summaryrefslogtreecommitdiff
path: root/testing/tests
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests')
-rw-r--r--testing/tests/af-alg/alg-camellia/description.txt6
-rw-r--r--testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/af-alg/alg-camellia/posttest.dat4
-rw-r--r--testing/tests/af-alg/alg-camellia/pretest.dat4
-rw-r--r--testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf12
-rw-r--r--testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf12
-rw-r--r--testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf12
-rw-r--r--testing/tests/af-alg/rw-cert/posttest.dat6
-rw-r--r--testing/tests/af-alg/rw-cert/pretest.dat6
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/description.txt6
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat4
-rw-r--r--testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat10
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/description.txt6
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat4
-rw-r--r--testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat8
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/description.txt7
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat10
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf22
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf21
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf25
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat5
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat8
-rw-r--r--testing/tests/gcrypt-ikev2/alg-camellia/test.conf4
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/description.txt8
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat12
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf22
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf22
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf21
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf25
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/posttest.dat8
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/pretest.dat14
-rw-r--r--testing/tests/gcrypt-ikev2/rw-cert/test.conf4
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf7
-rw-r--r--testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf5
-rw-r--r--testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf3
-rw-r--r--testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/host2host-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt4
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt4
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat13
-rw-r--r--testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev1/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/pretest.dat17
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/pretest.dat17
-rw-r--r--testing/tests/ipv6-stroke/rw-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt10
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/posttest.dat (renamed from testing/tests/libipsec/rw-suite-b/posttest.dat)4
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/pretest.dat (renamed from testing/tests/libipsec/rw-suite-b/pretest.dat)6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt10
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules20
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat10
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat20
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt7
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat15
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets (renamed from testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets)0
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat12
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat20
-rw-r--r--testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat9
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev1/test.conf25
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/description.txt5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat10
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/ipsec.conf (renamed from testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf)0
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf5
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/pretest.dat9
-rw-r--r--testing/tests/ipv6-stroke/transport-ikev2/test.conf25
-rw-r--r--testing/tests/ipv6/host2host-ikev1/description.txt11
-rw-r--r--testing/tests/ipv6/host2host-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/host2host-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/host2host-ikev1/pretest.dat9
-rw-r--r--testing/tests/ipv6/host2host-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/host2host-ikev2/description.txt11
-rw-r--r--testing/tests/ipv6/host2host-ikev2/evaltest.dat8
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/host2host-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/host2host-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/host2host-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ikev1/description.txt13
-rw-r--r--testing/tests/ipv6/net2net-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ikev1/pretest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ikev2/description.txt13
-rw-r--r--testing/tests/ipv6/net2net-ikev2/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf10
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt14
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf11
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt14
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf11
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt23
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat6
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf31
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf31
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/rsa/sunKey.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf36
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509/sunCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf6
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/evaltest.dat8
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf25
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/rw-compress-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ikev1/description.txt4
-rw-r--r--testing/tests/ipv6/rw-ikev1/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ikev1/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ikev2/description.txt4
-rw-r--r--testing/tests/ipv6/rw-ikev2/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ikev2/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt18
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt18
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf28
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/description.txt10
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/evaltest.dat13
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf37
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/pretest.dat16
-rw-r--r--testing/tests/ipv6/rw-psk-ikev1/test.conf4
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/description.txt10
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/evaltest.dat12
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf37
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/pretest.dat16
-rw-r--r--testing/tests/ipv6/rw-psk-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat13
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf26
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem)0
-rwxr-xr-xtesting/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf26
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem)0
-rwxr-xr-xtesting/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf25
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem)0
-rwxr-xr-xtesting/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf32
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem (renamed from testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem)0
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat6
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat10
-rw-r--r--testing/tests/ipv6/rw-rfc3779-ikev2/test.conf4
-rw-r--r--testing/tests/ipv6/transport-ikev1/description.txt11
-rw-r--r--testing/tests/ipv6/transport-ikev1/evaltest.dat6
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf8
-rw-r--r--testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf33
-rw-r--r--testing/tests/ipv6/transport-ikev1/posttest.dat4
-rw-r--r--testing/tests/ipv6/transport-ikev1/pretest.dat6
-rw-r--r--testing/tests/ipv6/transport-ikev1/test.conf6
-rw-r--r--testing/tests/ipv6/transport-ikev2/description.txt11
-rw-r--r--testing/tests/ipv6/transport-ikev2/evaltest.dat7
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf9
-rw-r--r--testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf34
-rw-r--r--testing/tests/ipv6/transport-ikev2/posttest.dat4
-rw-r--r--testing/tests/ipv6/transport-ikev2/pretest.dat6
-rw-r--r--testing/tests/ipv6/transport-ikev2/test.conf6
-rw-r--r--testing/tests/libipsec/host2host-cert/evaltest.dat6
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf19
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf26
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf19
-rw-r--r--testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf26
-rw-r--r--testing/tests/libipsec/host2host-cert/posttest.dat5
-rw-r--r--testing/tests/libipsec/host2host-cert/pretest.dat6
-rw-r--r--testing/tests/libipsec/host2host-cert/test.conf4
-rw-r--r--testing/tests/libipsec/net2net-3des/evaltest.dat10
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-3des/posttest.dat5
-rw-r--r--testing/tests/libipsec/net2net-3des/pretest.dat10
-rw-r--r--testing/tests/libipsec/net2net-3des/test.conf4
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/description.txt14
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat5
