11 files changed, 26 insertions, 24 deletions

diff --git a/testing/tests/ikev2/rw-psk-fqdn/description.txt b/testing/tests/ikev2/rw-psk-fqdn/description.txt
index d4a7c3878..47f6968ae 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/description.txt
+++ b/testing/tests/ikev2/rw-psk-fqdn/description.txt
@@ -1,6 +1,6 @@
 The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
 to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
-and fully qualified domain names. Upon the successful establishment of the IPsec tunnels,
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
 <b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
 let pass the tunneled traffic. In order to test both tunnel and firewall, both
 <b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
index 06a0f8cda..2fbcc474f 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
@@ -1,8 +1,14 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
index 6c821010a..594affa28 100755..100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
index 1af9be7f7..57f7303be 100755..100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	strictcrlpolicy=no
-	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
index 97edc9047..8dc61b0b3 100755..100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 882ea04a5..d84cba2b0 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/posttest.dat b/testing/tests/ikev2/rw-psk-fqdn/posttest.dat
index 7cebd7f25..1865a1c60 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/posttest.dat
+++ b/testing/tests/ikev2/rw-psk-fqdn/posttest.dat
@@ -1,6 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat
index 282b2aec0..64ce593fb 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat
@@ -1,6 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
 moon::rm /etc/ipsec.d/cacerts/*
 carol::rm /etc/ipsec.d/cacerts/*
 dave::rm /etc/ipsec.d/cacerts/*
diff --git a/testing/tests/ikev2/rw-psk-fqdn/test.conf b/testing/tests/ikev2/rw-psk-fqdn/test.conf
index 70416826e..f29298850 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/test.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/test.conf
@@ -1,21 +1,21 @@
 #!/bin/bash
 #
 # This configuration file provides information on the
-# UML instances used for this test
+# guest instances used for this test
 
-# All UML instances that are required for this test
+# All guest instances that are required for this test
 #
-UMLHOSTS="alice moon carol winnetou dave"
+VIRTHOSTS="alice moon carol winnetou dave"
 
 # Corresponding block diagram
 #
 DIAGRAM="a-m-c-w-d.png"
 
-# UML instances on which tcpdump is to be started
+# Guest instances on which tcpdump is to be started
 #
 TCPDUMPHOSTS="moon"
 
-# UML instances on which IPsec is started
+# Guest instances on which IPsec is started
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol dave"