diff options
Diffstat (limited to 'testing/tests/xauth-rsa-fail')
| -rw-r--r-- | testing/tests/xauth-rsa-fail/description.txt | 5 | ||||
| -rw-r--r-- | testing/tests/xauth-rsa-fail/evaltest.dat | 4 | ||||
| -rwxr-xr-x | testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.conf | 24 | ||||
| -rw-r--r-- | testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets | 5 | ||||
| -rwxr-xr-x | testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.conf | 24 | ||||
| -rw-r--r-- | testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets | 5 | ||||
| -rw-r--r-- | testing/tests/xauth-rsa-fail/posttest.dat | 2 | ||||
| -rw-r--r-- | testing/tests/xauth-rsa-fail/pretest.dat | 4 | ||||
| -rw-r--r-- | testing/tests/xauth-rsa-fail/test.conf | 21 |
9 files changed, 94 insertions, 0 deletions
diff --git a/testing/tests/xauth-rsa-fail/description.txt b/testing/tests/xauth-rsa-fail/description.txt new file mode 100644 index 000000000..83e9d2726 --- /dev/null +++ b/testing/tests/xauth-rsa-fail/description.txt @@ -0,0 +1,5 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 +certificates followed by extended authentication (<b>XAUTH</b>) based +on user name and password. Because user <b>carol</b> presents a wrong +XAUTH password the IKE negotation is aborted and the ISAKMP SA is deleted. diff --git a/testing/tests/xauth-rsa-fail/evaltest.dat b/testing/tests/xauth-rsa-fail/evaltest.dat new file mode 100644 index 000000000..0bcef388d --- /dev/null +++ b/testing/tests/xauth-rsa-fail/evaltest.dat @@ -0,0 +1,4 @@ +carol::cat /var/log/auth.log::extended authentication failed::YES +moon::cat /var/log/auth.log::extended authentication failed::YES +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::NO diff --git a/testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.conf b/testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..bfee72421 --- /dev/null +++ b/testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + authby=xauthrsasig + +conn home + left=PH_IP_CAROL + leftnexthop=%direct + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets b/testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..24506be09 --- /dev/null +++ b/testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,5 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA carolKey.pem "nH5ZQEWtku0RJEZ6" + +: XAUTH carol "4iChxLT8" diff --git a/testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.conf b/testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..f7cf06fae --- /dev/null +++ b/testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + authby=xauthrsasig + xauth=server + +conn rw + left=PH_IP_MOON + leftnexthop=%direct + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=%any + auto=add diff --git a/testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..a18e885f8 --- /dev/null +++ b/testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,5 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem + +: XAUTH carol "4iChxLT3" diff --git a/testing/tests/xauth-rsa-fail/posttest.dat b/testing/tests/xauth-rsa-fail/posttest.dat new file mode 100644 index 000000000..c6d6235f9 --- /dev/null +++ b/testing/tests/xauth-rsa-fail/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +carol::ipsec stop diff --git a/testing/tests/xauth-rsa-fail/pretest.dat b/testing/tests/xauth-rsa-fail/pretest.dat new file mode 100644 index 000000000..1b8fc3b79 --- /dev/null +++ b/testing/tests/xauth-rsa-fail/pretest.dat @@ -0,0 +1,4 @@ +carol::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home diff --git a/testing/tests/xauth-rsa-fail/test.conf b/testing/tests/xauth-rsa-fail/test.conf new file mode 100644 index 000000000..5442565f8 --- /dev/null +++ b/testing/tests/xauth-rsa-fail/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" |