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf29
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/updown (renamed from testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown)53
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf29
-rwxr-xr-xtesting/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/updown (renamed from testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown)53
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/posttest.dat9
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/pretest.dat11
-rw-r--r--testing/tests/libipsec/net2net-cert-ipv6/test.conf25
-rw-r--r--testing/tests/libipsec/net2net-cert/evaltest.dat6
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf22
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf22
-rw-r--r--testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-cert/posttest.dat5
-rw-r--r--testing/tests/libipsec/net2net-cert/pretest.dat10
-rw-r--r--testing/tests/libipsec/net2net-cert/test.conf4
-rw-r--r--testing/tests/libipsec/net2net-null/evaltest.dat10
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf8
-rwxr-xr-xtesting/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-null/posttest.dat5
-rw-r--r--testing/tests/libipsec/net2net-null/pretest.dat10
-rw-r--r--testing/tests/libipsec/net2net-null/test.conf4
-rw-r--r--testing/tests/libipsec/rw-suite-b/description.txt10
-rw-r--r--testing/tests/libipsec/rw-suite-b/evaltest.dat19
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf23
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem17
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem15
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem5
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf23
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem17
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem15
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem5
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets3
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush21
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules32
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf13
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf23
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem17
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem15
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem5
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/libipsec/rw-suite-b/hosts/moon/etc/updown638
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf3
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf5
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf3
-rw-r--r--testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf5
-rw-r--r--testing/tests/sql/ip-pool-db-expired/evaltest.dat4
-rw-r--r--testing/tests/sql/ip-pool-db-expired/posttest.dat6
-rw-r--r--testing/tests/sql/ip-pool-db-expired/pretest.dat9
-rw-r--r--testing/tests/sql/ip-pool-db-restart/posttest.dat6
-rw-r--r--testing/tests/sql/ip-pool-db-restart/pretest.dat9
-rw-r--r--testing/tests/sql/ip-pool-db/posttest.dat6
-rw-r--r--testing/tests/sql/ip-pool-db/pretest.dat9
-rw-r--r--testing/tests/sql/ip-split-pools-db-restart/posttest.dat6
-rw-r--r--testing/tests/sql/ip-split-pools-db-restart/pretest.dat9
-rw-r--r--testing/tests/sql/ip-split-pools-db/posttest.dat6
-rw-r--r--testing/tests/sql/ip-split-pools-db/pretest.dat9
-rw-r--r--testing/tests/sql/multi-level-ca/posttest.dat6
-rw-r--r--testing/tests/sql/multi-level-ca/pretest.dat9
-rw-r--r--testing/tests/sql/net2net-cert/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-cert/pretest.dat8
-rw-r--r--testing/tests/sql/net2net-psk/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-psk/pretest.dat8
-rw-r--r--testing/tests/sql/net2net-route-pem/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-route-pem/pretest.dat6
-rw-r--r--testing/tests/sql/net2net-start-pem/posttest.dat4
-rw-r--r--testing/tests/sql/net2net-start-pem/pretest.dat8
-rw-r--r--testing/tests/sql/rw-cert/posttest.dat6
-rw-r--r--testing/tests/sql/rw-cert/pretest.dat9
-rw-r--r--testing/tests/sql/rw-eap-aka-rsa/posttest.dat4
-rw-r--r--testing/tests/sql/rw-eap-aka-rsa/pretest.dat6
-rw-r--r--testing/tests/sql/rw-psk-ipv4/posttest.dat6
-rw-r--r--testing/tests/sql/rw-psk-ipv4/pretest.dat9
-rw-r--r--testing/tests/sql/rw-psk-ipv6/posttest.dat6
-rw-r--r--testing/tests/sql/rw-psk-ipv6/pretest.dat9
-rw-r--r--testing/tests/sql/rw-psk-rsa-split/posttest.dat6
-rw-r--r--testing/tests/sql/rw-psk-rsa-split/pretest.dat9
-rw-r--r--testing/tests/sql/rw-rsa-keyid/posttest.dat6
-rw-r--r--testing/tests/sql/rw-rsa-keyid/pretest.dat9
-rw-r--r--testing/tests/sql/rw-rsa/posttest.dat6
-rw-r--r--testing/tests/sql/rw-rsa/pretest.dat9
-rw-r--r--testing/tests/sql/shunt-policies-nat-rw/posttest.dat6
-rw-r--r--testing/tests/sql/shunt-policies-nat-rw/pretest.dat9
-rwxr-xr-xtesting/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/config-payload/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/config-payload/pretest.dat6
-rw-r--r--testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/crl-to-cache/posttest.dat4
-rw-r--r--testing/tests/swanctl/crl-to-cache/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/dhcp-dynamic/posttest.dat6
-rw-r--r--testing/tests/swanctl/dhcp-dynamic/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf12
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool-db/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf12
-rwxr-xr-xtesting/tests/swanctl/ip-pool/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/ip-pool/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/manual-prio/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/manual-prio/pretest.dat6
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat6
-rw-r--r--testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat6
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/multi-level-ca/posttest.dat12
-rw-r--r--testing/tests/swanctl/multi-level-ca/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-cert/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf19
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf19
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-ed25519/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/pretest.dat6
-rw-r--r--testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/net2net-multicast/posttest.dat4
-rw-r--r--testing/tests/swanctl/net2net-multicast/pretest.dat4
-rw-r--r--testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/net2net-pubkey/posttest.dat4
-rw-r--r--testing/tests/swanctl/net2net-pubkey/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-route/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-route/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/net2net-start/posttest.dat4
-rwxr-xr-xtesting/tests/swanctl/net2net-start/pretest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf6
-rw-r--r--testing/tests/swanctl/ocsp-disabled/posttest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-disabled/pretest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/posttest.dat12
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/pretest.dat6
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/posttest.dat4
-rw-r--r--testing/tests/swanctl/ocsp-signer-cert/pretest.dat4
-rw-r--r--testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-dual/posttest.dat4
-rw-r--r--testing/tests/swanctl/protoport-dual/pretest.dat4
-rw-r--r--testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/protoport-range/posttest.dat4
-rw-r--r--testing/tests/swanctl/protoport-range/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/description.txt8
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/evaltest.dat14
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf18
-rw-r--r--testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem30
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf35
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf27
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf20
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf25
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/posttest.dat8
-rwxr-xr-xtesting/tests/swanctl/rw-cert-pss/pretest.dat11
-rwxr-xr-x[-rw-r--r--]testing/tests/swanctl/rw-cert-pss/test.conf (renamed from testing/tests/libipsec/rw-suite-b/test.conf)4
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-cert/pretest.dat6
-rw-r--r--testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-dnssec/posttest.dat6
-rw-r--r--testing/tests/swanctl/rw-dnssec/pretest.dat6
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat4
-rw-r--r--testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat4
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat4
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat4
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-hash-and-url/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf18
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf10
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-newhope-bliss/pretest.dat6
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/posttest.dat6
-rw-r--r--testing/tests/swanctl/rw-ntru-bliss/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-fqdn/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf16
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ikev1/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf7
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ipv4/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-anon/pretest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/posttest.dat6
-rwxr-xr-xtesting/tests/swanctl/rw-pubkey-keyid/pretest.dat6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf8
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat6
-rw-r--r--testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat6
-rw-r--r--testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf7
-rw-r--r--testing/tests/swanctl/xauth-rsa/posttest.dat6
-rw-r--r--testing/tests/swanctl/xauth-rsa/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-fhh/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-block/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/tnc/tnccs-11-radius/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11-radius/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-11/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-11/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-block/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-block/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-client-retry/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-fail-init/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-fail-resp/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-fhh/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf12
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf21
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf25
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat8
-rw-r--r--testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat8
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf15
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf20
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf20
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf18
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat2
-rw-r--r--testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat2
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/evaltest.dat12
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf15
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-os-pts/pretest.dat10
-rw-r--r--testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-os/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-os/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf12
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf8
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat10
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat10
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat4
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-pts/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-pts/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf13
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-server-retry/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/tnc/tnccs-20-tls/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20-tls/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-20/pretest.dat6
-rw-r--r--testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-dynamic/posttest.dat6
-rw-r--r--testing/tests/tnc/tnccs-dynamic/pretest.dat6
941 files changed, 5664 insertions, 4208 deletions
diff --git a/testing/tests/af-alg/alg-camellia/description.txt b/testing/tests/af-alg/alg-camellia/description.txt
index 87679788f..995ab4c65 100644
--- a/testing/tests/af-alg/alg-camellia/description.txt
+++ b/testing/tests/af-alg/alg-camellia/description.txt
@@ -1,3 +1,3 @@
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite <b>CAMELLIA_CBC_256 /
-HMAC_SHA2_512_256 / PRF_HMAC_SHA2_512 / MODP_3072</b> well as the ESP cipher suite <b>CAMELLIA_CBC_192 / HMAC_SHA384_192</b>.
-A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite <b>camellia256-sha512-modp3072</b>
+well as the ESP cipher suite <b>camellia192-sha384</b>. A ping from <b>carol</b> to <b>alice</b> successfully
+checks the established tunnel.
diff --git a/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
index 81a85aa06..e475be3ca 100644
--- a/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
index 81a85aa06..e475be3ca 100644
--- a/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/af-alg/alg-camellia/posttest.dat b/testing/tests/af-alg/alg-camellia/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/af-alg/alg-camellia/posttest.dat
+++ b/testing/tests/af-alg/alg-camellia/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/af-alg/alg-camellia/pretest.dat b/testing/tests/af-alg/alg-camellia/pretest.dat
index 41255bccb..dbd1738ae 100644
--- a/testing/tests/af-alg/alg-camellia/pretest.dat
+++ b/testing/tests/af-alg/alg-camellia/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection net
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
index 3610ac699..456c70df2 100644
--- a/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,13 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
index afa7afe83..b6be829f4 100644
--- a/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,13 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac xcbc ctr ccm gcm kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac xcbc ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
index 3610ac699..456c70df2 100644
--- a/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,13 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/af-alg/rw-cert/posttest.dat b/testing/tests/af-alg/rw-cert/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/af-alg/rw-cert/posttest.dat
+++ b/testing/tests/af-alg/rw-cert/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/af-alg/rw-cert/pretest.dat b/testing/tests/af-alg/rw-cert/pretest.dat
index 7652f460e..664cc9447 100644
--- a/testing/tests/af-alg/rw-cert/pretest.dat
+++ b/testing/tests/af-alg/rw-cert/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt
index 982efa5ea..28c6adb4b 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/description.txt
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>SERPENT_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
-<b>SERPENT_CBC_256 / HMAC_SHA2_512_256 </b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+<b>serpent256-sha512-modp4096</b> for the IKE protocol and <b>serpent256-sha512</b>
+for ESP packets. A ping from <b>carol</b> to <b>alice</b> successfully checks the
+established tunnel.
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
index 10c0ac6fb..b57ffec12 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
index 6c49b5e9b..22371e465 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
index 6387dff4f..e9c83e483 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/posttest.dat
@@ -1,2 +1,2 @@
-moon::service charon stop
-carol::service charon stop
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl \ No newline at end of file
diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
index 0f615f4ac..8c6a3ba30 100644
--- a/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-serpent/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-moon::expect-connection rw
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null \ No newline at end of file
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt
index e1a7403e3..bfef69b5c 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/description.txt
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/description.txt
@@ -1,4 +1,4 @@
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
-<b>TWOFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
-<b>TWOFISH_CBC_256 / HMAC_SHA2_512_256 </b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+<b>twofish256-sha512-modp4096</b> for the IKE protocol and <b>twofish256-sha512</b>
+for ESP packets. A ping from <b>carol</b> to <b>alice</b> successfully checks the
+established tunnel.
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
index 10c0ac6fb..b57ffec12 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
index 6c49b5e9b..22371e465 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
send_vendor_id = yes
}
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
index 6387dff4f..e9c83e483 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/posttest.dat
@@ -1,2 +1,2 @@
-moon::service charon stop
-carol::service charon stop
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl \ No newline at end of file
diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
index 0f615f4ac..b9e2a8eee 100644
--- a/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
+++ b/testing/tests/gcrypt-ikev1/alg-twofish/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-moon::expect-connection rw
-carol::expect-connection home
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/description.txt b/testing/tests/gcrypt-ikev2/alg-camellia/description.txt
index b3515c333..4b8eeb87e 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/description.txt
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/description.txt
@@ -1,4 +1,3 @@
-Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite <b>CAMELLIA_CBC_256 /
-HMAC_SHA2_512_256 / MODP_2048</b> by defining <b>ike=camellia256-sha256-modp2048</b> as well as
-the ESP cipher suite <b>CAMELLIA_CBC_192 / HMAC_SHA1_96</b> by defining <b>esp=camellia192-sha1</b>
-in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the IKE cipher suite
+<b>camellia256-sha512-modp3072</b> as well as the ESP cipher suite <b>camellia192-sha384</b>.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
index 562336fd4..8a2e36baa 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
@@ -1,12 +1,6 @@
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
-carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_3072::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
-carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=CAMELLIA_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=CAMELLIA_CBC encr-keysize=192 integ-alg=HMAC_SHA2_384_192.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
moon:: ip xfrm state::enc cbc(camellia)::YES
carol::ip xfrm state::enc cbc(camellia)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index f0bbfc10f..000000000
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=camellia256-sha512-modp3072!
- esp=camellia192-sha384!
-
-conn home
- left=PH_IP_CAROL
- leftfirewall=yes
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- right=PH_IP_MOON
- rightsubnet=10.1.0.0/16
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index 3c094be34..e1d5a10dc 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..acba9cecb
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = camellia192-sha384
+ }
+ }
+ version = 2
+ proposals = camellia256-sha512-modp3072
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 8481f8974..000000000
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=camellia256-sha512-modp3072!
- esp=camellia192-sha384!
-
-conn rw
- left=PH_IP_MOON
- leftfirewall=yes
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- right=%any
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index 3c094be34..e1d5a10dc 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl pem pkcs1 gcrypt nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici
}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..1c06bb2ce
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = camellia192-sha384
+ }
+ }
+ version = 2
+ proposals = camellia256-sha512-modp3072
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat
index 046d4cfdc..2b00bea8e 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-carol::ipsec stop
+carol::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
index e34f70277..dbd1738ae 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::ipsec start
-carol::ipsec start
-moon::expect-connection rw
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+moon::expect-connection net
carol::expect-connection home
-carol::ipsec up home
+carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/test.conf b/testing/tests/gcrypt-ikev2/alg-camellia/test.conf
index 4a5fc470f..307c7e9cc 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/test.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/description.txt b/testing/tests/gcrypt-ikev2/rw-cert/description.txt
index f60f5b1ad..0502a6be2 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/description.txt
+++ b/testing/tests/gcrypt-ikev2/rw-cert/description.txt
@@ -5,8 +5,8 @@ plugins <b>aes des sha1 sha2 md5 gmp</b>.
<p>
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
+Upon the successful establishment of the IPsec tunnels, the <b>updown</b> directive
+in swanctl.conf automatically inserts iptables-based firewall rules that let pass the
+tunneled traffic. In order to test both tunnel and firewall, both <b>carol</b> and
+<b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
index 849d59a4e..eccdcf0c1 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
+++ b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_1536.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index 214a8de28..000000000
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp1536!
- esp=3des-sha1!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 2b4da7495..c637e97ec 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..22fe14f92
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = 3des-sha1-modp1536
+ }
+ }
+ version = 2
+ proposals = 3des-sha1-modp1536
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 603651a43..000000000
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes256-sha512-modp2048!
- esp=aes256-sha512!
-
-conn home
- left=PH_IP_DAVE
- leftcert=daveCert.pem
- leftid=dave@strongswan.org
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index f7b335e72..4f6bec1b4 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm vici stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
required = yes
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b3622f50e
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-modp3072
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index ce4c0decb..000000000
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes256-sha512-modp2048,3des-sha1-modp1536!
- esp=aes256-sha512,3des-sha1!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftfirewall=yes
- right=%any
- auto=add
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 2b4da7495..c637e97ec 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
on_add = yes
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..ccd247af0
--- /dev/null
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-modp3072,3des-sha1-modp1536
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072,3des-sha1-modp1536
+ }
+}
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat b/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat
index 1865a1c60..b909ac76c 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat
+++ b/testing/tests/gcrypt-ikev2/rw-cert/posttest.dat
@@ -1,6 +1,8 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat b/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat
index 15c4ad7d1..664cc9447 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat
+++ b/testing/tests/gcrypt-ikev2/rw-cert/pretest.dat
@@ -1,11 +1,11 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-moon::expect-connection rw
-carol::expect-connection home
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection net
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/test.conf b/testing/tests/gcrypt-ikev2/rw-cert/test.conf
index f29298850..1227b9d1c 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/test.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
index d6e251dba..0ddecec94 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 3"
-
conn %default
keyexchange=ikev1
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
index 02ae5affa..7e78d0431 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 3
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
index 7c0490d59..40327a9ec 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 3"
-
conn %default
keyexchange=ikev1
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
index 02ae5affa..7e78d0431 100644
--- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 3
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
index 4fcff4a89..6c4ad62fc 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
index 2e81bfd04..1bf040c21 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
index 218c9f155..a725ea7da 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
index 38df6a919..759b92285 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -6,6 +6,12 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
parameter_set = optimum
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
index ce610b6a3..5cadaccc9 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev1
ike=aes256-sha512-ntru256!
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
index 7a578d242..04da33fd6 100644
--- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -5,4 +5,10 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
}
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
index 77ed2c0c9..afa1641c5 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="job 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
index af5fa19ef..cf4c1eba4 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ job = 2
+ }
+ }
}
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
index 82a8f38c5..51a2e5758 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="job 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
index 93f434598..f09c27902 100644
--- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ job = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
index 89674b2a1..7456a9d8a 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index d69a7b808..99d3c61d9 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
index 82804a0fe..3c0578d4b 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index a3c9999f7..99a0e8940 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
index aac963e91..eee4e6edc 100644
--- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -10,7 +7,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
-conn alice
+conn alice
rightid=alice@strongswan.org
mark=10/0xffffffff
also=sun
diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
index 93f434598..9691dd22f 100644
--- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
index 7af65a55d..e8eaa4887 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
keyexchange=ikev2
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
index 82da6cb7a..95e90fd09 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
keyexchange=ikev2
ike=aes128-sha256-modp3072!
diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
index 8cce0c957..71f5442c0 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes128-sha256-esn-noesn!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
index 1fd5ddb03..9e0df8111 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2, knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
ike=aes128-sha256-modp3072!
