diff options
Diffstat (limited to 'testing/tests/ikev2/rw-eap-sim-id-radius')
12 files changed, 87 insertions, 18 deletions
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt b/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt index 0531a559f..41abb363c 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/description.txt @@ -1,13 +1,13 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. At the outset the gateway authenticates itself to the client by sending -an IKEv2 <b>RSA signature</b> accompanied by a certificate. -<b>carol</b> then uses the <i>Extensible Authentication Protocol</i> -in association with a <i>GSM Subscriber Identity Module</i> -(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>. -In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b> -are used instead of a physical SIM card on the client <b>carol</b> and -the gateway forwards all EAP messages to the RADIUS server <b>alice</b> +an IKEv2 <b>digital signature</b> accompanied by an X.509 certificate. +<p/> +Next <b>carol</b> uses the GSM <i>Subscriber Identity Module</i> (<b>EAP-SIM</b>) +method of the <i>Extensible Authentication Protocol</i> to authenticate herself. +In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b> are used +instead of a physical SIM card. +<p/> +The gateway forwards all EAP messages to the RADIUS server <b>alice</b> which also uses static triplets. In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior <b>carol</b> uses the EAP identity <b>228060123456001</b>. - diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/mods-available/eap b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/mods-available/eap new file mode 100644 index 000000000..7d8023951 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/mods-available/eap @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/proxy.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/proxy.conf new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/sites-available/default b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/sites-available/default new file mode 100644 index 000000000..2057b5193 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/sites-available/default @@ -0,0 +1,58 @@ +server default { + +listen { + type = auth + ipaddr = 10.1.0.10 + port = 0 +} + +authorize { + preprocess + files + eap { + ok = return + } + expiration + logintime +} + +authenticate { + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + exec + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + eap + remove_reply_message_if_eap + } +} + +pre-proxy { +} + +post-proxy { + eap +} + +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/sites-available/inner-tunnel new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/sites-available/inner-tunnel diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/users b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/users new file mode 100644 index 000000000..1c281a974 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/3.0/users @@ -0,0 +1 @@ +228060123456001 EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/modules/sim_files b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/modules/sim_files deleted file mode 100644 index 10c26aa15..000000000 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/modules/sim_files +++ /dev/null @@ -1,3 +0,0 @@ -sim_files { - simtriplets = "/etc/freeradius/triplets.dat" -} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default index 893529324..1dc666992 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default @@ -1,5 +1,16 @@ authorize { - sim_files + files + update reply { + EAP-Sim-Rand1 := "%{control:EAP-Sim-Rand1}" + EAP-Sim-Rand2 := "%{control:EAP-Sim-Rand2}" + EAP-Sim-Rand3 := "%{control:EAP-Sim-Rand3}" + EAP-Sim-SRES1 := "%{control:EAP-Sim-SRES1}" + EAP-Sim-SRES2 := "%{control:EAP-Sim-SRES2}" + EAP-Sim-SRES3 := "%{control:EAP-Sim-SRES3}" + EAP-Sim-KC1 := "%{control:EAP-Sim-KC1}" + EAP-Sim-KC2 := "%{control:EAP-Sim-KC2}" + EAP-Sim-KC3 := "%{control:EAP-Sim-KC3}" + } eap { ok = return } diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/triplets.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/triplets.dat deleted file mode 100644 index c167ba940..000000000 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/triplets.dat +++ /dev/null @@ -1,3 +0,0 @@ -228060123456001,30000000000000000000000000000000,30112233,305566778899AABB -228060123456001,31000000000000000000000000000000,31112233,315566778899AABB -228060123456001,32000000000000000000000000000000,32112233,325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/users b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/users index e69de29bb..1c281a974 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/users +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/users @@ -0,0 +1 @@ +228060123456001 EAP-Type := SIM, EAP-Sim-RAND1 := 0x30000000000000000000000000000000, EAP-Sim-SRES1 := 0x30112233, EAP-Sim-KC1 := 0x305566778899AABB, EAP-Sim-RAND2 := 0x31000000000000000000000000000000, EAP-Sim-SRES2 := 0x31112233, EAP-Sim-KC2 := 0x315566778899AABB, EAP-Sim-RAND3 := 0x32000000000000000000000000000000, EAP-Sim-SRES3 := 0x32112233, EAP-Sim-KC3 := 0x325566778899AABB diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat index 181949fb5..4361417fd 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat @@ -1,5 +1,5 @@ moon::ipsec stop carol::ipsec stop -alice::killall radiusd +alice::killall freeradius moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat index 122ee2283..53aa83f0c 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat @@ -1,8 +1,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules -alice::cat /etc/freeradius/triplets.dat carol::cat /etc/ipsec.d/triplets.dat -alice::radiusd +alice::freeradius moon::ipsec start carol::ipsec start moon::expect-connection rw-eap |