diff options
Diffstat (limited to 'testing/tests/ikev2/compress')
8 files changed, 14 insertions, 7 deletions
diff --git a/testing/tests/ikev2/compress/description.txt b/testing/tests/ikev2/compress/description.txt index 47829839d..4c60384f0 100644 --- a/testing/tests/ikev2/compress/description.txt +++ b/testing/tests/ikev2/compress/description.txt @@ -1,3 +1,4 @@ -This scenario enables IPCOMP compression between roadwarrior <b>carol</b> and -gateway <b>moon</b>. Two pings from <b>carol</b> to <b>alice</b> checks -the established tunnel with compression. +This scenario enables IPComp compression between roadwarrior <b>carol</b> and +gateway <b>moon</b>. Two pings from <b>carol</b> to <b>alice</b> check +the established tunnel with compression. The packet sizes of the two pings +are different because the kernel does not compress small packets. diff --git a/testing/tests/ikev2/compress/evaltest.dat b/testing/tests/ikev2/compress/evaltest.dat index b989a7774..843326ecc 100644 --- a/testing/tests/ikev2/compress/evaltest.dat +++ b/testing/tests/ikev2/compress/evaltest.dat @@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES moon:: ip xfrm state::proto comp spi::YES carol::ip xfrm state::proto comp spi::YES -carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES +carol::ping -n -c 1 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES +carol::ping -n -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE::YES moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf index 7502175e7..78809898b 100644 --- a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf @@ -9,6 +9,7 @@ conn %default keyingtries=1 keyexchange=ikev2 compress=yes + leftfirewall=yes conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf index 85d8c191f..dc937641c 100644 --- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf index aa1be047e..718b3c814 100644 --- a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf @@ -9,6 +9,7 @@ conn %default keyingtries=1 keyexchange=ikev2 compress=yes + leftfirewall=yes conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf index 85d8c191f..dc937641c 100644 --- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/compress/posttest.dat b/testing/tests/ikev2/compress/posttest.dat index c6d6235f9..046d4cfdc 100644 --- a/testing/tests/ikev2/compress/posttest.dat +++ b/testing/tests/ikev2/compress/posttest.dat @@ -1,2 +1,4 @@ moon::ipsec stop carol::ipsec stop +moon::iptables-restore < /etc/iptables.flush +carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/compress/pretest.dat b/testing/tests/ikev2/compress/pretest.dat index f5aa989fe..29a90355f 100644 --- a/testing/tests/ikev2/compress/pretest.dat +++ b/testing/tests/ikev2/compress/pretest.dat @@ -1,3 +1,5 @@ +carol::iptables-restore < /etc/iptables.rules +moon::iptables-restore < /etc/iptables.rules carol::ipsec start moon::ipsec start carol::sleep 2 |