summaryrefslogtreecommitdiff
path: root/testing/tests/sql/net2net-route-pem
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/sql/net2net-route-pem')
-rw-r--r--testing/tests/sql/net2net-route-pem/evaltest.dat12
-rw-r--r--testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql6
-rw-r--r--testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/net2net-route-pem/hosts/moon/etc/swanctl/swanctl.conf1
-rw-r--r--testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql6
-rw-r--r--testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf2
-rw-r--r--testing/tests/sql/net2net-route-pem/hosts/sun/etc/swanctl/swanctl.conf1
-rw-r--r--testing/tests/sql/net2net-route-pem/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-route-pem/pretest.dat10
-rw-r--r--testing/tests/sql/net2net-route-pem/test.conf4
10 files changed, 22 insertions, 26 deletions
diff --git a/testing/tests/sql/net2net-route-pem/evaltest.dat b/testing/tests/sql/net2net-route-pem/evaltest.dat
index 2c85542e6..87af401b5 100644
--- a/testing/tests/sql/net2net-route-pem/evaltest.dat
+++ b/testing/tests/sql/net2net-route-pem/evaltest.dat
@@ -1,15 +1,7 @@
-moon:: ipsec status 2> /dev/null::net-1.*ROUTED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-1.*ROUTED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::net-2.*ROUTED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-2.*ROUTED, TUNNEL::YES
moon:: cat /var/log/daemon.log::creating acquire job for policy 10.1.0.10/32\[icmp/8\] === 10.2.0.10/32\[icmp/8\] with reqid {1}::YES
-moon:: ipsec status 2> /dev/null::net-1.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-1.*INSTALLED. TUNNEL::YES
sun:: cat /var/log/daemon.log::creating acquire job for policy 10.2.0.10/32\[icmp/8\] === 10.1.0.20/32\[icmp/8\] with reqid {2}::YES
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-2.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-2.*INSTALLED, TUNNEL::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/28] remote-ts=\[10.2.0.0/23].*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[10.1.0.16/28] remote-ts=\[10.2.0.0/23]::YES
+sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-1.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0.0/28].*net-2.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=MODP_3072.*local-ts=\[10.2.0.0/23] remote-ts=\[10.1.0.16/28]::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
index e161c6f9f..f0ae8c119 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
@@ -131,19 +131,19 @@ INSERT INTO peer_configs (
INSERT INTO child_configs (
name, updown, start_action, dpd_action
) VALUES (
- 'net-1', 'ipsec _updown iptables', 1, 1
+ 'net-1', '/usr/local/libexec/ipsec/_updown iptables', 1, 1
);
INSERT INTO child_configs (
name, updown, start_action, dpd_action
) VALUES (
- 'net-2', 'ipsec _updown iptables', 1, 1
+ 'net-2', '/usr/local/libexec/ipsec/_updown iptables', 1, 1
);
INSERT INTO child_configs (
name, updown, start_action, dpd_action
) VALUES (
- 'net-3', 'ipsec _updown iptables', 0, 0
+ 'net-3', '/usr/local/libexec/ipsec/_updown iptables', 0, 0
);
INSERT INTO peer_config_child_config (
diff --git a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
index 8b25be7aa..f5b531db9 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..6b5617317
--- /dev/null
+++ b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1 @@
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
index 27a40ddfa..4268f8e48 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
@@ -131,19 +131,19 @@ INSERT INTO peer_configs (
INSERT INTO child_configs (
name, updown, start_action, dpd_action
) VALUES (
- 'net-1', 'ipsec _updown iptables', 1, 1
+ 'net-1', '/usr/local/libexec/ipsec/_updown iptables', 1, 1
);
INSERT INTO child_configs (
name, updown, start_action, dpd_action
) VALUES (
- 'net-2', 'ipsec _updown iptables', 1, 1
+ 'net-2', '/usr/local/libexec/ipsec/_updown iptables', 1, 1
);
INSERT INTO child_configs (
name, updown, start_action, dpd_action
) VALUES (
- 'net-3', 'ipsec _updown iptables', 0, 0
+ 'net-3', '/usr/local/libexec/ipsec/_updown iptables', 0, 0
);
INSERT INTO peer_config_child_config (
diff --git a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
index 8b25be7aa..f5b531db9 100644
--- a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
}
diff --git a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..6b5617317
--- /dev/null
+++ b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1 @@
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/net2net-route-pem/posttest.dat b/testing/tests/sql/net2net-route-pem/posttest.dat
index 1f7aa73a1..59badb867 100644
--- a/testing/tests/sql/net2net-route-pem/posttest.dat
+++ b/testing/tests/sql/net2net-route-pem/posttest.dat
@@ -1,4 +1,4 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::service charon stop 2> /dev/null
+sun::service charon stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-route-pem/pretest.dat b/testing/tests/sql/net2net-route-pem/pretest.dat
index cef74e474..576bd6738 100644
--- a/testing/tests/sql/net2net-route-pem/pretest.dat
+++ b/testing/tests/sql/net2net-route-pem/pretest.dat
@@ -1,13 +1,11 @@
-moon::rm /etc/ipsec.d/cacerts/*
-sun::rm /etc/ipsec.d/cacerts/*
moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
+moon::service charon start 2> /dev/null
+sun::service charon start 2> /dev/null
moon::expect-connection net-net
-alice::ping -c 1 -W 1 PH_IP_BOB
-bob::ping -c 1 -W 1 PH_IP_VENUS
+alice::ping -c 1 -W 1 10.2.0.10
+bob::ping -c 1 -W 1 10.1.0.20
diff --git a/testing/tests/sql/net2net-route-pem/test.conf b/testing/tests/sql/net2net-route-pem/test.conf
index ee97968ab..138083669 100644
--- a/testing/tests/sql/net2net-route-pem/test.conf
+++ b/testing/tests/sql/net2net-route-pem/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# Guest instances on which databases are used
#
DBHOSTS="$IPSECHOSTS"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 12:30:56 +0000