diff options
Diffstat (limited to 'testing/tests/ikev1/dpd-clear')
| -rw-r--r-- | testing/tests/ikev1/dpd-clear/description.txt | 5 | ||||
| -rw-r--r-- | testing/tests/ikev1/dpd-clear/evaltest.dat | 7 | ||||
| -rwxr-xr-x | testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf | 29 | ||||
| -rw-r--r-- | testing/tests/ikev1/dpd-clear/posttest.dat | 3 | ||||
| -rw-r--r-- | testing/tests/ikev1/dpd-clear/pretest.dat | 4 | ||||
| -rw-r--r-- | testing/tests/ikev1/dpd-clear/test.conf | 21 |
6 files changed, 69 insertions, 0 deletions
diff --git a/testing/tests/ikev1/dpd-clear/description.txt b/testing/tests/ikev1/dpd-clear/description.txt new file mode 100644 index 000000000..f76b2d741 --- /dev/null +++ b/testing/tests/ikev1/dpd-clear/description.txt @@ -0,0 +1,5 @@ +The roadwarrior <b>carol</b> sets up an IPsec tunnel connection to the gateway <b>moon</b> +which in turn activates <b>Dead Peer Detection</b> (DPD) with a polling interval of 10 s. +When the network connectivity between <b>carol</b> and <b>moon</b> is forcefully disrupted, +<b>moon</b> clears the connection after the configured timeout of 30 s. + diff --git a/testing/tests/ikev1/dpd-clear/evaltest.dat b/testing/tests/ikev1/dpd-clear/evaltest.dat new file mode 100644 index 000000000..98d5b146b --- /dev/null +++ b/testing/tests/ikev1/dpd-clear/evaltest.dat @@ -0,0 +1,7 @@ +carol::ipsec status::STATE_MAIN_I4 (ISAKMP SA established)::YES +carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO +moon::sleep 50::no output expected::NO +moon::cat /var/log/auth.log::inserting event EVENT_DPD::YES +moon::cat /var/log/auth.log::DPD: No response from peer - declaring peer dead::YES +moon::cat /var/log/auth.log::DPD: Terminating all SAs using this connection::YES +moon::cat /var/log/auth.log::DPD: Clearing connection::YES diff --git a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..281293545 --- /dev/null +++ b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf @@ -0,0 +1,29 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + leftnexthop=%direct + dpdaction=clear + dpddelay=10 + dpdtimeout=30 + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + rightid=carol@strongswan.org + auto=add + + + diff --git a/testing/tests/ikev1/dpd-clear/posttest.dat b/testing/tests/ikev1/dpd-clear/posttest.dat new file mode 100644 index 000000000..931db4272 --- /dev/null +++ b/testing/tests/ikev1/dpd-clear/posttest.dat @@ -0,0 +1,3 @@ +carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/ikev1/dpd-clear/pretest.dat b/testing/tests/ikev1/dpd-clear/pretest.dat new file mode 100644 index 000000000..14ed95322 --- /dev/null +++ b/testing/tests/ikev1/dpd-clear/pretest.dat @@ -0,0 +1,4 @@ +moon::ipsec start +carol::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/ikev1/dpd-clear/test.conf b/testing/tests/ikev1/dpd-clear/test.conf new file mode 100644 index 000000000..2b240d895 --- /dev/null +++ b/testing/tests/ikev1/dpd-clear/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" |