diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:10:02 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:10:02 +0000 |
| commit | 49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 (patch) | |
| tree | 28f7a72e5dec4abf908fd7874bdab776281310bc /testing | |
| parent | 7b0305f59ddab9ea026b202a8c569912e5bf9a90 (diff) | |
| download | vyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.tar.gz vyos-strongswan-49104abddf3d71d5abf5cf75dc7f95fa6c55fa63.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.8)
Diffstat (limited to 'testing')
60 files changed, 670 insertions, 87 deletions
diff --git a/testing/INSTALL b/testing/INSTALL index a48c5a253..4e55ab633 100644 --- a/testing/INSTALL +++ b/testing/INSTALL @@ -53,7 +53,7 @@ are required for the strongSwan testing environment: * A vanilla Linux kernel on which the UML kernel will be based on. We recommend the use of - http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.21.5.tar.bz2 + http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.23.1.tar.bz2 * Starting with Linux kernel 2.6.9 no patch must be applied any more in order to make the vanilla kernel UML-capable. For older kernels you'll find @@ -63,7 +63,7 @@ are required for the strongSwan testing environment: * The matching .config file required to compile the UML kernel: - http://download.strongswan.org/uml/.config-2.6.21 + http://download.strongswan.org/uml/.config-2.6.23 * A gentoo-based UML file system (compressed size 130 MBytes) found at @@ -71,7 +71,7 @@ are required for the strongSwan testing environment: * The latest strongSwan distribution - http://download.strongswan.org/strongswan-4.1.4.tar.gz + http://download.strongswan.org/strongswan-4.1.8.tar.gz 3. Creating the environment @@ -146,5 +146,5 @@ README document. ----------------------------------------------------------------------------- -This file is RCSID $Id: INSTALL,v 1.39 2006/04/24 16:58:03 as Exp $ +This file is RCSID $Id: INSTALL 3308 2007-10-17 03:39:16Z andreas $ diff --git a/testing/Makefile.am b/testing/Makefile.am new file mode 100644 index 000000000..2ce6f2cd0 --- /dev/null +++ b/testing/Makefile.am @@ -0,0 +1,11 @@ +noinst_SCRIPTS = do-tests +CLEANFILES = do-tests +EXTRA_DIST = do-tests.in make-testing start-testing stop-testing \ + testing.conf hosts images scripts tests INSTALL README + +do-tests : do-tests.in + sed \ + -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ + $< > $@ + chmod +x $@ + diff --git a/testing/Makefile.in b/testing/Makefile.in new file mode 100644 index 000000000..234607599 --- /dev/null +++ b/testing/Makefile.in @@ -0,0 +1,358 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = testing +DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + INSTALL +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +SCRIPTS = $(noinst_SCRIPTS) +SOURCES = +DIST_SOURCES = +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ +IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LINUX_HEADERS = @LINUX_HEADERS@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +backenddir = @backenddir@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +confdir = @confdir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbus_CFLAGS = @dbus_CFLAGS@ +dbus_LIBS = @dbus_LIBS@ +docdir = @docdir@ +dvidir = @dvidir@ +eapdir = @eapdir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +interfacedir = @interfacedir@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecuid = @ipsecuid@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linuxdir = @linuxdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +noinst_SCRIPTS = do-tests +CLEANFILES = do-tests +EXTRA_DIST = do-tests.in make-testing start-testing stop-testing \ + testing.conf hosts images scripts tests INSTALL README + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testing/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu testing/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(SCRIPTS) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-exec-am: + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + distclean distclean-generic distclean-libtool distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am + + +do-tests : do-tests.in + sed \ + -e "s:\@IPSEC_ROUTING_TABLE\@:$(IPSEC_ROUTING_TABLE):" \ + $< > $@ + chmod +x $@ +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/testing/README b/testing/README index e1930a6e3..e594b7865 100644 --- a/testing/README +++ b/testing/README @@ -156,5 +156,5 @@ restored with the command ----------------------------------------------------------------------------- -This file is RCSID $Id: README,v 1.2 2004/12/20 16:26:39 as Exp $ +This file is RCSID $Id: README 3273 2007-10-08 20:18:34Z andreas $ diff --git a/testing/do-tests b/testing/do-tests.in index 72379bda0..2b26d4517 100755 --- a/testing/do-tests +++ b/testing/do-tests.in @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: do-tests,v 1.20 2006/02/08 21:27:59 as Exp $ +# RCSID $Id: do-tests.in 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -48,6 +48,8 @@ TESTRESULTSHTML=$TODAYDIR/all.html INDEX=$TODAYDIR/index.html DEFAULTTESTSDIR=$UMLTESTDIR/testing/tests +SOURCEIP_ROUTING_TABLE=@IPSEC_ROUTING_TABLE@ + testnumber="0" failed_cnt="0" passed_cnt="0" @@ -460,7 +462,7 @@ do $TESTRESULTDIR/${host}.$file > /dev/null 2>&1 done - ssh $HOSTLOGIN ip route list \ + ssh $HOSTLOGIN ip route list table $SOURCEIP_ROUTING_TABLE \ > $TESTRESULTDIR/${host}.iproute 2>/dev/null ssh $HOSTLOGIN iptables -v -n -L \ > $TESTRESULTDIR/${host}.iptables 2>/dev/null @@ -480,7 +482,7 @@ do <ul> <li><a href="$host.auth.log">auth.log</a></li> <li><a href="$host.daemon.log">daemon.log</a></li> - <li><a href="$host.iproute">ip route list</a></li> + <li><a href="$host.iproute">ip route list table $SOURCEIP_ROUTING_TABLE</a></li> <li><a href="$host.iptables">iptables -L</a></li> </ul> </td> @@ -655,7 +657,7 @@ cecho-n "Copying test results to winnetou.." ssh root@${ipv4_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1 scp -r $TODAYDIR root@${ipv4_winnetou}:$HTDOCS/testresults > /dev/null 2>&1 ssh root@${ipv4_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1 -cecho "done" +cgecho "done" cecho "" cecho "The results are available in $TODAYDIR" cecho "or via the link http://$ipv4_winnetou/testresults/$TESTDATE" diff --git a/testing/scripts/build-hostconfig b/testing/scripts/build-hostconfig index 0c2afd2c2..5d1c83060 100755 --- a/testing/scripts/build-hostconfig +++ b/testing/scripts/build-hostconfig @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-hostconfig,v 1.3 2005/02/08 10:40:48 as Exp $ +# RCSID $Id: build-hostconfig 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -121,4 +121,4 @@ do esac done -cecho "done" +cgecho "done" diff --git a/testing/scripts/build-sshkeys b/testing/scripts/build-sshkeys index 23f62e005..a26f0162c 100755 --- a/testing/scripts/build-sshkeys +++ b/testing/scripts/build-sshkeys @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-sshkeys,v 1.2 2005/02/15 14:12:16 as Exp $ +# RCSID $Id: build-sshkeys 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -37,25 +37,25 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi if [ ! -d ~/.ssh ] then cecho-n " * Creating directory '~/.ssh'.." mkdir ~/.ssh - cecho "done" + cgecho "done" fi if [ -f ~/.ssh/known_hosts ] then cecho-n " * Backing up ~/.ssh/known_hosts to '~/.ssh/known_hosts.before_uml'.." cp -fp ~/.ssh/known_hosts ~/.ssh/known_hosts.before_uml - cecho "done" + cgecho "done" else cecho-n " * Creating '~/.ssh/known_hosts'" touch ~/.ssh/known_hosts - cecho "done" + cgecho "done" fi for host in $HOSTNAMEIPV4 @@ -68,7 +68,7 @@ do else cecho-n " * Adding uml host $HOSTNAME ($IP) to '~/.ssh/known_hosts'.." echo "$HOSTNAME,$IP `cat $DIR/../hosts/ssh_host_rsa_key.pub`" >> ~/.ssh/known_hosts - cecho "done" + cgecho "done" fi done @@ -84,5 +84,5 @@ else cecho "not found" cecho-n " * Generating ssh