diff options
Diffstat (limited to 'testing/tests/tnc/tnccs-20-pdp-pt-tls')
5 files changed, 37 insertions, 34 deletions
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf new file mode 100644 index 000000000..4075f75bd --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf @@ -0,0 +1,31 @@ +WSGIPythonPath /var/www/tnc + +<VirtualHost *:80> + ServerName tnc.strongswan.org + ServerAlias tnc + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/tnc + + <Directory /var/www/tnc/config> + <Files wsgi.py> + <IfModule mod_authz_core.c> + Require all granted + </IfModule> + <IfModule !mod_authz_core.c> + Order deny,allow + Allow from all + </IfModule> + </Files> + </Directory> + + WSGIScriptAlias / /var/www/tnc/config/wsgi.py + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + Alias /static/ /var/www/tnc/static/ + + ErrorLog ${APACHE_LOG_DIR}/tnc/error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined +</VirtualHost> diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default index 626000612..1dc8b5688 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/apache2/sites-available/default @@ -1,26 +1 @@ -WSGIPythonPath /var/www/tnc - -<VirtualHost *:80> - ServerName tnc.strongswan.org - ServerAlias tnc - ServerAdmin webmaster@localhost - - DocumentRoot /var/www/tnc - - <Directory /var/www/tnc/config> - <Files wsgi.py> - Order deny,allow - Allow from all - </Files> - </Directory> - - WSGIScriptAlias / /var/www/tnc/config/wsgi.py - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - - Alias /static/ /var/www/tnc/static/ - - ErrorLog ${APACHE_LOG_DIR}/tnc/error.log - LogLevel warn - CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined -</VirtualHost> +Include sites-available/000-default.conf
\ No newline at end of file diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules index 48b1cf5a6..c556d9483 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/iptables.rules @@ -9,7 +9,7 @@ -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -# allow PT-TLS +# allow PT-TLS -A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT -A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT @@ -18,7 +18,7 @@ -A OUTPUT -p tcp --sport 22 -j ACCEPT # allow outbound ssh --A OUTPU -p tcp --dport 22 -j ACCEPT +-A OUTPUT -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp --sport 22 -j ACCEPT # allow crl fetch from winnetou diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf index d1cb6c9e2..b08a85bb4 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf @@ -3,9 +3,6 @@ charon { load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - } syslog { auth { default = 0 @@ -32,7 +29,7 @@ libtls { libimcv { database = sqlite:///etc/db.d/config.db - policy_script = ipsec imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager plugins { imv-swid { diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat index ea93b2d2b..860a6c342 100644 --- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat +++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat @@ -13,9 +13,9 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db alice::/var/www/tnc/manage.py setpassword strongSwan strongSwan alice::rm /etc/swanctl/x509/aliceCert.pem alice::rm /etc/swanctl/rsa/aliceKey.pem -alice::service apache2 start alice::service charon start -alice::expect-connection aaa +alice::service apache2 start +alice::swanctl --load-creds winnetou::ip route add 10.1.0.0/16 via 192.168.0.1 dave::ip route add 10.1.0.0/16 via 192.168.0.1 dave::cat /etc/pts/options |