diff options
Diffstat (limited to 'testing/tests/ikev1/dynamic-responder')
| -rw-r--r-- | testing/tests/ikev1/dynamic-responder/evaltest.dat | 14 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf | 16 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf | 9 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf | 16 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf | 9 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf | 17 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf | 9 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-responder/posttest.dat | 6 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-responder/pretest.dat | 6 | ||||
| -rw-r--r-- | testing/tests/ikev1/dynamic-responder/test.conf | 10 |
10 files changed, 54 insertions, 58 deletions
diff --git a/testing/tests/ikev1/dynamic-responder/evaltest.dat b/testing/tests/ikev1/dynamic-responder/evaltest.dat index 391afaa42..61546f417 100644 --- a/testing/tests/ikev1/dynamic-responder/evaltest.dat +++ b/testing/tests/ikev1/dynamic-responder/evaltest.dat @@ -1,8 +1,10 @@ -carol::ipsec status::moon.*STATE_QUICK_R2.*IPsec SA established::YES -dave::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES -moon::cat /var/log/auth.log::PH_IP_CAROL.*IPsec SA established::YES -moon::cat /var/log/auth.log::PH_IP_DAVE.*deleting connection.*with peer PH_IP_CAROL::YES -moon::cat /var/log/auth.log::PH_IP_DAVE.*IPsec SA established::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES +moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol@strongswan.org.*due to uniqueness policy::YES +moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf index acf503f8e..ef0d102c0 100755..100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -14,18 +10,12 @@ conn %default keyexchange=ikev1 conn moon - left=%defaultroute - leftnexthop=%direct - leftsourceip=PH_IP_CAROL1 + left=%any + leftsourceip=%config leftcert=carolCert.pem leftid=carol@strongswan.org leftfirewall=yes - right=moon.strongswan.org - rightallowany=yes + right=%moon.strongswan.org rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org auto=add - - - - diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..bad10ca43 --- /dev/null +++ b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown +} + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf index acf503f8e..ef0d102c0 100755..100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -14,18 +10,12 @@ conn %default keyexchange=ikev1 conn moon - left=%defaultroute - leftnexthop=%direct - leftsourceip=PH_IP_CAROL1 + left=%any + leftsourceip=%config leftcert=carolCert.pem leftid=carol@strongswan.org leftfirewall=yes - right=moon.strongswan.org - rightallowany=yes + right=%moon.strongswan.org rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org auto=add - - - - diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..bad10ca43 --- /dev/null +++ b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown +} + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf index ee28eebf3..6ab0ea5ab 100755..100644 --- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf @@ -1,10 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control - crlcheckinterval=180 - strictcrlpolicy=no - charonstart=no conn %default ikelifetime=60m @@ -12,17 +8,14 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev1 - left=%defaultroute - leftnexthop=%direct + +conn carol + left=%any leftsubnet=10.1.0.0/16 - leftsourceip=PH_IP_MOON1 leftcert=moonCert.pem leftid=@moon.strongswan.org leftfirewall=yes - -conn carol - right=carol.strongswan.org - rightallowany=yes + right=%carol.strongswan.org rightid=carol@strongswan.org - rightsubnet=PH_IP_CAROL1/32 + rightsourceip=PH_IP_CAROL1 auto=add diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..bad10ca43 --- /dev/null +++ b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf @@ -0,0 +1,9 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown +} + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/dynamic-responder/posttest.dat b/testing/tests/ikev1/dynamic-responder/posttest.dat index c30a35edd..32ac12ddc 100644 --- a/testing/tests/ikev1/dynamic-responder/posttest.dat +++ b/testing/tests/ikev1/dynamic-responder/posttest.dat @@ -2,10 +2,6 @@ dave::ipsec stop carol::ipsec stop dave::sleep 1 moon::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null -dave::/etc/init.d/iptables stop 2> /dev/null -carol::ip addr del PH_IP_CAROL1/32 dev eth0 -dave::ip addr del PH_IP_CAROL1/32 dev eth0 +carol::iptables-restore < /etc/iptables.flush dave::rm /etc/ipsec.d/certs/* dave::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev1/dynamic-responder/pretest.dat b/testing/tests/ikev1/dynamic-responder/pretest.dat index c0f166ff4..8dc744f9a 100644 --- a/testing/tests/ikev1/dynamic-responder/pretest.dat +++ b/testing/tests/ikev1/dynamic-responder/pretest.dat @@ -1,6 +1,4 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -dave::/etc/init.d/iptables start 2> /dev/null +carol::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start @@ -10,4 +8,4 @@ moon::sleep 1 carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT dave::ipsec up moon -dave::sleep 2 +dave::sleep 2 diff --git a/testing/tests/ikev1/dynamic-responder/test.conf b/testing/tests/ikev1/dynamic-responder/test.conf index 1a8f2a4e0..164b07ff9 100644 --- a/testing/tests/ikev1/dynamic-responder/test.conf +++ b/testing/tests/ikev1/dynamic-responder/test.conf @@ -1,21 +1,21 @@ #!/bin/bash # # This configuration file provides information on the -# UML instances used for this test +# guest instances used for this test -# All UML instances that are required for this test +# All guest instances that are required for this test # -UMLHOSTS="alice moon carol winnetou dave" +VIRTHOSTS="alice moon carol winnetou dave" # Corresponding block diagram # DIAGRAM="a-m-c-w-d.png" -# UML instances on which tcpdump is to be started +# Guest instances on which tcpdump is to be started # TCPDUMPHOSTS="moon alice" -# UML instances on which IPsec is started +# Guest instances on which IPsec is started # Used for IPsec logging purposes # IPSECHOSTS="moon carol dave" |