diff options
Diffstat (limited to 'testing/tests/tnc')
16 files changed, 25 insertions, 25 deletions
diff --git a/testing/tests/tnc/tnccs-11-fhh/pretest.dat b/testing/tests/tnc/tnccs-11-fhh/pretest.dat index 997c70a8e..8fab1fb6c 100644 --- a/testing/tests/tnc/tnccs-11-fhh/pretest.dat +++ b/testing/tests/tnc/tnccs-11-fhh/pretest.dat @@ -6,9 +6,9 @@ carol::cat /etc/tnc_config dave::cat /etc/tnc_config carol::cat /etc/tnc/dummyimc.file dave::cat /etc/tnc/dummyimc.file -moon::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start -carol::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start -dave::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start +moon::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start +carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start +dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start carol::sleep 1 carol::ipsec up home dave::ipsec up home diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat index c8f2139a8..96163aa36 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat @@ -6,8 +6,8 @@ alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd moon::ipsec start -carol::LEAK_DETECTIVE_DISABLE=1 ipsec start -dave::LEAK_DETECTIVE_DISABLE=1 ipsec start +carol::ipsec start +dave::ipsec start carol::sleep 1 carol::ipsec up home dave::ipsec up home diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat index 8f79c776a..71dff71b7 100644 --- a/testing/tests/tnc/tnccs-11-radius/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius/pretest.dat @@ -8,8 +8,8 @@ alice::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config moon::ipsec start -carol::LEAK_DETECTIVE_DISABLE=1 ipsec start -dave::LEAK_DETECTIVE_DISABLE=1 ipsec start +carol::ipsec start +dave::ipsec start carol::sleep 1 carol::ipsec up home dave::ipsec up home diff --git a/testing/tests/tnc/tnccs-11/pretest.dat b/testing/tests/tnc/tnccs-11/pretest.dat index 7bfcf0d07..cac1cfafc 100644 --- a/testing/tests/tnc/tnccs-11/pretest.dat +++ b/testing/tests/tnc/tnccs-11/pretest.dat @@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules moon::cat /etc/tnc_config carol::cat /etc/tnc_config dave::cat /etc/tnc_config -moon::LEAK_DETECTIVE_DISABLE=1 ipsec start -carol::LEAK_DETECTIVE_DISABLE=1 ipsec start -dave::LEAK_DETECTIVE_DISABLE=1 ipsec start +moon::ipsec start +carol::ipsec start +dave::ipsec start carol::sleep 1 carol::ipsec up home dave::ipsec up home diff --git a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp/evaltest.dat index e969774c5..f028ec609 100644 --- a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp/evaltest.dat @@ -7,9 +7,11 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::Y dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES -moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::RADIUS authentication of 'carol' successful::YES +moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES -moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES +moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES moon:: ipsec statusall 2>/dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2>/dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets index 96b9a8dd5..11d45cd14 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets @@ -2,5 +2,5 @@ : RSA aaaKey.pem -carol@strongswan.org : EAP "Ar3etTnp" -dave@strongswan.org : EAP "W7R0g3do" +carol : EAP "Ar3etTnp" +dave : EAP "W7R0g3do" diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf index e9152e0d8..59563730b 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf @@ -12,12 +12,12 @@ conn %default conn home left=PH_IP_CAROL - leftid=carol@strongswan.org leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 rightauth=pubkey + eap_identity=carol aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" auto=add diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets index 74942afda..23d79cf2e 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -carol@strongswan.org : EAP "Ar3etTnp" +carol : EAP "Ar3etTnp" diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf index 25589bcf1..8c27c78d2 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf @@ -12,12 +12,12 @@ conn %default conn home left=PH_IP_DAVE - leftid=dave@strongswan.org leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 rightauth=pubkey + eap_identity=dave aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" auto=add diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets index 5496df7ad..02e0c9963 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -dave@strongswan.org : EAP "W7R0g3do" +dave : EAP "W7R0g3do" diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf index 294964fe7..02ada5665 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf @@ -28,6 +28,6 @@ conn rw-eap leftauth=pubkey leftfirewall=yes rightauth=eap-radius - rightid=*@strongswan.org rightsendcert=never right=%any + eap_identity=%any diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf index 15655daf2..d32951866 100644 --- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown multiple_authentication=no plugins { eap-radius { diff --git a/testing/tests/tnc/tnccs-20-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-tls/evaltest.dat index bac7294b2..40d5e24d5 100644 --- a/testing/tests/tnc/tnccs-20-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-tls/evaltest.dat @@ -7,9 +7,9 @@ dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established:: dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES -moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES -moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf index e9b78bc01..eece9f294 100644 --- a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf @@ -13,7 +13,6 @@ conn %default conn home left=PH_IP_CAROL leftcert=carolCert.pem - leftid=carol@strongswan.org leftauth=eap leftfirewall=yes right=PH_IP_MOON diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf index 75d84e25a..362042656 100644 --- a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf @@ -13,7 +13,6 @@ conn %default conn home left=PH_IP_DAVE leftcert=daveCert.pem - leftid=dave@strongswan.org leftauth=eap leftfirewall=yes right=PH_IP_MOON diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf index 2ffc7e9ae..0ec930286 100644 --- a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf @@ -29,6 +29,6 @@ conn rw-eap leftauth=eap-ttls leftfirewall=yes rightauth=eap-ttls - rightid=*@strongswan.org + rightid="C=CH, O=Linux strongSwan, OU=*, CN=*" rightsendcert=never right=%any |