rsa key pair.." echo "" | ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa >> $LOGFILE 2>&1 - cecho "done" + cgecho "done" fi diff --git a/testing/scripts/build-umlhostfs b/testing/scripts/build-umlhostfs index 69ad9fe02..c73ce00d0 100755 --- a/testing/scripts/build-umlhostfs +++ b/testing/scripts/build-umlhostfs @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlhostfs,v 1.3 2006/03/30 21:20:27 as Exp $ +# RCSID $Id: build-umlhostfs 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -32,7 +32,7 @@ if [ ! -d $BUILDDIR ] then cecho-n " * Directory '$BUILDDIR' does not exist..creating.." mkdir $BUILDDIR - cecho "done" + cgecho "done" fi LOGFILE=${BUILDDIR}/testing.log @@ -41,7 +41,7 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi LOOPDIR=loop @@ -76,4 +76,4 @@ do umount $LOOPDIR done -cecho "done" +cgecho "done" diff --git a/testing/scripts/build-umlkernel b/testing/scripts/build-umlkernel index 074d7847a..61dee8ff5 100755 --- a/testing/scripts/build-umlkernel +++ b/testing/scripts/build-umlkernel @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlkernel,v 1.2 2005/01/09 21:54:25 as Exp $ +# RCSID $Id: build-umlkernel 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -75,12 +75,12 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi cecho-n " * Unpacking kernel.." tar xjf $KERNEL >> $LOGFILE 2>&1 -cecho "done" +cgecho "done" KERNELDIR=${BUILDDIR}/linux-${KERNELVERSION} @@ -109,7 +109,7 @@ if [ $UMLPATCH ] then cecho-n " * Applying uml patch.." bzcat $UMLPATCH | patch -p1 >> $LOGFILE 2>&1 - cecho "done" + cgecho "done" fi ####################################################### @@ -125,10 +125,8 @@ make oldconfig ARCH=um >> $LOGFILE 2>&1 cecho-n " * Now compiling uml kernel.." make linux ARCH=um >> $LOGFILE 2>&1 -cecho "done" +cgecho "done" cecho-n " * Copying uml kernel to '${BUILDDIR}/linux-uml-${KERNELVERSION}'.." mv linux ${BUILDDIR}/linux-uml-${KERNELVERSION} -cecho "done" - - +cgecho "done" diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index f839e3e8e..3498f216e 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlrootfs,v 1.11 2006/01/08 22:29:56 as Exp $ +# RCSID $Id: build-umlrootfs 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -57,7 +57,7 @@ if [ ! -f $LOGFILE ] then cecho-n " * Logfile '$LOGFILE' does not exist..creating.." touch $LOGFILE - cecho "done" + cgecho "done" fi ROOTFSDIR=$BUILDDIR/root-fs @@ -66,7 +66,7 @@ if [ ! -d $ROOTFSDIR ] then cecho-n " * Root file system directory '$ROOTFSDIR' does not exist..creating.." mkdir $ROOTFSDIR - cecho "done" + cgecho "done" fi cd $ROOTFSDIR @@ -87,7 +87,7 @@ dd if=/dev/zero of=gentoo-fs count=$ROOTFSSIZE bs=1M >> $LOGFILE 2>&1 mkreiserfs -q -f gentoo-fs >> $LOGFILE 2>&1 mount -o loop gentoo-fs $LOOPDIR >> $LOGFILE 2>&1 tar xjpf $ROOTFS -C $LOOPDIR >> $LOGFILE 2>&1 -cecho "done" +cgecho "done" ###################################################### # remove /etc/resolv.conf @@ -129,6 +129,8 @@ echo "ln -sf /usr/share/zoneinfo/${TZUML} /etc/localtime" >> $INSTALLSHELL echo "cd /root/${STRONGSWANVERSION}" >> $INSTALLSHELL echo -n "./configure --sysconfdir=/etc" >> $INSTALLSHELL echo -n " --with-random-device=/dev/urandom" >> $INSTALLSHELL +echo -n " --enable-integrity-test" >> $INSTALLSHELL + if [ "$USE_LIBCURL" = "yes" ] then echo -n " --enable-http" >> $INSTALLSHELL @@ -150,10 +152,8 @@ echo "ldconfig" >> $INSTALLSHELL cecho-n " * Compiling $STRONGSWANVERSION within the root file system as chroot.." chroot $LOOPDIR /bin/bash /install.sh >> $LOGFILE 2>&1 -cecho "done" - rm -f $INSTALLSHELL - +cgecho "done" ###################################################### # copying the host's ssh public key diff --git a/testing/scripts/function.sh b/testing/scripts/function.sh index aa944924c..f147e782e 100755 --- a/testing/scripts/function.sh +++ b/testing/scripts/function.sh @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: function.sh,v 1.3 2005/02/16 22:20:52 as Exp $ +# RCSID $Id: function.sh 3273 2007-10-08 20:18:34Z andreas $ ############################################ @@ -24,6 +24,9 @@ function cecho { echo -e "\033[1;31m$1\033[0m" } +function cgecho { + echo -e "\033[1;32m$1\033[0m" +} function cecho-n { echo -en "\033[1;31m$1\033[0m" diff --git a/testing/scripts/kstart-umls b/testing/scripts/kstart-umls index eeaa959e8..91ec00b60 100755 --- a/testing/scripts/kstart-umls +++ b/testing/scripts/kstart-umls @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: kstart-umls,v 1.6 2005/08/30 22:13:12 as Exp $ +# RCSID $Id: kstart-umls 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -68,7 +68,7 @@ do ubda=$UMLHOSTFS \ \$SWITCH_${host} \ mem=${MEM}M con=pty con0=fd:0,fd:1" & - cecho "\033[1;32mdone" + cgecho "done" fi let "x0+=dx" let "y0+=dy" @@ -114,7 +114,7 @@ do cecho "exit" exit 1 else - cecho "\033[1;32mup" + cgecho "up" fi done diff --git a/testing/scripts/load-testconfig b/testing/scripts/load-testconfig index 6558018c2..e4dd63d59 100755 --- a/testing/scripts/load-testconfig +++ b/testing/scripts/load-testconfig @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: load-testconfig,v 1.2 2004/12/13 21:02:42 as Exp $ +# RCSID $Id: load-testconfig 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` diff --git a/testing/scripts/restore-defaults b/testing/scripts/restore-defaults index b1dae1ea2..dc2ebb312 100755 --- a/testing/scripts/restore-defaults +++ b/testing/scripts/restore-defaults @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: restore-defaults,v 1.2 2004/12/20 07:56:33 as Exp $ +# RCSID $Id: restore-defaults 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` diff --git a/testing/scripts/start-switches b/testing/scripts/start-switches index aab82b8ff..118a2250e 100755 --- a/testing/scripts/start-switches +++ b/testing/scripts/start-switches @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: start-switches,v 1.2 2004/12/19 19:17:25 as Exp $ +# RCSID $Id: start-switches 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -31,9 +31,9 @@ do cecho " * Great, umlswitch$n is already running!" else cecho-n " * Starting umlswitch$n.." - uml_switch -tap tap$n -unix /tmp/umlswitch$n >/dev/null 2>&1 </dev/null & + uml_switch -tap tap$n -unix /tmp/umlswitch$n -daemon >/dev/null 2>&1 </dev/null sleep 2 eval ifconfig "tap$n \$IFCONFIG_$n up" - cecho "\033[1;32mdone" + cgecho "done" fi done diff --git a/testing/scripts/start-umls b/testing/scripts/start-umls index 1b875a696..50cd65da4 100755 --- a/testing/scripts/start-umls +++ b/testing/scripts/start-umls @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: start-umls,v 1.5 2005/08/30 22:13:12 as Exp $ +# RCSID $Id: start-umls 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -62,7 +62,7 @@ do ubda=$UMLHOSTFS \ \$SWITCH_${host} \ mem=${MEM}M con=pty con0=fd:0,fd:1" - cecho "done" + cgecho "done" fi done @@ -105,7 +105,7 @@ do cecho "exit" exit 1 else - cecho "up" + cgecho "up" fi done diff --git a/testing/scripts/xstart-umls b/testing/scripts/xstart-umls index 9efbd1497..8cd76c133 100755 --- a/testing/scripts/xstart-umls +++ b/testing/scripts/xstart-umls @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: xstart-umls,v 1.6 2005/08/30 22:13:12 as Exp $ +# RCSID $Id: xstart-umls 3273 2007-10-08 20:18:34Z andreas $ DIR=`dirname $0` @@ -68,7 +68,7 @@ do ubda=$UMLHOSTFS \ \$SWITCH_${host} \ mem=${MEM}M con=pty con0=fd:0,fd:1" & - cecho "done" + cgecho "done" fi let "x0+=dx" let "y0+=dy" @@ -114,7 +114,7 @@ do cecho "exit" exit 1 else - cecho "up" + cgecho "up" fi done diff --git a/testing/stop-testing b/testing/stop-testing index 7b21c6b07..013bf793c 100755 --- a/testing/stop-testing +++ b/testing/stop-testing @@ -39,7 +39,7 @@ for host in $HOSTS do uml_mconsole $host halt &> /dev/null done -cecho "\033[1;32mdone" +cgecho "done" ##################################################### # Shutting down the uml switches @@ -47,5 +47,5 @@ cecho "\033[1;32mdone" cecho-n " * Stopping