@ -19,7 +16,9 @@ conn medsrv left=PH_IP_CAROL leftcert=carolCert.pem leftid=carol@strongswan.org + leftauth=pubkey leftfirewall=yes right=%any + rightauth=psk mediation=yes auto=add diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf index 3943c361e..4baa7b59f 100755..100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m @@ -19,9 +16,10 @@ conn %default conn medsrv leftid=F1ubAio8@medsrv.org + leftauth=psk right=PH_IP_CAROL rightid=carol@strongswan.org - authby=psk + rightauth=pubkeye mediation=yes auto=start diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/evaltest.dat b/testing/tests/p2pnat/medsrv-psk/evaltest.dat index ba14bb858..1b89c7ebe 100644 --- a/testing/tests/p2pnat/medsrv-psk/evaltest.dat +++ b/testing/tests/p2pnat/medsrv-psk/evaltest.dat @@ -1,12 +1,12 @@ -alice::ipsec statusall::medsrv.*ESTABLISHED::YES -bob::ipsec statusall::medsrv.*ESTABLISHED::YES -carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_MOON.*6cu1UTVw@medsrv.org::YES -carol::ipsec statusall::medsrv.*ESTABLISHED.*PH_IP_SUN.*v9oEPMz@medsrv.org::YES -alice::ipsec statusall::peer.*ESTABLISHED::YES -bob::ipsec statusall::peer.*ESTABLISHED::YES -alice::ipsec statusall::peer.*INSTALLED::YES -bob::ipsec statusall::peer.*INSTALLED::YES +alice::ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*6cu1UTVw@medsrv.org.*carol@strongswan.org::YES +bob:: ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*av9oEPMz@medsrv.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*PH_IP_MOON.*6cu1UTVw@medsrv.org::YES +carol::ipsec status 2> /dev/null::medsrv.*ESTABLISHED.*PH_IP_SUN.*v9oEPMz@medsrv.org::YES +alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES +bob:: ipsec status 2> /dev/null::peer.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES +bob:: ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES moon::tcpdump::IP sun.strongswan.org.* > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf index 99a50d5d8..6ac413a1b 100755..100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m @@ -19,10 +16,11 @@ conn %default conn medsrv leftid=6cu1UTVw@medsrv.org + leftauth=psk right=PH_IP_CAROL rightid=carol@strongswan.org + rightauth=pubkey mediation=yes - authby=psk auto=add conn peer diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf index 39dee8521..fb95f5637 100755..100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m @@ -19,9 +16,10 @@ conn %default conn medsrv leftid=av9oEPMz@medsrv.org + leftauth=psk right=PH_IP_CAROL rightid=carol@strongswan.org - authby=psk + rightauth=pubkey mediation=yes auto=start diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/ipsec.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/ipsec.conf index e38922cf4..4e8a50fb9 100755..100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/ipsec.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m @@ -19,7 +16,9 @@ conn medsrv left=PH_IP_CAROL leftcert=carolCert.pem leftid=carol@strongswan.org + leftauth=pubkey leftfirewall=yes right=%any + rightauth=psk mediation=yes auto=add diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } |