diff options
Diffstat (limited to 'testing/tests/ikev2/rw-eap-tnc-tls')
17 files changed, 0 insertions, 199 deletions
diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/description.txt b/testing/tests/ikev2/rw-eap-tnc-tls/description.txt deleted file mode 100644 index 762b839ee..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/description.txt +++ /dev/null @@ -1,7 +0,0 @@ -The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>, -bothe ends doing certificate-based EAP-TLS authentication only. -In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the -health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface. -<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the -clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, -respectively. diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat deleted file mode 100644 index cebfff25f..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat +++ /dev/null @@ -1,19 +0,0 @@ -carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES -carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES -dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES -dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES -dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES -moon::cat /var/log/daemon.log::added group membership 'allow'::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::added group membership 'isolate'::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES -moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO - diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf deleted file mode 100755 index 1b6274215..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutostart=no - charondebug="tls 2, tnc 3" - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - leftauth=eap - leftfirewall=yes - right=PH_IP_MOON - rightid=@moon.strongswan.org - rightsendcert=never - rightsubnet=10.1.0.0/16 - auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf deleted file mode 100644 index c12143cb1..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown - multiple_authentication=no -} diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file deleted file mode 100644 index f5da834c0..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file +++ /dev/null @@ -1 +0,0 @@ -allow diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config deleted file mode 100644 index a5a9a68f3..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,3 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf deleted file mode 100755 index 54c06b12e..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutostart=no - charondebug="tls 2, tnc 3" - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn home - left=PH_IP_DAVE - leftcert=daveCert.pem - leftid=dave@strongswan.org - leftauth=eap - leftfirewall=yes - right=PH_IP_MOON - rightid=@moon.strongswan.org - rightsendcert=never - rightsubnet=10.1.0.0/16 - auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf deleted file mode 100644 index c12143cb1..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown - multiple_authentication=no -} diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file deleted file mode 100644 index c20b5e57f..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file +++ /dev/null @@ -1 +0,0 @@ -isolate
\ No newline at end of file diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config deleted file mode 100644 index a5a9a68f3..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,3 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf deleted file mode 100755 index 50514c99f..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,36 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - strictcrlpolicy=no - plutostart=no - charondebug="tls 2, tnc 3" - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn rw-allow - rightgroups=allow - leftsubnet=10.1.0.0/28 - also=rw-eap - auto=add - -conn rw-isolate - rightgroups=isolate - leftsubnet=10.1.0.16/28 - also=rw-eap - auto=add - -conn rw-eap - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftauth=eap-ttls - leftfirewall=yes - rightauth=eap-ttls - rightid=*@strongswan.org - rightsendcert=never - right=%any diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets deleted file mode 100644 index 2e277ccb0..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA moonKey.pem - -carol@strongswan.org : EAP "Ar3etTnp" -dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 8898a63ba..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,13 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown - multiple_authentication=no - plugins { - eap-ttls { - request_peer_auth = yes - phase2_piggyback = yes - phase2_tnc = yes - } - } -} diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config deleted file mode 100644 index ac436a344..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config +++ /dev/null @@ -1,3 +0,0 @@ -#IMV configuration file for strongSwan server - -IMV "Dummy" /usr/local/lib/libdummyimv.so diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat deleted file mode 100644 index 7cebd7f25..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -moon::ipsec stop -carol::ipsec stop -dave::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null -dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat deleted file mode 100644 index ce897d181..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat +++ /dev/null @@ -1,15 +0,0 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -dave::/etc/init.d/iptables start 2> /dev/null -moon::cat /etc/tnc_config -carol::cat /etc/tnc_config -dave::cat /etc/tnc_config -carol::cat /etc/tnc/dummyimc.file -dave::cat /etc/tnc/dummyimc.file -moon::ipsec start -carol::ipsec start -dave::ipsec start -carol::sleep 1 -carol::ipsec up home -dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/test.conf b/testing/tests/ikev2/rw-eap-tnc-tls/test.conf deleted file mode 100644 index e28b8259b..000000000 --- a/testing/tests/ikev2/rw-eap-tnc-tls/test.conf +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice venus moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-c-w-d.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" - -# UML instances on which FreeRadius is started -# -RADIUSHOSTS= - |