the UML switches.." killall uml_switch &> /dev/null rm -f /tmp/umlswitch[012] &> /dev/null 2>&1 -cecho "\033[1;32mdone" +cgecho "done" diff --git a/testing/testing.conf b/testing/testing.conf index 8c97cc3a4..aecedd7ae 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -21,20 +21,20 @@ UMLTESTDIR=~/strongswan-testing # Bzipped kernel sources # (file extension .tar.bz2 required) -KERNEL=$UMLTESTDIR/linux-2.6.21.5.tar.bz2 +KERNEL=$UMLTESTDIR/linux-2.6.22.1.tar.bz2 # Extract kernel version KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'` # Kernel configuration file -KERNELCONFIG=$UMLTESTDIR/.config-2.6.21 +KERNELCONFIG=$UMLTESTDIR/.config-2.6.22 # Bzipped uml patch for kernel # (not needed anymore for 2.6.9 kernel or higher) #UMLPATCH=$UMLTESTDIR/uml_jmpbuf-2.6.18.patch.bz2 # Bzipped source of strongSwan -STRONGSWAN=$UMLTESTDIR/strongswan-4.1.4.tar.bz2 +STRONGSWAN=$UMLTESTDIR/strongswan-4.1.7.tar.bz2 # strongSwan compile options (use "yes" or "no") USE_LIBCURL="yes" diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf index 2658293ac..bf39d7527 100755 --- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf @@ -12,6 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 left=%defaultroute + leftnexthop=%direct leftsubnet=10.1.0.0/16 leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf index ba6f7bfe9..d8b885a88 100755 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf index 2658293ac..bf39d7527 100755 --- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf @@ -12,6 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 left=%defaultroute + leftnexthop=%direct leftsubnet=10.1.0.0/16 leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf index 41123c9d6..1f964d0de 100755 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_CAROL1 leftcert=carolCert.pem leftid=carol@strongswan.org diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf index 2ba4db724..c098ffd90 100755 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf @@ -14,6 +14,7 @@ conn %default conn moon left=%defaultroute + leftnexthop=%direct leftsourceip=PH_IP_DAVE1 leftcert=daveCert.pem leftid=dave@strongswan.org diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf index 50c3a6a69..45ec8094b 100755 --- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf @@ -12,6 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 left=%defaultroute + leftnexthop=%direct leftsubnet=10.1.0.0/16 leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem diff --git a/testing/tests/ikev1/passthrough/posttest.dat b/testing/tests/ikev1/passthrough/posttest.dat index 5a9150bc8..db17f4c65 100644 --- a/testing/tests/ikev1/passthrough/posttest.dat +++ b/testing/tests/ikev1/passthrough/posttest.dat @@ -1,4 +1,6 @@ moon::ipsec stop sun::ipsec stop +moon::ip route flush table 50 +moon::ip rule del table 50 moon::/etc/init.d/iptables stop 2> /dev/null sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/passthrough/pretest.dat b/testing/tests/ikev1/passthrough/pretest.dat index 2606db192..6b5295469 100644 --- a/testing/tests/ikev1/passthrough/pretest.dat +++ b/testing/tests/ikev1/passthrough/pretest.dat @@ -2,6 +2,9 @@ moon::/etc/init.d/iptables start 2> /dev/null sun::/etc/init.d/iptables start 2> /dev/null moon::iptables -I INPUT -i eth1 -s 10.1.0.0/16 -j ACCEPT moon::iptables -I OUTPUT -o eth1 -d 10.1.0.0/16 -j ACCEPT +moon::ip rule add pref 50 table 50 +moon::ip route add 192.168.0.254 via PH_IP_MOON table 50 +moon::ip route add 10.1.0.0/16 via PH_IP_MOON1 table 50 moon::ipsec start sun::ipsec start moon::sleep 2 diff --git a/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets index 70ea1dab6..d2bba2f4c 100644 --- a/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets @@ -1,5 +1,9 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL +carol@strongswan.org @dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq + +carol@strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL + +carol@strongswan.org @sun.strongswan.org : PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5 : XAUTH carol "4iChxLT3" diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat index 40cb4339b..73d5ea206 100644 --- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat +++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave::ipsec status::home.