summaryrefslogtreecommitdiff
path: root/testing/tests/sql/net2net-psk
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/sql/net2net-psk')
-rw-r--r--testing/tests/sql/net2net-psk/evaltest.dat6
-rw-r--r--testing/tests/sql/net2net-psk/hosts/moon/etc/ipsec.d/data.sql2
-rw-r--r--testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/net2net-psk/hosts/moon/etc/swanctl/swanctl.conf1
-rw-r--r--testing/tests/sql/net2net-psk/hosts/sun/etc/ipsec.d/data.sql2
-rw-r--r--testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/net2net-psk/hosts/sun/etc/swanctl/swanctl.conf1
-rw-r--r--testing/tests/sql/net2net-psk/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-psk/pretest.dat11
-rw-r--r--testing/tests/sql/net2net-psk/test.conf4
10 files changed, 19 insertions, 16 deletions
diff --git a/testing/tests/sql/net2net-psk/evaltest.dat b/testing/tests/sql/net2net-psk/evaltest.dat
index f003f822f..5180ab31d 100644
--- a/testing/tests/sql/net2net-psk/evaltest.dat
+++ b/testing/tests/sql/net2net-psk/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-psk/hosts/moon/etc/ipsec.d/data.sql
index aa6e84c48..42116e245 100644
--- a/testing/tests/sql/net2net-psk/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/ipsec.d/data.sql
@@ -55,7 +55,7 @@ INSERT INTO peer_configs (
INSERT INTO child_configs (
name, updown
) VALUES (
- 'net-net', 'ipsec _updown iptables'
+ 'net-net', '/usr/local/libexec/ipsec/_updown iptables'
);
INSERT INTO peer_config_child_config (
diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
index e20fecca5..6332df434 100644
--- a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/sql/net2net-psk/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..6b5617317
--- /dev/null
+++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1 @@
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-psk/hosts/sun/etc/ipsec.d/data.sql
index 7c2865fd8..0942572ae 100644
--- a/testing/tests/sql/net2net-psk/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/ipsec.d/data.sql
@@ -49,7 +49,7 @@ INSERT INTO peer_configs (
INSERT INTO child_configs (
name, updown
) VALUES (
- 'net-net', 'ipsec _updown iptables'
+ 'net-net', '/usr/local/libexec/ipsec/_updown iptables'
);
INSERT INTO peer_config_child_config (
diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
index e20fecca5..6332df434 100644
--- a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/sql/net2net-psk/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..6b5617317
--- /dev/null
+++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1 @@
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/net2net-psk/posttest.dat b/testing/tests/sql/net2net-psk/posttest.dat
index 1f7aa73a1..59badb867 100644
--- a/testing/tests/sql/net2net-psk/posttest.dat
+++ b/testing/tests/sql/net2net-psk/posttest.dat
@@ -1,4 +1,4 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::service charon stop 2> /dev/null
+sun::service charon stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-psk/pretest.dat b/testing/tests/sql/net2net-psk/pretest.dat
index 05fe277ce..6580e7604 100644
--- a/testing/tests/sql/net2net-psk/pretest.dat
+++ b/testing/tests/sql/net2net-psk/pretest.dat
@@ -1,12 +1,11 @@
-moon::rm /etc/ipsec.d/cacerts/*
-sun::rm /etc/ipsec.d/cacerts/*
moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::ipsec start
-sun::ipsec start
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::service charon start 2> /dev/null
+sun::service charon start 2> /dev/null
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/sql/net2net-psk/test.conf b/testing/tests/sql/net2net-psk/test.conf
index 1b7e280e8..a553c6a7e 100644
--- a/testing/tests/sql/net2net-psk/test.conf
+++ b/testing/tests/sql/net2net-psk/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# Guest instances on which databases are used
#
DBHOSTS="$IPSECHOSTS"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 03:41:34 +0000