summaryrefslogtreecommitdiff
path: root/testing/tests/sql/rw-psk-ipv4
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/sql/rw-psk-ipv4')
-rw-r--r--testing/tests/sql/rw-psk-ipv4/description.txt6
-rw-r--r--testing/tests/sql/rw-psk-ipv4/evaltest.dat10
-rwxr-xr-xtesting/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.conf8
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.d/data.sql84
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.conf8
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.d/data.sql84
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets3
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf10
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.conf8
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.d/data.sql114
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/sql/rw-psk-ipv4/posttest.dat10
-rw-r--r--testing/tests/sql/rw-psk-ipv4/pretest.dat18
-rw-r--r--testing/tests/sql/rw-psk-ipv4/test.conf21
17 files changed, 410 insertions, 0 deletions
diff --git a/testing/tests/sql/rw-psk-ipv4/description.txt b/testing/tests/sql/rw-psk-ipv4/description.txt
new file mode 100644
index 000000000..547008f74
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and IPv4 addresses. Upon the successful establishment of the IPsec tunnels,
+automatically inserted iptables-based firewall rules let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping the
+client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/sql/rw-psk-ipv4/evaltest.dat b/testing/tests/sql/rw-psk-ipv4/evaltest.dat
new file mode 100644
index 000000000..06a0f8cda
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/evaltest.dat
@@ -0,0 +1,10 @@
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..3bc29625f
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.d/data.sql
new file mode 100644
index 000000000..a5ff52d65
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.d/data.sql
@@ -0,0 +1,84 @@
+/* Identities */
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* 192.168.0.1 */
+ 1 , X'c0a80001'
+ );
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* 192.168.0.100 */
+ 1 , X'c0a80064'
+ );
+
+/* Shared Secrets */
+
+INSERT INTO shared_secrets (
+ type, data
+) VALUES (
+ 1, X'16964066a10de938bdb2ab7864fe4459cab1'
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 1, 1
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 1, 2
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+ local, remote
+) VALUES (
+ 'PH_IP_CAROL', 'PH_IP_MOON'
+);
+
+INSERT INTO peer_configs (
+ name, ike_cfg, local_id, remote_id, auth_method
+) VALUES (
+ 'home', 1, 2, 1, 2
+);
+
+INSERT INTO child_configs (
+ name, updown
+) VALUES (
+ 'home', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+ peer_cfg, child_cfg
+) VALUES (
+ 1, 1
+);
+
+INSERT INTO traffic_selectors (
+ type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+ 7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+ type
+) VALUES ( /* dynamic/32 */
+ 7
+);
+
+INSERT INTO child_config_traffic_selector (
+ child_cfg, traffic_selector, kind
+) VALUES (
+ 1, 1, 1
+);
+
+INSERT INTO child_config_traffic_selector (
+ child_cfg, traffic_selector, kind
+) VALUES (
+ 1, 2, 2
+);
+
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..76bb21bea
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..1a4ac234e
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ plugins {
+ sql {
+ database = sqlite:///etc/ipsec.d/ipsec.db
+ }
+ }
+ load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke sqlite sql
+}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..3bc29625f
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.d/data.sql
new file mode 100644
index 000000000..ac39472f3
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.d/data.sql
@@ -0,0 +1,84 @@
+/* Identities */
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* 192.168.0.1 */
+ 1 , X'c0a80001'
+ );
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* 192.168.0.200 */
+ 1 , X'c0a800c8'
+ );
+
+/* Shared Secrets */
+
+INSERT INTO shared_secrets (
+ type, data
+) VALUES (
+ 1, X'8d5cce342174da772c8224a59885deaa118d'
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 1, 1
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 1, 2
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+ local, remote
+) VALUES (
+ 'PH_IP_DAVE', 'PH_IP_MOON'
+);
+
+INSERT INTO peer_configs (