*INSTALLED::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec status::rw-carol.*INSTALLED::YES diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index 40cb4339b..73d5ea206 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave::ipsec status::home.*INSTALLED::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec status::rw-carol.*INSTALLED::YES diff --git a/testing/tests/ikev2/force-udp-encaps/description.txt b/testing/tests/ikev2/force-udp-encaps/description.txt new file mode 100644 index 000000000..a079363cf --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/description.txt @@ -0,0 +1,6 @@ +The roadwarrior <b>alice</b> sitting behind the NAT router <b>moon</b> sets up a tunnel to +gateway <b>sun</b>. Since the firewall on <b>sun</b> blocks the ESP protocol, enforced UDP +encapsulation (<b>forceencaps=yes</b>) is used by <b>alice</b> to punch through this hurdle. +<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass +the tunneled traffic. In order to test the tunnel, host <b>alice</b> pings the +client <b>bob</b> behind the gateway <b>sun</b>. diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat new file mode 100644 index 000000000..35f01d491 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat @@ -0,0 +1,6 @@ +alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES +alice::ipsec statusall::nat-t.*INSTALLED::YES +sun::ipsec statusall::nat-t.*INSTALLED::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES +moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf new file mode 100755 index 000000000..2074646cc --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn nat-t + left=%defaultroute + leftcert=aliceCert.pem + leftid=alice@strongswan.org + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + forceencaps=yes + auto=add diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/init.d/iptables b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/init.d/iptables new file mode 100755 index 000000000..5bb63f5ac --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/init.d/iptables @@ -0,0 +1,76 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow IKE + iptables -A INPUT -i eth0 -p udp --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT + + # allow NAT-T + iptables -A INPUT -i eth0 -p udp --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..a2c168601 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf @@ -0,0 +1,35 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftfirewall=yes + +conn net-net + leftsubnet=10.2.0.0/16 + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add + +conn host-host + right=PH_IP_MOON + rightid=@moon.strongswan.org + auto=add + +conn nat-t + leftsubnet=10.2.0.0/16 + right=%any + rightsubnet=10.1.0.10/32 + auto=add diff --git a/testing/tests/ikev2/force-udp-encaps/posttest.dat b/testing/tests/ikev2/force-udp-encaps/posttest.dat new file mode 100644 index 000000000..979f2fcd0 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/posttest.dat @@ -0,0 +1,6 @@ +alice::ipsec stop +sun::ipsec stop +alice::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null +sun::ip route del 10.1.0.0/16 via PH_IP_MOON +winnetou::ip route del 10.1.0.0/16 via PH_IP_MOON diff --git a/testing/tests/ikev2/force-udp-encaps/pretest.dat b/testing/tests/ikev2/force-udp-encaps/pretest.dat new file mode 100644 index 000000000..6f00cd387 --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/pretest.dat @@ -0,0 +1,11 @@ +alice::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +sun::ip route add 10.1.0.0/16 via PH_IP_MOON +winnetou::ip route add 10.1.0.0/16 via PH_IP_MOON +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +alice::ipsec start +sun::ipsec start +alice::sleep 4 +alice::ipsec up nat-t +alice::sleep 1 + diff --git a/testing/tests/ikev2/force-udp-encaps/test.conf b/testing/tests/ikev2/force-udp-encaps/test.conf new file mode 100644 index 000000000..d84149aaf --- /dev/null +++ b/testing/tests/ikev2/force-udp-encaps/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="alice sun" diff --git a/testing/tests/ikev2/mobike-nat/description.txt b/testing/tests/ikev2/mobike-nat/description.txt index dd8a3a11a..ba8fc5bf0 100644 --- a/testing/tests/ikev2/mobike-nat/description.txt +++ b/testing/tests/ikev2/mobike-nat/description.txt @@ -4,4 +4,4 @@ via an additional <b>eth1</b> interface. <b>alice</b> builds up a tunnel to gate in order to reach <b>bob</b> in the subnet behind. When the <b>eth1</b> interface goes away, <b>alice</b> switches to <b>eth0</b> and signals the IP address change via a MOBIKE ADDRESS_UPDATE notification to peer <b>sun</b>. <b>alice</b> sets -a virtual IP of PH_IP_ALICE, so that the IPsec policies don't have to be changed. +a virtual IP of 10.3.0.3, so that the IPsec policies don't have to be changed. diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat index f6259cfb6..541b218d0 100644 --- a/testing/tests/ikev2/mobike-nat/evaltest.dat +++ b/testing/tests/ikev2/mobike-nat/evaltest.dat @@ -1,16 +1,16 @@ alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP::YES moon::tcpdump::sun.strongswan.org.*moon.strongswan.org.*: UDP-encap: ESP::YES -bob::tcpdump::alice.strongswan.org.*bob.strongswan.org.*ICMP echo request::YES -bob::tcpdump::bob.strongswan.org.*alice.strongswan.org.*ICMP echo reply::YES +bob::tcpdump::10.3.0.3.*bob.strongswan.org.*ICMP echo request::YES +bob::tcpdump::bob.strongswan.org.*10.3.0.3.*ICMP echo reply::YES diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf index e05356b39..e9abfdac8 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf @@ -14,7 +14,7 @@ conn %default conn mobike left=PH_IP_ALICE1 - leftsourceip=PH_IP_ALICE + leftsourceip=10.3.0.3 leftcert=aliceCert.pem leftid=alice@strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/mobike-virtual-ip/description.txt b/testing/tests/ikev2/mobike-virtual-ip/description.txt index 997c7f3e8..df5612727 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/description.txt +++ b/testing/tests/ikev2/mobike-virtual-ip/description.txt @@ -4,4 +4,4 @@ via an additional <b>eth1</b> interface. <b>alice</b> builds up a tunnel to gate in order to reach <b>bob</b> in the subnet behind. When the <b>eth1</b> interface goes away, <b>alice</b> switches to <b>eth0</b> and signals the IP address change via a MOBIKE ADDRESS_UPDATE notification to peer <b>sun</b>. <b>alice</b> sets -a virtual IP of PH_IP_ALICE, so that the IPsec policies don't have to be changed. +a virtual IP of 10.3.0.3, so that the IPsec policies don't have to be changed. diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat index 482cef866..5be507d2e 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat @@ -1,16 +1,16 @@ alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES +sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP::YES moon::tcpdump::sun.strongswan.org.*alice.strongswan.org.*: ESP::YES -bob::tcpdump::alice.strongswan.org.*bob.strongswan.org.*ICMP echo request::YES -bob::tcpdump::bob.strongswan.org.*alice.strongswan.org.*ICMP echo reply::YES +bob::tcpdump::10.3.0.3.*bob.strongswan.org.*ICMP echo request::YES +bob::tcpdump::bob.strongswan.org.*10.3.0.3.*ICMP echo reply::YES diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf index e05356b39..e9abfdac8 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf @@ -14,7 +14,7 @@ conn %default conn mobike left=PH_IP_ALICE1 - leftsourceip=PH_IP_ALICE + leftsourceip=10.3.0.3 leftcert=aliceCert.pem leftid=alice@strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/nat-two-rw/evaltest.dat b/testing/tests/ikev2/nat-two-rw/evaltest.dat index 28d5b5289..bd0a4b52b 100644 --- a/testing/tests/ikev2/nat-two-rw/evaltest.dat +++ b/testing/tests/ikev2/nat-two-rw/evaltest.dat @@ -2,7 +2,7 @@ alice::ipsec statusall::nat-t.