3 files changed, 29 insertions, 2 deletions

diff --git a/testing/hosts/default/etc/ip6tables.rules b/testing/hosts/default/etc/ip6tables.rules
index 6a2c6af8e..bcb868414 100644
--- a/testing/hosts/default/etc/ip6tables.rules
+++ b/testing/hosts/default/etc/ip6tables.rules
@@ -28,7 +28,7 @@
 -A INPUT  -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
 -A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
 
-# allow crl and certficate fetch from winnetou
+# allow crl and certificate fetch from winnetou
 -A INPUT  -i eth0 -p tcp --sport 80 -s fec0::15 -j ACCEPT
 -A OUTPUT -o eth0 -p tcp --dport 80 -d fec0::15 -j ACCEPT
 
diff --git a/testing/hosts/default/etc/strongswan.conf.testing b/testing/hosts/default/etc/strongswan.conf.testing
index 55efbe7d1..b62355097 100644
--- a/testing/hosts/default/etc/strongswan.conf.testing
+++ b/testing/hosts/default/etc/strongswan.conf.testing
@@ -2,6 +2,11 @@ charon {
   retransmit_tries = 2
   retransmit_timeout = 1.0
   retransmit_base = 1
+  plugins {
+    kernel-netlink {
+      xfrm_acq_expires = 60
+    }
+  }
 }
 
-include strongswan.conf
\ No newline at end of file
+include strongswan.conf
diff --git a/testing/hosts/default/usr/local/bin/service b/testing/hosts/default/usr/local/bin/service
new file mode 100755
index 000000000..c5db4f61b
--- /dev/null
+++ b/testing/hosts/default/usr/local/bin/service
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# LEAK_DETECTIVE_LOG is set for automated runs, however, `service` strips
+# the environment. This wrapper is used to set the variable for the charon
+# init script.
+
+ORIG=/usr/sbin/service
+CONF=/etc/default/charon
+
+if [[ "$1" != "charon" ]]; then
+	$ORIG "$@"
+fi
+
+if [[ "$2" == "start" && -n $LEAK_DETECTIVE_LOG ]]; then
+	echo "export LEAK_DETECTIVE_LOG=$LEAK_DETECTIVE_LOG" >> $CONF
+fi
+
+$ORIG "$@"
+
+if [[ "$2" == "stop" ]]; then
+	sed -i '/LEAK_DETECTIVE_LOG/d' $CONF 2>/dev/null
+fi