diff options
Diffstat (limited to 'testing/tests/tnc/tnccs-11-radius/hosts')
18 files changed, 0 insertions, 412 deletions
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf deleted file mode 100644 index 31556361e..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf +++ /dev/null @@ -1,25 +0,0 @@ -eap { - md5 { - } - default_eap_type = ttls - tls { - private_key_file = /etc/raddb/certs/aaaKey.pem - certificate_file = /etc/raddb/certs/aaaCert.pem - CA_file = /etc/raddb/certs/strongswanCert.pem - cipher_list = "DEFAULT" - dh_file = /etc/raddb/certs/dh - random_file = /etc/raddb/certs/random - } - ttls { - default_eap_type = md5 - use_tunneled_reply = yes - virtual_server = "inner-tunnel" - tnc_virtual_server = "inner-tunnel-second" - } -} - -eap eap_tnc { - default_eap_type = tnc - tnc { - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf deleted file mode 100644 index 23cba8d11..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf +++ /dev/null @@ -1,5 +0,0 @@ -realm strongswan.org { - type = radius - authhost = LOCAL - accthost = LOCAL -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default deleted file mode 100644 index dd0825858..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default +++ /dev/null @@ -1,43 +0,0 @@ -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -preacct { - preprocess - acct_unique - suffix - files -} - -accounting { - detail - unix - radutmp - attr_filter.accounting_response -} - -session { - radutmp -} - -post-auth { - exec - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel deleted file mode 100644 index e088fae14..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel +++ /dev/null @@ -1,32 +0,0 @@ -server inner-tunnel { - -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -session { - radutmp -} - -post-auth { - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} - -} # inner-tunnel server block diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second deleted file mode 100644 index c5bde6a9e..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second +++ /dev/null @@ -1,36 +0,0 @@ -server inner-tunnel-second { - -authorize { - eap_tnc { - ok = return - } -} - -authenticate { - eap_tnc -} - -session { - radutmp -} - -post-auth { - if (control:TNC-Status == "Access") { - update reply { - Tunnel-Type := ESP - Filter-Id := "allow" - } - } - elsif (control:TNC-Status == "Isolate") { - update reply { - Tunnel-Type := ESP - Filter-Id := "isolate" - } - } - - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -} # inner-tunnel-second block diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users deleted file mode 100644 index 50ccf3e76..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users +++ /dev/null @@ -1,2 +0,0 @@ -carol Cleartext-Password := "Ar3etTnp" -dave Cleartext-Password := "W7R0g3do" diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 7622801ab..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -libimcv { - load = random nonce sha1 sha2 md5 gmp pubkey x509 - debug_level = 3 - assessment_result = no - plugins { - imv-test { - rounds = 1 - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties deleted file mode 100644 index 2bdc6e4de..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties +++ /dev/null @@ -1,15 +0,0 @@ -# Set root logger level to DEBUG and its appenders to A1 and A2. -log4j.rootLogger=DEBUG, A1, A2 - -# A1 is set to be a ConsoleAppender. -log4j.appender.A1=org.apache.log4j.ConsoleAppender -log4j.appender.A1.layout=org.apache.log4j.PatternLayout -log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n - -# A2 is set to be a SyslogAppender -log4j.appender.A2=org.apache.log4j.net.SyslogAppender -log4j.appender.A2.Facility=DAEMON -log4j.appender.A2.SyslogHost=localhost -log4j.appender.A2.Threshold=DEBUG -log4j.appender.A2.layout=org.apache.log4j.PatternLayout -log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config deleted file mode 100644 index da732f68b..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMV configuration file for strongSwan client - -IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so -IMV "Scanner" /usr/local/lib/ipsec/imcvs/imv-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 1ca6c3d10..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,30 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libimcv { - plugins { - imc-test { - command = allow - } - } -} -libtls { - suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/swanctl/swanctl.conf deleted file mode 100644 index ff58c7c9a..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.100 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = carol@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = carol@strongswan.org - secret = "Ar3etTnp" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config deleted file mode 100644 index 6166552f5..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf deleted file mode 100644 index 9df983c80..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,30 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown - - multiple_authentication=no - - syslog { - daemon { - tnc = 3 - imc = 3 - } - } - plugins { - eap-tnc { - protocol = tnccs-1.1 - } - } -} - -libimcv { - plugins { - imc-test { - command = isolate - } - imc-scanner { - push_info = no - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/swanctl/swanctl.conf deleted file mode 100644 index 5af2098b6..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -connections { - - home { - local_addrs = 192.168.0.200 - remote_addrs = 192.168.0.1 - - local { - auth = eap - aaa_id = aaa.strongswan.org - id = dave@strongswan.org - } - remote { - auth = pubkey - id = moon.strongswan.org - } - children { - home { - remote_ts = 10.1.0.0/16 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - proposals = aes128-sha256-modp3072 - } -} - -secrets { - - eap { - id = dave@strongswan.org - secret = "W7R0g3do" - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config deleted file mode 100644 index 6166552f5..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config +++ /dev/null @@ -1,4 +0,0 @@ -#IMC configuration file for strongSwan client - -IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so -IMC "Scanner" /usr/local/lib/ipsec/imcvs/imc-scanner.so diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/iptables.rules deleted file mode 100644 index 1eb755354..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -# allow RADIUS protocol with alice --A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT --A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 4c9dd6e1f..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,15 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-radius updown - - multiple_authentication=no - - plugins { - eap-radius { - secret = gv6URkSs - server = 10.1.0.10 - filter_id = yes - } - } -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/swanctl/swanctl.conf deleted file mode 100644 index 3caad0c66..000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/swanctl/swanctl.conf +++ /dev/null @@ -1,53 +0,0 @@ -connections { - - rw-allow { - local_addrs = 192.168.0.1 - - local { - auth = pubkey - id = moon.strongswan.org - certs = moonCert.pem - } - remote { - auth = eap-radius - id = *@strongswan.org - groups = allow - } - children { - rw-allow { - local_ts = 10.1.0.0/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } - - rw-isolate { - local_addrs = 192.168.0.1 - - local { - auth = pubkey - id = moon.strongswan.org - } - remote { - auth = eap-radius - id = *@strongswan.org - groups = isolate - } - children { - rw-isolate { - local_ts = 10.1.0.16/28 - - updown = /usr/local/libexec/ipsec/_updown iptables - esp_proposals = aes128gcm16-modp3072 - } - } - version = 2 - send_certreq = no - proposals = aes128-sha256-modp3072 - } -} |