diff options
Diffstat (limited to 'testing/tests/tnc/tnccs-dynamic')
| -rw-r--r-- | testing/tests/tnc/tnccs-dynamic/evaltest.dat | 40 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf | 2 | ||||
| -rw-r--r-- | testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf | 2 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf | 2 | ||||
| -rw-r--r-- | testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf | 2 | ||||
| -rw-r--r--[-rwxr-xr-x] | testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf | 2 | ||||
| -rw-r--r-- | testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf | 2 |
7 files changed, 25 insertions, 27 deletions
diff --git a/testing/tests/tnc/tnccs-dynamic/evaltest.dat b/testing/tests/tnc/tnccs-dynamic/evaltest.dat index 5cc395ef8..69baaf592 100644 --- a/testing/tests/tnc/tnccs-dynamic/evaltest.dat +++ b/testing/tests/tnc/tnccs-dynamic/evaltest.dat @@ -2,26 +2,26 @@ carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES -dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES -dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES -moon::cat /var/log/daemon.log::TNCCS 1.1 protocol detected dynamically::YES -moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 1::YES -moon::cat /var/log/daemon.log::final recommendation is 'allow' and evaluation is 'compliant'::YES -moon::cat /var/log/daemon.log::added group membership 'allow'::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::removed TNCCS Connection ID 1::YES -moon::cat /var/log/daemon.log::TNCCS 2.0 protocol detected dynamically::YES -moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 2::YES -moon::cat /var/log/daemon.log::final recommendation is 'isolate' and evaluation is 'non-compliant minor'::YES -moon::cat /var/log/daemon.log::added group membership 'isolate'::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::removed TNCCS Connection ID 2::YES -moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES -moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES +dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES +moon:: cat /var/log/daemon.log::TNCCS 1.1 protocol detected dynamically::YES +moon:: cat /var/log/daemon.log::assigned TNCCS Connection ID 1::YES +moon:: cat /var/log/daemon.log::final recommendation is 'allow' and evaluation is 'compliant'::YES +moon:: cat /var/log/daemon.log::added group membership 'allow'::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::removed TNCCS Connection ID 1::YES +moon:: cat /var/log/daemon.log::TNCCS 2.0 protocol detected dynamically::YES +moon:: cat /var/log/daemon.log::assigned TNCCS Connection ID 2::YES +moon:: cat /var/log/daemon.log::final recommendation is 'isolate' and evaluation is 'non-compliant minor'::YES +moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::removed TNCCS Connection ID 2::YES +moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES +moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf index 105fcbec6..e2bf349d9 100755..100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutostart=no charondebug="tnc 3, imc 3" conn %default @@ -18,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=any rightsendcert=never rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf index 286eab61d..e6f5ad365 100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown multiple_authentication=no plugins { eap-tnc { diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf index 97f322c28..77446cbae 100755..100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutostart=no charondebug="tnc 3, imc 3" conn %default @@ -18,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=any rightsendcert=never rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf index a9564bd38..2918c8a86 100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown multiple_authentication=no plugins { eap-tnc { diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf index 997db0df7..e21ef0d14 100755..100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no - plutostart=no charondebug="tnc 3, imv 3" conn %default diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf index ca5fdd041..3fc6c3a4b 100644 --- a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown multiple_authentication=no plugins { eap-ttls { |