summaryrefslogtreecommitdiff
path: root/testing/tests/ikev1/xauth-rsa
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/ikev1/xauth-rsa')
-rw-r--r--testing/tests/ikev1/xauth-rsa/evaltest.dat20
-rw-r--r--testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf8
-rw-r--r--testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf8
-rw-r--r--testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf9
-rw-r--r--testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf6
7 files changed, 26 insertions, 37 deletions
diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat
index 786043065..988a6c541 100644
--- a/testing/tests/ikev1/xauth-rsa/evaltest.dat
+++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat
@@ -1,13 +1,15 @@
-carol::cat /var/log/auth.log::extended authentication was successful::YES
-dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
-moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
-moon::cat /var/log/auth.log::extended authentication was successful::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf
index 186d8e121..2fdd60f00 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
conn %default
ikelifetime=60m
@@ -12,14 +8,16 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- authby=xauthrsasig
conn home
left=PH_IP_CAROL
leftcert=carolCert.pem
leftid=carol@strongswan.org
+ leftauth=pubkey
+ leftauth2=xauth
leftfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
+ rightauth=pubkey
auto=add
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
}
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
libstrongswan {
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf
index 478e732ae..36f0c581f 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
conn %default
ikelifetime=60m
@@ -12,14 +8,16 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- authby=xauthrsasig
conn home
left=PH_IP_DAVE
leftcert=daveCert.pem
leftid=dave@strongswan.org
+ leftauth=pubkey
+ leftauth2=xauth
leftfirewall=yes
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
+ rightauth=pubkey
auto=add
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
}
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
libstrongswan {
dh_exponent_ansi_x9_42 = no
}
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
index 251041443..3c6944910 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,6 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
conn %default
ikelifetime=60m
@@ -12,14 +8,15 @@ conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
- authby=xauthrsasig
- xauth=server
conn rw
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
+ leftauth=pubkey
leftfirewall=yes
right=%any
+ rightauth=pubkey
+ rightauth2=xauth
auto=add
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+ load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
}
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
libstrongswan {
dh_exponent_ansi_x9_42 = no
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 04:34:13 +0000