*INSTALLED::YES venus::ipsec statusall::nat-t.*INSTALLED::YES sun::ipsec statusall::nat-t.*INSTALLED::YES sun::ipsec status::alice@strongswan.org::YES -sun::ipsec status::@venus.strongswan.org::YES +sun::ipsec status::venus.strongswan.org::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf index e86ed4f72..562f26826 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf index ea55d2edb..24e5df519 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf index 55fe84bc3..15d8ddb11 100755 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf @@ -10,7 +10,8 @@ conn %default keyingtries=1 authby=secret keyexchange=ikev2 - + mobike=no + conn net-net left=PH_IP_MOON leftsubnet=10.1.0.0/16 diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf index 063f23b29..e145d9974 100755 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf @@ -10,7 +10,8 @@ conn %default keyingtries=1 authby=secret keyexchange=ikev2 - + mobike=no + conn net-net left=PH_IP_SUN leftsubnet=10.2.0.0/16 diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf index fe75ede89..8a2f8b77c 100755 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf index ea55d2edb..24e5df519 100755 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf index 77abdcdd1..1cc812864 100755 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_MOON diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf index ea55d2edb..24e5df519 100755 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf @@ -11,6 +11,7 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 + mobike=no conn net-net left=PH_IP_SUN diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat index f7f9dc51d..1ce38fc6a 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat @@ -3,7 +3,7 @@ moon::cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre- moon::ipsec statusall::rw-psk.*INSTALLED::YES carol::ipsec statusall::home.*ESTABLISHED::YES moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::authentication of '@moon.strongswan.org' (myself) with RSA signature::YES +moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature::YES moon::ipsec statusall::rw-rsasig.*INSTALLED::YES dave::ipsec statusall::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat index c0fd8b16b..8c7d2e9ea 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat @@ -1,6 +1,6 @@ moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of '@moon.strongswan.org' (myself) with RSA signature::YES +moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature::YES moon::ipsec statusall::rw.*INSTALLED::YES carol::ipsec statusall::home.*ESTABLISHED::YES dave::ipsec statusall::home.*ESTABLISHED::YES diff --git a/testing/tests/ikev2/virtual-ip-override/evaltest.dat b/testing/tests/ikev2/virtual-ip-override/evaltest.dat index 5216a53bb..34ccb76ca 100644 --- a/testing/tests/ikev2/virtual-ip-override/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip-override/evaltest.dat @@ -7,7 +7,7 @@ moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::src PH_IP_CAROL1::YES +carol::ip route list table 220::src PH_IP_CAROL1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::src PH_IP_DAVE1::YES +dave::ip route list table 220::src PH_IP_DAVE1::YES diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat index dbb873ebc..e3c3c7f3c 100644 --- a/testing/tests/ikev2/virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip/evaltest.dat @@ -7,9 +7,9 @@ moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES -carol::ip route list dev eth0::src PH_IP_CAROL1::YES +carol::ip route list table 220::src PH_IP_CAROL1::YES dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list dev eth0::src PH_IP_DAVE1::YES +dave::ip route list table 220::src PH_IP_DAVE1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES |