diff options
Diffstat (limited to 'testing/tests/sql/rw-psk-ipv4')
17 files changed, 410 insertions, 0 deletions
diff --git a/testing/tests/sql/rw-psk-ipv4/description.txt b/testing/tests/sql/rw-psk-ipv4/description.txt new file mode 100644 index 000000000..547008f74 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/description.txt @@ -0,0 +1,6 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b> +and IPv4 addresses. Upon the successful establishment of the IPsec tunnels, +automatically inserted iptables-based firewall rules let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping the +client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/sql/rw-psk-ipv4/evaltest.dat b/testing/tests/sql/rw-psk-ipv4/evaltest.dat new file mode 100644 index 000000000..06a0f8cda --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/evaltest.dat @@ -0,0 +1,10 @@ +moon::ipsec statusall::rw.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES + diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..3bc29625f --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.conf @@ -0,0 +1,8 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +# configuration is read from SQLite database diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.d/data.sql new file mode 100644 index 000000000..a5ff52d65 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.d/data.sql @@ -0,0 +1,84 @@ +/* Identities */ + +INSERT INTO identities ( + type, data +) VALUES ( /* 192.168.0.1 */ + 1 , X'c0a80001' + ); + +INSERT INTO identities ( + type, data +) VALUES ( /* 192.168.0.100 */ + 1 , X'c0a80064' + ); + +/* Shared Secrets */ + +INSERT INTO shared_secrets ( + type, data +) VALUES ( + 1, X'16964066a10de938bdb2ab7864fe4459cab1' +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 1, 1 +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 1, 2 +); + +/* Configurations */ + +INSERT INTO ike_configs ( + local, remote +) VALUES ( + 'PH_IP_CAROL', 'PH_IP_MOON' +); + +INSERT INTO peer_configs ( + name, ike_cfg, local_id, remote_id, auth_method +) VALUES ( + 'home', 1, 2, 1, 2 +); + +INSERT INTO child_configs ( + name, updown +) VALUES ( + 'home', 'ipsec _updown iptables' +); + +INSERT INTO peer_config_child_config ( + peer_cfg, child_cfg +) VALUES ( + 1, 1 +); + +INSERT INTO traffic_selectors ( + type, start_addr, end_addr +) VALUES ( /* 10.1.0.0/16 */ + 7, X'0a010000', X'0a01ffff' +); + +INSERT INTO traffic_selectors ( + type +) VALUES ( /* dynamic/32 */ + 7 +); + +INSERT INTO child_config_traffic_selector ( + child_cfg, traffic_selector, kind +) VALUES ( + 1, 1, 1 +); + +INSERT INTO child_config_traffic_selector ( + child_cfg, traffic_selector, kind +) VALUES ( + 1, 2, 2 +); + diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..76bb21bea --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +# secrets are read from SQLite database diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..1a4ac234e --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + plugins { + sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } + load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke sqlite sql +} diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..3bc29625f --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.conf @@ -0,0 +1,8 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +# configuration is read from SQLite database diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.d/data.sql new file mode 100644 index 000000000..ac39472f3 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.d/data.sql @@ -0,0 +1,84 @@ +/* Identities */ + +INSERT INTO identities ( + type, data +) VALUES ( /* 192.168.0.1 */ + 1 , X'c0a80001' + ); + +INSERT INTO identities ( + type, data +) VALUES ( /* 192.168.0.200 */ + 1 , X'c0a800c8' + ); + +/* Shared Secrets */ + +INSERT INTO shared_secrets ( + type, data +) VALUES ( + 1, X'8d5cce342174da772c8224a59885deaa118d' +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 1, 1 +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 1, 2 +); + +/* Configurations */ + +INSERT INTO ike_configs ( + local, remote +) VALUES ( + 'PH_IP_DAVE', 'PH_IP_MOON' +); + +INSERT INTO peer_configs ( + name, ike_cfg, local_id, remote_id, auth_method +) VALUES ( + 'home', 1, 2, 1, 2 +); + +INSERT INTO child_configs ( + name, updown +) VALUES ( + 'home', 'ipsec _updown iptables' +); + +INSERT INTO peer_config_child_config ( + peer_cfg, child_cfg +) VALUES ( + 1, 1 +); + +INSERT INTO traffic_selectors ( + type, start_addr, end_addr +) VALUES ( /* 10.1.0.0/16 */ + 7, X'0a010000', X'0a01ffff' +); + +INSERT INTO traffic_selectors ( + type +) VALUES ( /* dynamic/32 */ + 7 +); + +INSERT INTO child_config_traffic_selector ( + child_cfg, traffic_selector, kind +) VALUES ( + 1, 1, 1 +); + +INSERT INTO child_config_traffic_selector ( + child_cfg, traffic_selector, kind +) VALUES ( + 1, 2, 2 +); + diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..76bb21bea --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +# secrets are read from SQLite database diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..1a4ac234e --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + plugins { + sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } + load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke sqlite sql +} diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..3bc29625f --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.conf @@ -0,0 +1,8 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +# configuration is read from SQLite database diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.d/data.sql new file mode 100644 index 000000000..231b84cb9 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.d/data.sql @@ -0,0 +1,114 @@ +/* Identities */ + +INSERT INTO identities ( + type, data +) VALUES ( /* 192.168.0.1 */ + 1 , X'c0a80001' + ); + +INSERT INTO identities ( + type, data +) VALUES ( /* 192.168.0.100 */ + 1 , X'c0a80064' + ); + +INSERT INTO identities ( + type, data +) VALUES ( /* 192.168.0.200 */ + 1 , X'c0a800c8' + ); + +INSERT INTO identities ( + type, data +) VALUES ( /* %any */ + 0, '%any' +); + +/* Shared Secrets */ + +INSERT INTO shared_secrets ( + type, data +) VALUES ( + 1, X'16964066a10de938bdb2ab7864fe4459cab1' +); + +INSERT INTO shared_secrets ( + type, data +) VALUES ( + 1, X'8d5cce342174da772c8224a59885deaa118d' +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 1, 1 +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 1, 2 +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 2, 1 +); + +INSERT INTO shared_secret_identity ( + shared_secret, identity +) VALUES ( + 2, 3 +); + +/* Configurations */ + +INSERT INTO ike_configs ( + local, remote +) VALUES ( + 'PH_IP_MOON', '0.0.0.0' +); + +INSERT INTO peer_configs ( + name, ike_cfg, local_id, remote_id, auth_method +) VALUES ( + 'rw', 1, 1, 4, 2 +); + +INSERT INTO child_configs ( + name, updown +) VALUES ( + 'rw', 'ipsec _updown iptables' +); + +INSERT INTO peer_config_child_config ( + peer_cfg, child_cfg +) VALUES ( + 1, 1 +); + +INSERT INTO traffic_selectors ( + type, start_addr, end_addr +) VALUES ( /* 10.1.0.0/16 */ + 7, X'0a010000', X'0a01ffff' +); + +INSERT INTO traffic_selectors ( + type +) VALUES ( /* dynamic/32 */ + 7 +); + +INSERT INTO child_config_traffic_selector ( + child_cfg, traffic_selector, kind +) VALUES ( + 1, 1, 0 +); + +INSERT INTO child_config_traffic_selector ( + child_cfg, traffic_selector, kind +) VALUES ( + 1, 2, 3 +); + diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..76bb21bea --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +# secrets are read from SQLite database diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..1a4ac234e --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + plugins { + sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } + load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke sqlite sql +} diff --git a/testing/tests/sql/rw-psk-ipv4/posttest.dat b/testing/tests/sql/rw-psk-ipv4/posttest.dat new file mode 100644 index 000000000..d4d57ad83 --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/posttest.dat @@ -0,0 +1,10 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +moon::rm /etc/ipsec.d/ipsec.* +carol::rm /etc/ipsec.d/ipsec.* +dave::rm /etc/ipsec.d/ipsec.* +~ diff --git a/testing/tests/sql/rw-psk-ipv4/pretest.dat b/testing/tests/sql/rw-psk-ipv4/pretest.dat new file mode 100644 index 000000000..76316f33d --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/pretest.dat @@ -0,0 +1,18 @@ +moon::rm /etc/ipsec.d/cacerts/* +carol::rm /etc/ipsec.d/cacerts/* +dave::rm /etc/ipsec.d/cacerts/* +moon::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql +carol::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql +dave::cat /etc/ipsec.d/tables.sql /etc/ipsec.d/data.sql > /etc/ipsec.d/ipsec.sql +moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +carol::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +dave::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home diff --git a/testing/tests/sql/rw-psk-ipv4/test.conf b/testing/tests/sql/rw-psk-ipv4/test.conf new file mode 100644 index 000000000..70416826e --- /dev/null +++ b/testing/tests/sql/rw-psk-ipv4/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" |