+ name, ike_cfg, local_id, remote_id, auth_method
+) VALUES (
+ 'home', 1, 2, 1, 2
+);
+
+INSERT INTO child_configs (
+ name, updown
+) VALUES (
+ 'home', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+ peer_cfg, child_cfg
+) VALUES (
+ 1, 1
+);
+
+INSERT INTO traffic_selectors (
+ type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+ 7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+ type
+) VALUES ( /* dynamic/32 */
+ 7
+);
+
+INSERT INTO child_config_traffic_selector (
+ child_cfg, traffic_selector, kind
+) VALUES (
+ 1, 1, 1
+);
+
+INSERT INTO child_config_traffic_selector (
+ child_cfg, traffic_selector, kind
+) VALUES (
+ 1, 2, 2
+);
+
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..76bb21bea
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..1a4ac234e
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ plugins {
+ sql {
+ database = sqlite:///etc/ipsec.d/ipsec.db
+ }
+ }
+ load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke sqlite sql
+}
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..3bc29625f
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,8 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ crlcheckinterval=180
+ strictcrlpolicy=no
+ plutostart=no
+
+# configuration is read from SQLite database
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.d/data.sql
new file mode 100644
index 000000000..231b84cb9
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.d/data.sql
@@ -0,0 +1,114 @@
+/* Identities */
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* 192.168.0.1 */
+ 1 , X'c0a80001'
+ );
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* 192.168.0.100 */
+ 1 , X'c0a80064'
+ );
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* 192.168.0.200 */
+ 1 , X'c0a800c8'
+ );
+
+INSERT INTO identities (
+ type, data
+) VALUES ( /* %any */
+ 0, '%any'
+);
+
+/* Shared Secrets */
+
+INSERT INTO shared_secrets (
+ type, data
+) VALUES (
+ 1, X'16964066a10de938bdb2ab7864fe4459cab1'
+);
+
+INSERT INTO shared_secrets (
+ type, data
+) VALUES (
+ 1, X'8d5cce342174da772c8224a59885deaa118d'
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 1, 1
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 1, 2
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 2, 1
+);
+
+INSERT INTO shared_secret_identity (
+ shared_secret, identity
+) VALUES (
+ 2, 3
+);
+
+/* Configurations */
+
+INSERT INTO ike_configs (
+ local, remote
+) VALUES (
+ 'PH_IP_MOON', '0.0.0.0'
+);
+
+INSERT INTO peer_configs (
+ name, ike_cfg, local_id, remote_id, auth_method
+) VALUES (
+ 'rw', 1, 1, 4, 2
+);
+
+INSERT INTO child_configs (
+ name, updown
+) VALUES (
+ 'rw', 'ipsec _updown iptables'
+);
+
+INSERT INTO peer_config_child_config (
+ peer_cfg, child_cfg
+) VALUES (
+ 1, 1
+);
+
+INSERT INTO traffic_selectors (
+ type, start_addr, end_addr
+) VALUES ( /* 10.1.0.0/16 */
+ 7, X'0a010000', X'0a01ffff'
+);
+
+INSERT INTO traffic_selectors (
+ type
+) VALUES ( /* dynamic/32 */
+ 7
+);
+
+INSERT INTO child_config_traffic_selector (
+ child_cfg, traffic_selector, kind
+) VALUES (
+ 1, 1, 0
+);
+
+INSERT INTO child_config_traffic_selector (
+ child_cfg, traffic_selector, kind
+) VALUES (
+ 1, 2, 3
+);
+
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..76bb21bea
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+# secrets are read from SQLite database
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..1a4ac234e
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ plugins {
+ sql {
+ database = sqlite:///etc/ipsec.d/ipsec.db
+ }
+ }
+ load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke sqlite sql
+}
diff --git a/testing/tests/sql/rw-psk-ipv4/posttest.dat b/testing/tests/sql/rw-psk-ipv4/posttest.dat
new file mode 100644
index 000000000..d4d57ad83
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::rm /etc/ipsec.d/ipsec.*
+carol::rm /etc/ipsec.d/ipsec.*
+dave::rm /etc/ipsec.d/ipsec.*
+~
diff --git a/testing/tests/sql/rw-psk-ipv4/pretest.dat b/testing/tests/sql/rw-psk-ipv4/pretest.dat
new file mode 100644
index 000000000..76316f33d
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/pretest.dat
@@ -0,0 +1,18 @@
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/sql/rw-psk-ipv4/test.conf b/testing/tests/sql/rw-psk-ipv4/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/sql/rw-psk-ipv4/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"