diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
| commit | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch) | |
| tree | ae0c8b5f4cd8289d0797882ea18969f33ea59a1e /testing/tests/swanctl | |
| parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
| download | vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip | |
New upstream version 5.6.1
Diffstat (limited to 'testing/tests/swanctl')
193 files changed, 648 insertions, 1002 deletions
diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf index 1f367c2a0..ad4c18e43 100755 --- a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf index 1f367c2a0..ad4c18e43 100755 --- a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf index ff6e7193e..ad4c18e43 100755 --- a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf @@ -1,15 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - pools = /usr/local/sbin/swanctl --load-pools - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/config-payload/posttest.dat b/testing/tests/swanctl/config-payload/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/config-payload/posttest.dat +++ b/testing/tests/swanctl/config-payload/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/config-payload/pretest.dat b/testing/tests/swanctl/config-payload/pretest.dat index 9c281d032..706c08b5f 100755 --- a/testing/tests/swanctl/config-payload/pretest.dat +++ b/testing/tests/swanctl/config-payload/pretest.dat @@ -2,9 +2,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules moon::cat /etc/swanctl/swanctl_base.conf -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw-carol carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf index 61ff4005b..48e34abba 100644 --- a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - cache_crls = yes } diff --git a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf index 61ff4005b..48e34abba 100644 --- a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - cache_crls = yes } diff --git a/testing/tests/swanctl/crl-to-cache/posttest.dat b/testing/tests/swanctl/crl-to-cache/posttest.dat index 210685a90..58dfa27b8 100644 --- a/testing/tests/swanctl/crl-to-cache/posttest.dat +++ b/testing/tests/swanctl/crl-to-cache/posttest.dat @@ -1,4 +1,4 @@ -carol::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::rm /etc/swanctl/x509crl/* carol::rm /etc/swanctl/x509crl/* diff --git a/testing/tests/swanctl/crl-to-cache/pretest.dat b/testing/tests/swanctl/crl-to-cache/pretest.dat index 8f72f9cc7..b9e2a8eee 100644 --- a/testing/tests/swanctl/crl-to-cache/pretest.dat +++ b/testing/tests/swanctl/crl-to-cache/pretest.dat @@ -1,5 +1,5 @@ -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf index dda67e0fc..9932df379 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf index dda67e0fc..9932df379 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf index 1f1e0a652..c00d3dc4b 100755 --- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf @@ -4,14 +4,9 @@ swanctl { load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - plugins { dhcp { server = 10.1.255.255 diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/dhcp-dynamic/posttest.dat index 87e731511..37e8b02d8 100644 --- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl venus::cat /var/state/dhcp/dhcpd.leases venus::server isc-dhcp-server stop 2> /dev/null moon::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/dhcp-dynamic/pretest.dat b/testing/tests/swanctl/dhcp-dynamic/pretest.dat index fd3d1bf5b..ace13851a 100644 --- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat +++ b/testing/tests/swanctl/dhcp-dynamic/pretest.dat @@ -3,9 +3,9 @@ carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules venus::cat /etc/dhcp/dhcpd.conf venus::service isc-dhcp-server start 2> /dev/null -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf index 2a7eaaa15..6081084f7 100755 --- a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici fragment_size = 1400 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf index 2a7eaaa15..6081084f7 100755 --- a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici fragment_size = 1400 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf index 2a7eaaa15..6081084f7 100755 --- a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici fragment_size = 1400 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/frags-ipv4/posttest.dat b/testing/tests/swanctl/frags-ipv4/posttest.dat index 17e36599c..2b4cc0c1a 100755 --- a/testing/tests/swanctl/frags-ipv4/posttest.dat +++ b/testing/tests/swanctl/frags-ipv4/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home 2> /dev/null dave::swanctl --terminate --ike home 2> /dev/null -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/frags-ipv4/pretest.dat b/testing/tests/swanctl/frags-ipv4/pretest.dat index 762c35418..dd1a17ccb 100755 --- a/testing/tests/swanctl/frags-ipv4/pretest.dat +++ b/testing/tests/swanctl/frags-ipv4/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf index f9c0ace55..6081084f7 100755 --- a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf @@ -1,17 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici fragment_size = 1400 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - auth = /usr/local/sbin/swanctl --load-authorities - } } diff --git a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf index f9c0ace55..6081084f7 100755 --- a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf @@ -1,17 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici fragment_size = 1400 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - auth = /usr/local/sbin/swanctl --load-authorities - } } diff --git a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf index f9c0ace55..6081084f7 100755 --- a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf @@ -1,17 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici fragment_size = 1400 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - auth = /usr/local/sbin/swanctl --load-authorities - } } diff --git a/testing/tests/swanctl/frags-ipv6/posttest.dat b/testing/tests/swanctl/frags-ipv6/posttest.dat index 39b16a9be..07434159c 100755 --- a/testing/tests/swanctl/frags-ipv6/posttest.dat +++ b/testing/tests/swanctl/frags-ipv6/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home 2> /dev/null dave::swanctl --terminate --ike home 2> /dev/null -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/frags-ipv6/pretest.dat b/testing/tests/swanctl/frags-ipv6/pretest.dat index 9593ac9f8..131ec9937 100755 --- a/testing/tests/swanctl/frags-ipv6/pretest.dat +++ b/testing/tests/swanctl/frags-ipv6/pretest.dat @@ -7,9 +7,9 @@ dave::ip6tables-restore < /etc/ip6tables.rules alice::"ip route add fec0:\:/16 via fec1:\:1" carol::"ip route add fec1:\:/16 via fec0:\:1" dave::"ip route add fec1:\:/16 via fec0:\:1" -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf index 11b1576e4..886b31f9b 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf index be90bde25..886b31f9b 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf index 885d986c3..31cf56d24 100755 --- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici plugins { attr-sql { @@ -21,4 +16,5 @@ charon { pool { load = sqlite + database = sqlite:///etc/db.d/ipsec.db } diff --git a/testing/tests/swanctl/ip-pool-db/posttest.dat b/testing/tests/swanctl/ip-pool-db/posttest.dat index 2644b3941..9767f38a5 100755 --- a/testing/tests/swanctl/ip-pool-db/posttest.dat +++ b/testing/tests/swanctl/ip-pool-db/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/ip-pool-db/pretest.dat b/testing/tests/swanctl/ip-pool-db/pretest.dat index 955a3c9be..9573581df 100755 --- a/testing/tests/swanctl/ip-pool-db/pretest.dat +++ b/testing/tests/swanctl/ip-pool-db/pretest.dat @@ -7,9 +7,9 @@ moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf index 67e5a616a..ad4c18e43 100755 --- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf @@ -1,15 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - pools = /usr/local/sbin/swanctl --load-pools - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/ip-pool/posttest.dat b/testing/tests/swanctl/ip-pool/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/ip-pool/posttest.dat +++ b/testing/tests/swanctl/ip-pool/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/ip-pool/pretest.dat b/testing/tests/swanctl/ip-pool/pretest.dat index 762c35418..dd1a17ccb 100755 --- a/testing/tests/swanctl/ip-pool/pretest.dat +++ b/testing/tests/swanctl/ip-pool/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/manual-prio/posttest.dat b/testing/tests/swanctl/manual-prio/posttest.dat index fd9726374..c9dcaa167 100755 --- a/testing/tests/swanctl/manual-prio/posttest.dat +++ b/testing/tests/swanctl/manual-prio/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 carol::ip route del 10.1.0.0/16 via 192.168.0.1 dave::ip route del 10.1.0.0/16 via 192.168.0.1 diff --git a/testing/tests/swanctl/manual-prio/pretest.dat b/testing/tests/swanctl/manual-prio/pretest.dat index 8613a0189..ba345ffea 100755 --- a/testing/tests/swanctl/manual-prio/pretest.dat +++ b/testing/tests/swanctl/manual-prio/pretest.dat @@ -1,9 +1,9 @@ winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 carol::ip route add 10.1.0.0/16 via 192.168.0.1 dave::ip route add 10.1.0.0/16 via 192.168.0.1 -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf index 7e2ee002e..54b79b35d 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf index 7e2ee002e..54b79b35d 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf index 40b0c5962..b18ba6809 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf @@ -1,13 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat index 25354d363..010a4f9c4 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat @@ -1,4 +1,4 @@ -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl alice::killall radiusd diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat index a6909c89f..57d39a5e6 100644 --- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat +++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat @@ -5,9 +5,9 @@ alice::cat /etc/freeradius/triplets.dat carol::cat /etc/ipsec.d/triplets.dat dave::cat /etc/ipsec.d/triplets.dat alice::radiusd -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf index 7c5aca6bf..f3b571a1b 100644 --- a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf index 7c5aca6bf..f3b571a1b 100644 --- a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf index 6d368f08b..f3b571a1b 100644 --- a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -1,15 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - auths = /usr/local/sbin/swanctl --load-authorities - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/multi-level-ca/posttest.dat b/testing/tests/swanctl/multi-level-ca/posttest.dat index acac04a3b..53013d08d 100644 --- a/testing/tests/swanctl/multi-level-ca/posttest.dat +++ b/testing/tests/swanctl/multi-level-ca/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home 2> /dev/null dave::swanctl --terminate --ike home 2> /dev/null -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null -carol::rm -r /etc/swanctl -dave::rm -r /etc/swanctl -moon::rm -r /etc/swanctl +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/* +dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/* +moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/* diff --git a/testing/tests/swanctl/multi-level-ca/pretest.dat b/testing/tests/swanctl/multi-level-ca/pretest.dat index 4c1be2e14..e7f2ef179 100644 --- a/testing/tests/swanctl/multi-level-ca/pretest.dat +++ b/testing/tests/swanctl/multi-level-ca/pretest.dat @@ -1,6 +1,6 @@ -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection research carol::expect-connection alice carol::swanctl --initiate --child alice 2> /dev/null diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-cert/posttest.dat b/testing/tests/swanctl/net2net-cert/posttest.dat index 30d10b555..755f0e5f8 100755 --- a/testing/tests/swanctl/net2net-cert/posttest.dat +++ b/testing/tests/swanctl/net2net-cert/posttest.dat @@ -1,5 +1,5 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-cert/pretest.dat b/testing/tests/swanctl/net2net-cert/pretest.dat index b128bef44..9440ddab0 100755 --- a/testing/tests/swanctl/net2net-cert/pretest.dat +++ b/testing/tests/swanctl/net2net-cert/pretest.dat @@ -1,7 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -sun::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +sun::systemctl start strongswan-swanctl moon::expect-connection gw-gw sun::expect-connection gw-gw moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf index d766a705c..a35aea01c 100755 --- a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf @@ -1,22 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - default = 1 - } - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf index d766a705c..a35aea01c 100755 --- a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf @@ -1,22 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random + load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - default = 1 - } - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-ed25519/posttest.dat b/testing/tests/swanctl/net2net-ed25519/posttest.dat index 8d47767a0..30f6ede76 100755 --- a/testing/tests/swanctl/net2net-ed25519/posttest.dat +++ b/testing/tests/swanctl/net2net-ed25519/posttest.dat @@ -1,6 +1,6 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush moon::rm /etc/swanctl/pkcs8/* diff --git a/testing/tests/swanctl/net2net-ed25519/pretest.dat b/testing/tests/swanctl/net2net-ed25519/pretest.dat index f939b3ac4..410253e54 100755 --- a/testing/tests/swanctl/net2net-ed25519/pretest.dat +++ b/testing/tests/swanctl/net2net-ed25519/pretest.dat @@ -2,8 +2,8 @@ moon::rm /etc/swanctl/rsa/moonKey.pem sun::rm /etc/swanctl/rsa/sunKey.pem moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -sun::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +sun::systemctl start strongswan-swanctl moon::expect-connection gw-gw sun::expect-connection gw-gw moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf index 4f54f610a..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf index 4f54f610a..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf index 4f54f610a..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/net2net-gw/posttest.dat b/testing/tests/swanctl/net2net-gw/posttest.dat index 94914f832..b29cf321e 100755 --- a/testing/tests/swanctl/net2net-gw/posttest.dat +++ b/testing/tests/swanctl/net2net-gw/posttest.dat @@ -1,8 +1,8 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null sun::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null -carol::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl +carol::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-gw/pretest.dat b/testing/tests/swanctl/net2net-gw/pretest.dat index e3136491c..acfd0e95e 100755 --- a/testing/tests/swanctl/net2net-gw/pretest.dat +++ b/testing/tests/swanctl/net2net-gw/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -sun::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +sun::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl carol::expect-connection gw-moon carol::expect-connection gw-sun moon::expect-connection gw-gw diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf index 2ff6ac024..812c12bf9 100644 --- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf @@ -4,15 +4,11 @@ swanctl { load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - multiple_authentication = no + plugins { forecast { groups = 224.0.0.251 diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf index b119e8274..1c5da7b88 100644 --- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf @@ -1,14 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - multiple_authentication = no + plugins { forecast { groups = 224.0.0.251 diff --git a/testing/tests/swanctl/net2net-multicast/posttest.dat b/testing/tests/swanctl/net2net-multicast/posttest.dat index ba484f90d..dc6949dbb 100644 --- a/testing/tests/swanctl/net2net-multicast/posttest.dat +++ b/testing/tests/swanctl/net2net-multicast/posttest.dat @@ -1,3 +1,3 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl diff --git a/testing/tests/swanctl/net2net-multicast/pretest.dat b/testing/tests/swanctl/net2net-multicast/pretest.dat index 5b8d98879..c5b1bdbfd 100644 --- a/testing/tests/swanctl/net2net-multicast/pretest.dat +++ b/testing/tests/swanctl/net2net-multicast/pretest.dat @@ -1,7 +1,7 @@ moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships -moon::service charon start 2> /dev/null -sun::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +sun::systemctl start strongswan-swanctl moon::expect-connection gw-gw sun::expect-connection gw-gw moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf index 531e286ce..29e75f7b8 100644 --- a/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf index 531e286ce..29e75f7b8 100644 --- a/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/net2net-pubkey/posttest.dat b/testing/tests/swanctl/net2net-pubkey/posttest.dat index c2227a5dd..a8696960d 100644 --- a/testing/tests/swanctl/net2net-pubkey/posttest.dat +++ b/testing/tests/swanctl/net2net-pubkey/posttest.dat @@ -1,6 +1,6 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush moon::rm /etc/swanctl/pubkey/* diff --git a/testing/tests/swanctl/net2net-pubkey/pretest.dat b/testing/tests/swanctl/net2net-pubkey/pretest.dat index b4f48af72..021675bc5 100644 --- a/testing/tests/swanctl/net2net-pubkey/pretest.dat +++ b/testing/tests/swanctl/net2net-pubkey/pretest.dat @@ -2,8 +2,8 @@ sun::iptables-restore < /etc/iptables.rules moon::iptables-restore < /etc/iptables.rules sun::cd /etc/swanctl; rm x509/* x509ca/* moon::cd /etc/swanctl; rm x509/* x509ca/* -sun::service charon start 2> /dev/null -moon::service charon start 2> /dev/null +sun::systemctl start strongswan-swanctl +moon::systemctl start strongswan-swanctl sun::expect-connection gw-gw moon::expect-connection gw-gw moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf index 9d7fa51d4..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf index 4ca179a5f..61d2bd9e4 100755 --- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-route/posttest.dat b/testing/tests/swanctl/net2net-route/posttest.dat index 30d10b555..755f0e5f8 100755 --- a/testing/tests/swanctl/net2net-route/posttest.dat +++ b/testing/tests/swanctl/net2net-route/posttest.dat @@ -1,5 +1,5 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-route/pretest.dat b/testing/tests/swanctl/net2net-route/pretest.dat index 459879bbc..fa303b64e 100755 --- a/testing/tests/swanctl/net2net-route/pretest.dat +++ b/testing/tests/swanctl/net2net-route/pretest.dat @@ -1,7 +1,7 @@ sun::iptables-restore < /etc/iptables.rules moon::iptables-restore < /etc/iptables.rules -sun::service charon start 2> /dev/null -moon::service charon start 2> /dev/null +sun::systemctl start strongswan-swanctl +moon::systemctl start strongswan-swanctl sun::expect-connection gw-gw moon::expect-connection gw-gw alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf index f102eeeae..73bb5f6b3 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf index f102eeeae..73bb5f6b3 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat index 30d10b555..755f0e5f8 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat @@ -1,5 +1,5 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat index b128bef44..9440ddab0 100755 --- a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat +++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat @@ -1,7 +1,7 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -sun::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +sun::systemctl start strongswan-swanctl moon::expect-connection gw-gw sun::expect-connection gw-gw moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf index 1f367c2a0..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf index 1f367c2a0..ad4c18e43 100755 --- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/net2net-start/posttest.dat b/testing/tests/swanctl/net2net-start/posttest.dat index 30d10b555..755f0e5f8 100755 --- a/testing/tests/swanctl/net2net-start/posttest.dat +++ b/testing/tests/swanctl/net2net-start/posttest.dat @@ -1,5 +1,5 @@ moon::swanctl --terminate --ike gw-gw 2> /dev/null -moon::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +moon::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/net2net-start/pretest.dat b/testing/tests/swanctl/net2net-start/pretest.dat index 6c1783b74..681293753 100755 --- a/testing/tests/swanctl/net2net-start/pretest.dat +++ b/testing/tests/swanctl/net2net-start/pretest.dat @@ -1,5 +1,5 @@ sun::iptables-restore < /etc/iptables.rules moon::iptables-restore < /etc/iptables.rules -sun::service charon start 2> /dev/null -moon::service charon start 2> /dev/null +sun::systemctl start strongswan-swanctl +moon::systemctl start strongswan-swanctl moon::sleep 0.5 diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf index e3eb4e36d..79b138bd5 100644 --- a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - auths = /usr/local/sbin/swanctl --load-authorities - } plugins { revocation { enable_ocsp = no } - } + } } diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf index 3912f5e07..2e78d2279 100644 --- a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf @@ -1,12 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } plugins { revocation { enable_ocsp = no diff --git a/testing/tests/swanctl/ocsp-disabled/posttest.dat b/testing/tests/swanctl/ocsp-disabled/posttest.dat index 672f4188c..f13bb51b0 100644 --- a/testing/tests/swanctl/ocsp-disabled/posttest.dat +++ b/testing/tests/swanctl/ocsp-disabled/posttest.dat @@ -1,3 +1,3 @@ carol::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl diff --git a/testing/tests/swanctl/ocsp-disabled/pretest.dat b/testing/tests/swanctl/ocsp-disabled/pretest.dat index e6d60458d..864909e24 100644 --- a/testing/tests/swanctl/ocsp-disabled/pretest.dat +++ b/testing/tests/swanctl/ocsp-disabled/pretest.dat @@ -1,5 +1,5 @@ -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf index acf2151a9..f3b571a1b 100644 --- a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf @@ -1,15 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - auths = /usr/local/sbin/swanctl --load-authorities - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf index 6d368f08b..f3b571a1b 100644 --- a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf @@ -1,15 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - auths = /usr/local/sbin/swanctl --load-authorities - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf index 6d368f08b..f3b571a1b 100644 --- a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf @@ -1,15 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - auths = /usr/local/sbin/swanctl --load-authorities - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/ocsp-multi-level/posttest.dat b/testing/tests/swanctl/ocsp-multi-level/posttest.dat index acac04a3b..53013d08d 100644 --- a/testing/tests/swanctl/ocsp-multi-level/posttest.dat +++ b/testing/tests/swanctl/ocsp-multi-level/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home 2> /dev/null dave::swanctl --terminate --ike home 2> /dev/null -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null -carol::rm -r /etc/swanctl -dave::rm -r /etc/swanctl -moon::rm -r /etc/swanctl +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/* +dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/* +moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/* diff --git a/testing/tests/swanctl/ocsp-multi-level/pretest.dat b/testing/tests/swanctl/ocsp-multi-level/pretest.dat index 7b83e219d..505f17572 100644 --- a/testing/tests/swanctl/ocsp-multi-level/pretest.dat +++ b/testing/tests/swanctl/ocsp-multi-level/pretest.dat @@ -1,6 +1,6 @@ -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection research carol::expect-connection home carol::swanctl --initiate --child alice 2> /dev/null diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf index 9ea516013..c7b494ddc 100644 --- a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,11 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - auths = /usr/local/sbin/swanctl --load-authorities - } } diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf index 9ba617c0a..d9c31430b 100644 --- a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat index 672f4188c..f13bb51b0 100644 --- a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat +++ b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat @@ -1,3 +1,3 @@ carol::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl diff --git a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat index e6d60458d..864909e24 100644 --- a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat +++ b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat @@ -1,5 +1,5 @@ -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home diff --git a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf index 383a24213..91e32f7ba 100644 --- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf index 383a24213..91e32f7ba 100644 --- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/protoport-dual/posttest.dat b/testing/tests/swanctl/protoport-dual/posttest.dat index 2fc2bbb75..2b00bea8e 100644 --- a/testing/tests/swanctl/protoport-dual/posttest.dat +++ b/testing/tests/swanctl/protoport-dual/posttest.dat @@ -1,5 +1,5 @@ carol::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/protoport-dual/pretest.dat b/testing/tests/swanctl/protoport-dual/pretest.dat index 87ee29bf6..2bdc109ab 100644 --- a/testing/tests/swanctl/protoport-dual/pretest.dat +++ b/testing/tests/swanctl/protoport-dual/pretest.dat @@ -1,7 +1,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl moon::expect-connection icmp moon::expect-connection ssh carol::expect-connection icmp diff --git a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf index 383a24213..91e32f7ba 100644 --- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf index 383a24213..91e32f7ba 100644 --- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/protoport-range/posttest.dat b/testing/tests/swanctl/protoport-range/posttest.dat index 2fc2bbb75..2b00bea8e 100644 --- a/testing/tests/swanctl/protoport-range/posttest.dat +++ b/testing/tests/swanctl/protoport-range/posttest.dat @@ -1,5 +1,5 @@ carol::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/protoport-range/pretest.dat b/testing/tests/swanctl/protoport-range/pretest.dat index b45d4b3c6..7f38b7662 100644 --- a/testing/tests/swanctl/protoport-range/pretest.dat +++ b/testing/tests/swanctl/protoport-range/pretest.dat @@ -1,7 +1,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl moon::expect-connection icmp-req moon::expect-connection icmp-rep moon::expect-connection ftp-ssh diff --git a/testing/tests/swanctl/rw-cert-pss/description.txt b/testing/tests/swanctl/rw-cert-pss/description.txt new file mode 100755 index 000000000..41c02b519 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/description.txt @@ -0,0 +1,8 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b> +and <b>IKEv2 AUTH</b> payloads based on RSA-PSS signatures. +<p/> +Upon the successful establishment of the IPsec tunnels, the updown script +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/swanctl/rw-cert-pss/evaltest.dat b/testing/tests/swanctl/rw-cert-pss/evaltest.dat new file mode 100755 index 000000000..a62fda968 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/evaltest.dat @@ -0,0 +1,14 @@ +carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PSS_SHA2_256 successful::YES +moon ::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PSS_SHA2_256 successful::YES +moon ::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA_EMSA_PSS_SHA2_512 successful::YES +moon ::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with RSA_EMSA_PSS_SHA2_384 successful::YES +alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES +alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave :: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +moon :: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon :: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf new file mode 100755 index 000000000..3a9630fc1 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + syslog { + daemon { + default = 1 + } + auth { + default = 0 + } + } +} diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem new file mode 100644 index 000000000..1454ec54c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F + +1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b +/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ +/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o +Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+ +f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6 +LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv +06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC +e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr +3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC +sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily +c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy +UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h +XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T +iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO +Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO +v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO +t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H +8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA +jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p +p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS +7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk +GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+ +4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0 +yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd ++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC +-----END RSA PRIVATE KEY----- diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..7aceb6913 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,35 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.1 + + local { + auth = rsa/pss-sha512 + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +secrets { + + rsa-carol { + file = carolKey.pem + secret = "nH5ZQEWtku0RJEZ6" + } +} diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf new file mode 100755 index 000000000..3a9630fc1 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf @@ -0,0 +1,18 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + syslog { + daemon { + default = 1 + } + auth { + default = 0 + } + } +} diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..4c7c177ed --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.1 + + local { + auth = rsa/pss-sha384 + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf new file mode 100755 index 000000000..4bd975a00 --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf @@ -0,0 +1,20 @@ +# /etc/strongswan.conf - strongSwan configuration file + +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici + + rsa_pss = yes + + syslog { + daemon { + default = 1 + } + auth { + default = 0 + } + } +} diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..4ba02ad6c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = moonCert.pem + id = moon.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/swanctl/rw-cert-pss/posttest.dat b/testing/tests/swanctl/rw-cert-pss/posttest.dat new file mode 100755 index 000000000..b909ac76c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/posttest.dat @@ -0,0 +1,8 @@ +carol::swanctl --terminate --ike home +dave::swanctl --terminate --ike home +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush +dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-cert-pss/pretest.dat b/testing/tests/swanctl/rw-cert-pss/pretest.dat new file mode 100755 index 000000000..dd1a17ccb --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/pretest.dat @@ -0,0 +1,11 @@ +moon::iptables-restore < /etc/iptables.rules +carol::iptables-restore < /etc/iptables.rules +dave::iptables-restore < /etc/iptables.rules +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl +moon::expect-connection rw +carol::expect-connection home +carol::swanctl --initiate --child home 2> /dev/null +dave::expect-connection home +dave::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-cert-pss/test.conf b/testing/tests/swanctl/rw-cert-pss/test.conf new file mode 100755 index 000000000..1227b9d1c --- /dev/null +++ b/testing/tests/swanctl/rw-cert-pss/test.conf @@ -0,0 +1,25 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1 diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf index 909bca0fc..b415e075c 100755 --- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf index 909bca0fc..b415e075c 100755 --- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf index 909bca0fc..b415e075c 100755 --- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-cert/posttest.dat b/testing/tests/swanctl/rw-cert/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-cert/posttest.dat +++ b/testing/tests/swanctl/rw-cert/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-cert/pretest.dat b/testing/tests/swanctl/rw-cert/pretest.dat index 762c35418..dd1a17ccb 100755 --- a/testing/tests/swanctl/rw-cert/pretest.dat +++ b/testing/tests/swanctl/rw-cert/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf index ec6625370..6339790cd 100644 --- a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf @@ -1,13 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - plugins { ipseckey { enable = yes diff --git a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf index ec6625370..6339790cd 100644 --- a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf @@ -1,13 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - plugins { ipseckey { enable = yes diff --git a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf index dcca175db..617b812d5 100644 --- a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf @@ -1,13 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - pools = /usr/local/sbin/swanctl --load-pools - conns = /usr/local/sbin/swanctl --load-conns - } dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS diff --git a/testing/tests/swanctl/rw-dnssec/posttest.dat b/testing/tests/swanctl/rw-dnssec/posttest.dat index 48a4abe78..dba97a988 100644 --- a/testing/tests/swanctl/rw-dnssec/posttest.dat +++ b/testing/tests/swanctl/rw-dnssec/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::rm /etc/swanctl/pubkey/* carol::rm /etc/swanctl/pubkey/* dave::rm /etc/swanctl/pubkey/* diff --git a/testing/tests/swanctl/rw-dnssec/pretest.dat b/testing/tests/swanctl/rw-dnssec/pretest.dat index 5faf602fc..ca44e08fc 100644 --- a/testing/tests/swanctl/rw-dnssec/pretest.dat +++ b/testing/tests/swanctl/rw-dnssec/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cd /etc/swanctl; rm x509/* x509ca/* carol::cd /etc/swanctl; rm x509/* x509ca/* dave::cd /etc/swanctl; rm x509/* x509ca/* -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf index dd99cdbf9..653488a66 100644 --- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf @@ -1,16 +1,12 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } plugins { eap-simaka-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf index dd99cdbf9..653488a66 100644 --- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf @@ -1,16 +1,12 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } plugins { eap-simaka-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat index 2fc2bbb75..2b00bea8e 100644 --- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat +++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat @@ -1,5 +1,5 @@ carol::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat index 3842250e6..2fa2d200d 100644 --- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat +++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat @@ -3,8 +3,8 @@ carol::iptables-restore < /etc/iptables.rules carol::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db moon::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db carol::cd /etc/swanctl; rm rsa/* x509/* -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl moon::expect-connection rw-eap carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf index 4b8e68e6d..d2cc789b3 100644 --- a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf index 4b8e68e6d..d2cc789b3 100644 --- a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat index 2fc2bbb75..2b00bea8e 100644 --- a/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat @@ -1,5 +1,5 @@ carol::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat index 96c1ed114..8cc1c4dc5 100644 --- a/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat +++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat @@ -1,8 +1,8 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules carol::cd /etc/swanctl; rm rsa/* x509/* -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl moon::expect-connection rw-eap carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf index 14afb43a1..cae0025f6 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici } libtls { diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf index 14afb43a1..cae0025f6 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf @@ -1,16 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici } libtls { diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf index c090d6853..9c4e819c5 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat index 762c35418..dd1a17ccb 100755 --- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat +++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf index d58694c38..90f42a1c5 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf @@ -1,17 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - auths = /usr/local/sbin/swanctl --load-authorities - conns = /usr/local/sbin/swanctl --load-conns - } - hash_and_url = yes } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf index d58694c38..90f42a1c5 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf @@ -1,17 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - auths = /usr/local/sbin/swanctl --load-authorities - conns = /usr/local/sbin/swanctl --load-conns - } - hash_and_url = yes } diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf index d58694c38..90f42a1c5 100755 --- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf @@ -1,17 +1,11 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - auths = /usr/local/sbin/swanctl --load-authorities - conns = /usr/local/sbin/swanctl --load-conns - } - hash_and_url = yes } diff --git a/testing/tests/swanctl/rw-hash-and-url/posttest.dat b/testing/tests/swanctl/rw-hash-and-url/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-hash-and-url/posttest.dat +++ b/testing/tests/swanctl/rw-hash-and-url/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-hash-and-url/pretest.dat b/testing/tests/swanctl/rw-hash-and-url/pretest.dat index 762c35418..dd1a17ccb 100755 --- a/testing/tests/swanctl/rw-hash-and-url/pretest.dat +++ b/testing/tests/swanctl/rw-hash-and-url/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf index 22b318472..b8874523b 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf @@ -1,23 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - cfg = 1 - ike = 1 - } - } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf index a55b90a5d..c2b18d966 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf @@ -1,23 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - cfg = 1 - ike = 1 - } - } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf index e7b5caaf8..85354251d 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf @@ -1,23 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { +charon-systemd { load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - cfg = 1 - ike = 1 - } - } } diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat index 37029c074..dc541004d 100755 --- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat +++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection net-1 moon::expect-connection net-2 carol::expect-connection home diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf index 6bfef3d39..16dcf16a1 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf @@ -1,17 +1,12 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random + load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random } -charon { - load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici +charon-systemd { + load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici send_vendor_id = yes fragment_size = 1500 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf index 1d90adb5d..475705026 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf @@ -1,17 +1,12 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random + load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random } -charon { - load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici +charon-systemd { + load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici send_vendor_id = yes fragment_size = 1500 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf index d4e3ca2e5..16dcf16a1 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf @@ -1,18 +1,12 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random + load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random } -charon { +charon-systemd { load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici send_vendor_id = yes fragment_size = 1500 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - pools = /usr/local/sbin/swanctl --load-pools - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-newhope-bliss/posttest.dat b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/posttest.dat +++ b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-newhope-bliss/pretest.dat b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat index a550a2f6d..7772b25eb 100755 --- a/testing/tests/swanctl/rw-newhope-bliss/pretest.dat +++ b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf index b158ccdb3..d655720cf 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf @@ -1,13 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf index b158ccdb3..d655720cf 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf @@ -1,13 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf index c6dd6be45..d655720cf 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf @@ -1,14 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - pools = /usr/local/sbin/swanctl --load-pools - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-ntru-bliss/posttest.dat b/testing/tests/swanctl/rw-ntru-bliss/posttest.dat index 58d5b8675..84935ec51 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/posttest.dat +++ b/testing/tests/swanctl/rw-ntru-bliss/posttest.dat @@ -1,6 +1,6 @@ -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-ntru-bliss/pretest.dat b/testing/tests/swanctl/rw-ntru-bliss/pretest.dat index a550a2f6d..7772b25eb 100644 --- a/testing/tests/swanctl/rw-ntru-bliss/pretest.dat +++ b/testing/tests/swanctl/rw-ntru-bliss/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index 335f38995..dcef959ef 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index 335f38995..dcef959ef 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index 335f38995..dcef959ef 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-psk-fqdn/posttest.dat b/testing/tests/swanctl/rw-psk-fqdn/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/posttest.dat +++ b/testing/tests/swanctl/rw-psk-fqdn/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat index 519b168ae..48849c8b0 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat +++ b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/* carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/* dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/* -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf index e539ea5f4..dcef959ef 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf @@ -4,20 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - cfg = 1 - ike = 1 - } - } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf index 02f6c1b36..a12456f26 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf @@ -4,20 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - cfg = 1 - ike = 1 - } - } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf index c42979965..f196d2431 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf @@ -4,20 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } - syslog { - auth { - default = 0 - } - daemon { - cfg = 1 - ike = 1 - } - } } diff --git a/testing/tests/swanctl/rw-psk-ikev1/posttest.dat b/testing/tests/swanctl/rw-psk-ikev1/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/posttest.dat +++ b/testing/tests/swanctl/rw-psk-ikev1/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-psk-ikev1/pretest.dat b/testing/tests/swanctl/rw-psk-ikev1/pretest.dat index 3393f516d..51c301923 100755 --- a/testing/tests/swanctl/rw-psk-ikev1/pretest.dat +++ b/testing/tests/swanctl/rw-psk-ikev1/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/* carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/* dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/* -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection net-1 moon::expect-connection net-2 carol::expect-connection home diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index 53973cf61..dcef959ef 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index 53973cf61..dcef959ef 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index 5efaed621..0325fe9a2 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -4,11 +4,6 @@ swanctl { load = random openssl } -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/rw-psk-ipv4/posttest.dat b/testing/tests/swanctl/rw-psk-ipv4/posttest.dat index d7107ccc6..b909ac76c 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/posttest.dat +++ b/testing/tests/swanctl/rw-psk-ipv4/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat index 519b168ae..48849c8b0 100755 --- a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat +++ b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/* carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/* dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/* -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf index dc166b588..331d5bc94 100755 --- a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 pubkey openssl random + load = pem pkcs1 pubkey openssl random } -charon { - load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf index dc166b588..331d5bc94 100755 --- a/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 pubkey openssl random + load = pem pkcs1 pubkey openssl random } -charon { - load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf index 720e903c9..6b99d98a9 100755 --- a/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/rw-pubkey-anon/posttest.dat b/testing/tests/swanctl/rw-pubkey-anon/posttest.dat index 48a4abe78..dba97a988 100755 --- a/testing/tests/swanctl/rw-pubkey-anon/posttest.dat +++ b/testing/tests/swanctl/rw-pubkey-anon/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::rm /etc/swanctl/pubkey/* carol::rm /etc/swanctl/pubkey/* dave::rm /etc/swanctl/pubkey/* diff --git a/testing/tests/swanctl/rw-pubkey-anon/pretest.dat b/testing/tests/swanctl/rw-pubkey-anon/pretest.dat index 5faf602fc..ca44e08fc 100755 --- a/testing/tests/swanctl/rw-pubkey-anon/pretest.dat +++ b/testing/tests/swanctl/rw-pubkey-anon/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cd /etc/swanctl; rm x509/* x509ca/* carol::cd /etc/swanctl; rm x509/* x509ca/* dave::cd /etc/swanctl; rm x509/* x509ca/* -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf index dc166b588..331d5bc94 100755 --- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 pubkey openssl random + load = pem pkcs1 pubkey openssl random } -charon { - load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf index dc166b588..331d5bc94 100755 --- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 pubkey openssl random + load = pem pkcs1 pubkey openssl random } -charon { - load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf index 720e903c9..6b99d98a9 100755 --- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf @@ -1,14 +1,9 @@ # /etc/strongswan.conf - strongSwan configuration file swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random + load = pem pkcs1 x509 revocation constraints pubkey openssl random } -charon { - load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } +charon-systemd { + load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat b/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat index 48a4abe78..dba97a988 100755 --- a/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat +++ b/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::rm /etc/swanctl/pubkey/* carol::rm /etc/swanctl/pubkey/* dave::rm /etc/swanctl/pubkey/* diff --git a/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat b/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat index de43d510d..e0ca17a4c 100755 --- a/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat +++ b/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat @@ -5,9 +5,9 @@ moon::cd /etc/swanctl; rm x509/* x509ca/* carol::cd /etc/swanctl; rm x509/* x509ca/* dave::cd /etc/swanctl; rm x509/* x509ca/* moon::cat /etc/swanctl/swanctl_base.conf -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw-carol carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf index ee5b26120..bf799a29b 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf @@ -1,11 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } keep_alive = 5 } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf index e5c0136d8..91e32f7ba 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf @@ -1,11 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - pools = /usr/local/sbin/swanctl --load-pools - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf index ee5b26120..bf799a29b 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf @@ -1,11 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } keep_alive = 5 } diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat index b02b19357..f66c5c57c 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat +++ b/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat @@ -1,5 +1,5 @@ -alice::service charon stop 2> /dev/null -venus::service charon stop 2> /dev/null -sun::service charon stop 2> /dev/null +alice::systemctl stop strongswan-swanctl +venus::systemctl stop strongswan-swanctl +sun::systemctl stop strongswan-swanctl sun::iptables-restore < /etc/iptables.flush moon::iptables -t nat -F diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat index d6bc0709e..e871fba2b 100644 --- a/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat +++ b/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat @@ -1,9 +1,9 @@ sun::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 -sun::service charon start 2> /dev/null -alice::service charon start 2> /dev/null -venus::service charon start 2> /dev/null +sun::systemctl start strongswan-swanctl +alice::systemctl start strongswan-swanctl +venus::systemctl start strongswan-swanctl sun::expect-connection nat-t alice::expect-connection nat-t venus::expect-connection nat-t diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf index 2976558fc..fccc73f22 100644 --- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf index 2976558fc..fccc73f22 100644 --- a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf index 2976558fc..fccc73f22 100644 --- a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf @@ -1,10 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici - - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } } diff --git a/testing/tests/swanctl/xauth-rsa/posttest.dat b/testing/tests/swanctl/xauth-rsa/posttest.dat index d7107ccc6..b909ac76c 100644 --- a/testing/tests/swanctl/xauth-rsa/posttest.dat +++ b/testing/tests/swanctl/xauth-rsa/posttest.dat @@ -1,8 +1,8 @@ carol::swanctl --terminate --ike home dave::swanctl --terminate --ike home -carol::service charon stop 2> /dev/null -dave::service charon stop 2> /dev/null -moon::service charon stop 2> /dev/null +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush dave::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/swanctl/xauth-rsa/pretest.dat b/testing/tests/swanctl/xauth-rsa/pretest.dat index 762c35418..dd1a17ccb 100644 --- a/testing/tests/swanctl/xauth-rsa/pretest.dat +++ b/testing/tests/swanctl/xauth-rsa/pretest.dat @@ -1,9 +1,9 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::service charon start 2> /dev/null -carol::service charon start 2> /dev/null -dave::service charon start 2> /dev/null +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw carol::expect-connection home carol::swanctl --initiate --child home 2> /dev/null |