esp=aes128-sha256-esn!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
index 02ae5affa..ca7ff4f59 100644
--- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,10 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf
index 01d114dd9..4251ecd68 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes128-sha256!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
index 49077484a..2dd0446ce 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
@@ -6,9 +6,15 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
- parameter_set = x9_98_bandwidth
+ parameter_set = x9_98_bandwidth
}
}
}
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf
index e57bec965..449ee7989 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
ike=aes128-sha256-ntru128!
esp=aes128-sha256!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
index 1dcbd6c27..2dd0446ce 100644
--- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
@@ -6,6 +6,12 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
parameter_set = x9_98_bandwidth
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
index 9da45bcba..f29a8b2a2 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -13,7 +10,7 @@ conn %default
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
index 38df6a919..759b92285 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf
@@ -6,6 +6,12 @@ charon {
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
plugins {
ntru {
parameter_set = optimum
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
index 50be98057..76fbc8024 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf
@@ -1,19 +1,16 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="ike 4, lib 4"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
ike=aes256-sha512-ntru256!
esp=aes256-sha512!
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
index 0b31f738c..d461bda50 100644
--- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf
@@ -4,4 +4,10 @@ charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
+ syslog {
+ daemon {
+ ike = 4
+ lib = 4
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
index aeaebe1f4..8c7918b80 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -25,7 +22,7 @@ conn dscp-ef
also=net-net
auto=add
-conn net-net
+conn net-net
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
leftfirewall=yes
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
index 3cf8c8807..a0be3ce18 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
index 8b54476fd..3c4d0a07f 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf
@@ -1,13 +1,10 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
mobike=no
@@ -25,7 +22,7 @@ conn dscp-ef
also=net-net
auto=add
-conn net-net
+conn net-net
left=PH_IP_SUN
leftsubnet=10.2.0.0/16
leftfirewall=yes
diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
index 3cf8c8807..a0be3ce18 100644
--- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf
index dcd98b4de..ec3daa00a 100644
--- a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
lifetime=10s
diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
index 3dcbf76ea..8d26c1381 100644
--- a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
@@ -4,4 +4,9 @@ charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
# remove rekeyed inbound SA a bit quicker for the test scenario
delete_rekeyed_delay = 2
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
index 9ba918893..ec7d9a79a 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -11,7 +8,7 @@ conn %default
keyexchange=ikev2
mobike=no
-conn net-net
+conn net-net
left=PH_IP_MOON
leftcert=moonCert.pem
leftid=@moon.strongswan.org
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
index 18ed6a4c4..c9a56d748 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
index d41e43a5c..cc86ebc0a 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf
@@ -1,17 +1,14 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="cfg 2"
-
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
- keyingtries=1
+ keyingtries=1
keyexchange=ikev2
mobike=no
-conn net-net
+conn net-net
left=PH_IP_SUN
leftcert=sunCert.pem
leftid=@sun.strongswan.org
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
index 18ed6a4c4..c9a56d748 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ cfg = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf
index a5c2cc5fc..cdcf4e6f2 100644
--- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf
@@ -1,7 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
index af5fa19ef..6bc136a9b 100644
--- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
index b7b27b720..10d92873d 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
index 6b0ab0dcc..58a2f2243 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-tls {
max_message_count = 40
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
index ee4bfd27d..0ab0c4772 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
index 6b0ab0dcc..58a2f2243 100644
--- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-tls {
max_message_count = 40
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
index 5e06976d1..756e3835c 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index 2261fc3e1..74881b5cf 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -4,4 +4,9 @@ charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
index 37fa2b435..4a645d741 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index 8865bd52c..797d27cc2 100644
--- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
libtls {
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
index fc6f1e633..6aaeb160f 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
index 84d571482..ef5666914 100644
--- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -3,6 +3,11 @@
charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
libtls {
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
index 8ff3c2ab6..576d2cb99 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
index 367c0b527..ba52ec31e 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
index cd93a48e7..738481257 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
index 242329b3b..02899fdb7 100644
--- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-ttls {
phase2_method = md5
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
index 8ff3c2ab6..576d2cb99 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
index 367c0b527..ba52ec31e 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
index 951002690..fa1febe0f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
index cd93a48e7..738481257 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
index 20afebf81..0ff7725ca 100644
--- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf
@@ -4,6 +4,11 @@ charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
plugins {
eap-ttls {
phase2_method = md5
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
index 5b1ac90a3..c18df1c73 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 1d380c409..443332acc 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
index 8aa168745..2b58fbfca 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 1d380c409..443332acc 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
index 4b549cbd5..f0094e4d7 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
@@ -10,7 +7,7 @@ conn %default
keyingtries=1
keyexchange=ikev2
-conn alice
+conn alice
rightid=alice@strongswan.org
mark_in=10/0xffffffff
mark_out=11/0xffffffff
diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
index 93f434598..9691dd22f 100644
--- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
@@ -2,4 +2,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
index a2d62296f..0e4eaa1ea 100644
--- a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
index dbcd7d844..709e0c5e4 100644
--- a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
index 3c7adfbf9..47792af99 100644
--- a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
index 8d89cd0bb..5e900fd1b 100644
--- a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
index 409bee2cb..650ebddd9 100644
--- a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
index 8d89cd0bb..5e900fd1b 100644
--- a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
index 71edc4c14..ef99cc768 100644
--- a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
index 8d89cd0bb..5e900fd1b 100644
--- a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
multiple_authentication = no
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/description.txt b/testing/tests/ipv6-stroke/host2host-ikev1/description.txt
new file mode 100644
index 000000000..b52c4caf8
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat
new file mode 100644
index 000000000..186ce4e06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/ipsec.conf
index 9e68eb674..9e68eb674 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..8c90a8e03
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/ipsec.conf
index 23bc5c627..23bc5c627 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat b/testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat b/testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/host2host-ikev1/test.conf b/testing/tests/ipv6-stroke/host2host-ikev1/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/description.txt b/testing/tests/ipv6-stroke/host2host-ikev2/description.txt
new file mode 100644
index 000000000..b52c4caf8
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat
new file mode 100644
index 000000000..186ce4e06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/ipsec.conf
index faee5c854..faee5c854 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/ipsec.conf
index f4dc393ee..f4dc393ee 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat b/testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat b/testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/host2host-ikev2/test.conf b/testing/tests/ipv6-stroke/host2host-ikev2/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/host2host-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/description.txt b/testing/tests/ipv6-stroke/net2net-ikev1/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat
new file mode 100644
index 000000000..4cf23a31b
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/ipsec.conf
index 4821989a9..4821989a9 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/ipsec.conf
index 23bc5c627..23bc5c627 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat b/testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat b/testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat
new file mode 100644
index 000000000..a14b3cf79
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ikev1/test.conf b/testing/tests/ipv6-stroke/net2net-ikev1/test.conf
new file mode 100644
index 000000000..abade5bba
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/description.txt b/testing/tests/ipv6-stroke/net2net-ikev2/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat
new file mode 100644
index 000000000..4cf23a31b
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/ipsec.conf
index 7292066a9..7292066a9 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/ipsec.conf
index 2141c15c5..2141c15c5 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat b/testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat b/testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat
new file mode 100644
index 000000000..a14b3cf79
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ikev2/test.conf b/testing/tests/ipv6-stroke/net2net-ikev2/test.conf
new file mode 100644
index 000000000..abade5bba
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt
new file mode 100644
index 000000000..62fff0b30
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/description.txt
@@ -0,0 +1,4 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two IPv4 subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. In order to test the IPv4-over-IPv6 ESP tunnel, client <b>alice</b> behind <b>moon</b>
+sends an IPv4 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat
new file mode 100644
index 000000000..ee9e22ed7
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf
index c43086f76..c43086f76 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf
index f64bc2342..f64bc2342 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat
new file mode 100644
index 000000000..812ccd162
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf
new file mode 100644
index 000000000..58ec28767
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt
new file mode 100644
index 000000000..62fff0b30
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/description.txt
@@ -0,0 +1,4 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two IPv4 subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. In order to test the IPv4-over-IPv6 ESP tunnel, client <b>alice</b> behind <b>moon</b>
+sends an IPv4 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat
new file mode 100644
index 000000000..ee9e22ed7
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf
index 704737eaf..704737eaf 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf
index e739fc8ea..e739fc8ea 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..00380ccb4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat
new file mode 100644
index 000000000..812ccd162
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf
new file mode 100644
index 000000000..58ec28767
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat
new file mode 100644
index 000000000..803cf5ef5
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
index 93660a2d8..93660a2d8 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..aeab0b9b5
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes = no
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf
index 30dadee78..30dadee78 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..429439ee4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes=no
+ fragment_size = 1400
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat
new file mode 100644
index 000000000..58711bc06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf
new file mode 100644
index 000000000..345e2d808
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt
new file mode 100644
index 000000000..5952ecc2d
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/description.txt
@@ -0,0 +1,6 @@
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
+It connects the two subnets hiding behind their respective gateways. The authentication is based on
+X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
+sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat
new file mode 100644
index 000000000..803cf5ef5
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/evaltest.dat
@@ -0,0 +1,7 @@
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
+alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
index f1cbd5576..f1cbd5576 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..0be55a717
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes = no
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf
index 1f1fa6c51..1f1fa6c51 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..812d52a95
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ install_routes=no
+}
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat
new file mode 100644
index 000000000..078fca541
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+sun::ipsec stop
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat
new file mode 100644
index 000000000..58711bc06
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection net-net
+sun::expect-connection net-net
+moon::ipsec up net-net
diff --git a/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf
new file mode 100644
index 000000000..345e2d808
--- /dev/null
+++ b/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/description.txt b/testing/tests/ipv6-stroke/rw-ikev1/description.txt
new file mode 100644
index 000000000..17461370e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat
new file mode 100644
index 000000000..0e125b70e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/ipsec.conf
index 4bcfd19dd..4bcfd19dd 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..af5fa19ef
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/ipsec.conf
index 125303638..125303638 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/ipsec.conf
index 880b1b2e7..880b1b2e7 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/posttest.dat b/testing/tests/ipv6-stroke/rw-ikev1/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/pretest.dat b/testing/tests/ipv6-stroke/rw-ikev1/pretest.dat
new file mode 100644
index 000000000..f60be3887
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/pretest.dat
@@ -0,0 +1,17 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ikev1/test.conf b/testing/tests/ipv6-stroke/rw-ikev1/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/description.txt b/testing/tests/ipv6-stroke/rw-ikev2/description.txt
new file mode 100644
index 000000000..17461370e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat
new file mode 100644
index 000000000..0e125b70e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/ipsec.conf
index 21166b2d0..21166b2d0 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..9c9714a33
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/ipsec.conf
index 9513be833..9513be833 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/ipsec.conf
index 4bed27ec5..4bed27ec5 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/posttest.dat b/testing/tests/ipv6-stroke/rw-ikev2/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/pretest.dat b/testing/tests/ipv6-stroke/rw-ikev2/pretest.dat
new file mode 100644
index 000000000..f60be3887
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/pretest.dat
@@ -0,0 +1,17 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ikev2/test.conf b/testing/tests/ipv6-stroke/rw-ikev2/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt
new file mode 100644
index 000000000..f9412611b
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
+the IKEv1 mode config payload.
+<p/>
+Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat
new file mode 100644
index 000000000..f6dc9aa3e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf
index 8aba6f0b1..8aba6f0b1 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..0c5b0b5a4
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf
index d0ff82c2d..d0ff82c2d 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
index e77d7b608..e77d7b608 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/libipsec/rw-suite-b/posttest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/posttest.dat
index 1865a1c60..ebe5e2a80 100644
--- a/testing/tests/libipsec/rw-suite-b/posttest.dat
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/posttest.dat
@@ -4,3 +4,7 @@ dave::ipsec stop
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec3:\:/16 via fec1:\:1"
diff --git a/testing/tests/libipsec/rw-suite-b/pretest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/pretest.dat
index e87a8ee47..e73bde487 100644
--- a/testing/tests/libipsec/rw-suite-b/pretest.dat
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/pretest.dat
@@ -1,11 +1,15 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec3:\:/16 via fec1:\:1"
moon::ipsec start
carol::ipsec start
dave::ipsec start
moon::expect-connection rw
carol::expect-connection home
-carol::ipsec up home
dave::expect-connection home
+carol::ipsec up home
dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt
new file mode 100644
index 000000000..237e6fa52
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
+the IKEv2 configuration payload.
+<p/>
+Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
+automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat
new file mode 100644
index 000000000..f6dc9aa3e
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf
index 1ca1c6c26..1ca1c6c26 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..9c9714a33
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf
index bba2d96f7..bba2d96f7 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
new file mode 100644
index 000000000..409f2e9bb
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ip6tables.rules
@@ -0,0 +1,20 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# log dropped packets
+-A INPUT -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
index 5ea245568..5ea245568 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3a52f0db6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ hash_and_url = yes
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat
new file mode 100644
index 000000000..ebe5e2a80
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec3:\:/16 via fec1:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat
new file mode 100644
index 000000000..e73bde487
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/pretest.dat
@@ -0,0 +1,15 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec3:\:/16 via fec1:\:1"
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt b/testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt
new file mode 100644
index 000000000..66fc09053
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
+behind the gateway <b>moon</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat
new file mode 100644
index 000000000..16982a736
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.conf
index 47080139f..47080139f 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets
index 2abcb4e0a..2abcb4e0a 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.conf
index c59d32a14..c59d32a14 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets
index 2375cd559..2375cd559 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.conf
index 7d32866b5..7d32866b5 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets
index 88c418353..88c418353 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat
new file mode 100644
index 000000000..93a96ec36
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/pretest.dat
@@ -0,0 +1,20 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf b/testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt b/testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt
new file mode 100644
index 000000000..66fc09053
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
+behind the gateway <b>moon</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat
new file mode 100644
index 000000000..16982a736
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.conf
index eed683f72..eed683f72 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets
index 2abcb4e0a..2abcb4e0a 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.conf
index 3b45adb0d..3b45adb0d 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets
index 2375cd559..2375cd559 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.conf
index f6c4c6ab9..f6c4c6ab9 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets
index 88c418353..88c418353 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..955514391
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat
new file mode 100644
index 000000000..4e59395e3
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/posttest.dat
@@ -0,0 +1,12 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+carol::ip6tables-restore < /etc/ip6tables.flush
+dave::ip6tables-restore < /etc/ip6tables.flush
+alice::"ip route del fec0:\:/16 via fec1:\:1"
+carol::"ip route del fec1:\:/16 via fec0:\:1"
+dave::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat b/testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat
new file mode 100644
index 000000000..93a96ec36
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/pretest.dat
@@ -0,0 +1,20 @@
+moon::iptables-restore < /etc/iptables.drop
+carol::iptables-restore < /etc/iptables.drop
+dave::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+carol::ip6tables-restore < /etc/ip6tables.rules
+dave::ip6tables-restore < /etc/ip6tables.rules
+alice::"ip route add fec0:\:/16 via fec1:\:1"
+carol::"ip route add fec1:\:/16 via fec0:\:1"
+dave::"ip route add fec1:\:/16 via fec0:\:1"
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+moon::expect-connection rw
+carol::expect-connection home
+dave::expect-connection home
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf b/testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf
new file mode 100644
index 000000000..69b0757fd
--- /dev/null
+++ b/testing/tests/ipv6-stroke/rw-psk-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/description.txt b/testing/tests/ipv6-stroke/transport-ikev1/description.txt
new file mode 100644
index 000000000..2d54790aa
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the protected traffic. In order to test both the transport connection
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat b/testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat
new file mode 100644
index 000000000..5ae9d2c12
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/evaltest.dat
@@ -0,0 +1,9 @@
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+moon::ip xfrm state::mode transport::YES
+sun:: ip xfrm state::mode transport::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/ipsec.conf
index f2938f307..f2938f307 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/ipsec.conf
index 9af8aa862..9af8aa862 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/posttest.dat b/testing/tests/ipv6-stroke/transport-ikev1/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/pretest.dat b/testing/tests/ipv6-stroke/transport-ikev1/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/transport-ikev1/test.conf b/testing/tests/ipv6-stroke/transport-ikev1/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev1/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/description.txt b/testing/tests/ipv6-stroke/transport-ikev2/description.txt
new file mode 100644
index 000000000..2d54790aa
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/description.txt
@@ -0,0 +1,5 @@
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
+The authentication is based on X.509 certificates. Upon the successful establishment of
+the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
+rules that let pass the protected traffic. In order to test both the transport connection
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat b/testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat
new file mode 100644
index 000000000..0dfba54ea
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/evaltest.dat
@@ -0,0 +1,10 @@
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
+moon::ip xfrm state::mode transport::YES
+sun:: ip xfrm state::mode transport::YES
+moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/ipsec.conf
index a48b6cbc6..a48b6cbc6 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/ipsec.conf
index e80eb8101..e80eb8101 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/ipsec.conf
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..93f434598
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/posttest.dat b/testing/tests/ipv6-stroke/transport-ikev2/posttest.dat
new file mode 100644
index 000000000..d3bebd0c6
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
+moon::ip6tables-restore < /etc/ip6tables.flush
+sun::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/pretest.dat b/testing/tests/ipv6-stroke/transport-ikev2/pretest.dat
new file mode 100644
index 000000000..46c015387
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/pretest.dat
@@ -0,0 +1,9 @@
+moon::iptables-restore < /etc/iptables.drop
+sun::iptables-restore < /etc/iptables.drop
+moon::ip6tables-restore < /etc/ip6tables.rules
+sun::ip6tables-restore < /etc/ip6tables.rules
+moon::ipsec start
+sun::ipsec start
+moon::expect-connection host-host
+sun::expect-connection host-host
+moon::ipsec up host-host
diff --git a/testing/tests/ipv6-stroke/transport-ikev2/test.conf b/testing/tests/ipv6-stroke/transport-ikev2/test.conf
new file mode 100644
index 000000000..e1d17aa16
--- /dev/null
+++ b/testing/tests/ipv6-stroke/transport-ikev2/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="moon winnetou sun"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-w-s-ip6.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# IP protocol used by IPsec is IPv6
+#
+IPV6=1
diff --git a/testing/tests/ipv6/host2host-ikev1/description.txt b/testing/tests/ipv6/host2host-ikev1/description.txt
index b52c4caf8..d9ef11539 100644
--- a/testing/tests/ipv6/host2host-ikev1/description.txt
+++ b/testing/tests/ipv6/host2host-ikev1/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully
+set up. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules that pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/host2host-ikev1/evaltest.dat b/testing/tests/ipv6/host2host-ikev1/evaltest.dat
index 186ce4e06..ef6ec2b98 100644
--- a/testing/tests/ipv6/host2host-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/host2host-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
index 6cb3ee291..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,8 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1fa9a622c
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
index 6cb3ee291..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,8 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..585e32489
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev1/posttest.dat b/testing/tests/ipv6/host2host-ikev1/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/host2host-ikev1/posttest.dat
+++ b/testing/tests/ipv6/host2host-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/host2host-ikev1/pretest.dat b/testing/tests/ipv6/host2host-ikev1/pretest.dat
index 46c015387..340344c95 100644
--- a/testing/tests/ipv6/host2host-ikev1/pretest.dat
+++ b/testing/tests/ipv6/host2host-ikev1/pretest.dat
@@ -2,8 +2,9 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
-moon::expect-connection host-host
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::expect-connection host-host
+moon::swanctl --initiate --child host-host 2> /dev/null
+moon::sleep 1
diff --git a/testing/tests/ipv6/host2host-ikev1/test.conf b/testing/tests/ipv6/host2host-ikev1/test.conf
index e1d17aa16..7bc3a6eee 100644
--- a/testing/tests/ipv6/host2host-ikev1/test.conf
+++ b/testing/tests/ipv6/host2host-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/host2host-ikev2/description.txt b/testing/tests/ipv6/host2host-ikev2/description.txt
index b52c4caf8..3714c800b 100644
--- a/testing/tests/ipv6/host2host-ikev2/description.txt
+++ b/testing/tests/ipv6/host2host-ikev2/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec tunnel, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the tunneled traffic. In order to test both the host-to-host tunnel
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully
+set up. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic. In order to test both the host-to-host tunnel
+and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/host2host-ikev2/evaltest.dat b/testing/tests/ipv6/host2host-ikev2/evaltest.dat
index 186ce4e06..23add7ae5 100644
--- a/testing/tests/ipv6/host2host-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/host2host-ikev2/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
-sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES \ No newline at end of file
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..b422344f2
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..376f8d8fa
--- /dev/null
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/host2host-ikev2/posttest.dat b/testing/tests/ipv6/host2host-ikev2/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/host2host-ikev2/posttest.dat
+++ b/testing/tests/ipv6/host2host-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/host2host-ikev2/pretest.dat b/testing/tests/ipv6/host2host-ikev2/pretest.dat
index 46c015387..0c558800c 100644
--- a/testing/tests/ipv6/host2host-ikev2/pretest.dat
+++ b/testing/tests/ipv6/host2host-ikev2/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection host-host
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host 2> /dev/null \ No newline at end of file
diff --git a/testing/tests/ipv6/host2host-ikev2/test.conf b/testing/tests/ipv6/host2host-ikev2/test.conf
index e1d17aa16..459baf2d9 100644
--- a/testing/tests/ipv6/host2host-ikev2/test.conf
+++ b/testing/tests/ipv6/host2host-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="moon winnetou sun"
-
+
# Corresponding block diagram
#
DIAGRAM="m-w-s-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ikev1/description.txt b/testing/tests/ipv6/net2net-ikev1/description.txt
index 5952ecc2d..9c574d22f 100644
--- a/testing/tests/ipv6/net2net-ikev1/description.txt
+++ b/testing/tests/ipv6/net2net-ikev1/description.txt
@@ -1,6 +1,7 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic. In order to test both the net-to-net tunnel
+and the firewall rules, client <b>alice</b> behind <b>moon</b> sends an IPv6 ICMP
+request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ikev1/evaltest.dat
index 4cf23a31b..877459c88 100644
--- a/testing/tests/ipv6/net2net-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..e4ae7c91b
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..df389144d
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ikev1/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ikev1/posttest.dat
+++ b/testing/tests/ipv6/net2net-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ikev1/pretest.dat
index a14b3cf79..60b2810cf 100644
--- a/testing/tests/ipv6/net2net-ikev1/pretest.dat
+++ b/testing/tests/ipv6/net2net-ikev1/pretest.dat
@@ -6,8 +6,9 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net 2> /dev/null
+moon::sleep 1
diff --git a/testing/tests/ipv6/net2net-ikev1/test.conf b/testing/tests/ipv6/net2net-ikev1/test.conf
index abade5bba..5906883b1 100644
--- a/testing/tests/ipv6/net2net-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ikev2/description.txt b/testing/tests/ipv6/net2net-ikev2/description.txt
index 5952ecc2d..0fe026cc0 100644
--- a/testing/tests/ipv6/net2net-ikev2/description.txt
+++ b/testing/tests/ipv6/net2net-ikev2/description.txt
@@ -1,6 +1,7 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b>
+is successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic. In order to test both the net-to-net tunnel
+and the firewall rules, client <b>alice</b> behind <b>moon</b> sends an IPv6 ICMP
+request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ikev2/evaltest.dat
index 4cf23a31b..a3e2bad94 100644
--- a/testing/tests/ipv6/net2net-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ikev2/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1bf52633b
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
index 00380ccb4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..73480f112
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ikev2/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ikev2/pretest.dat
index a14b3cf79..2db7a27c2 100644
--- a/testing/tests/ipv6/net2net-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-ikev2/pretest.dat
@@ -6,8 +6,8 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-ikev2/test.conf b/testing/tests/ipv6/net2net-ikev2/test.conf
index abade5bba..5906883b1 100644
--- a/testing/tests/ipv6/net2net-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
index ee9e22ed7..829c64764 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
index 02280ac2f..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..7604b97d5
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
index 7a39a8ae4..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size=1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..4a7f98856
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat
index 812ccd162..9a9d27b29 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/pretest.dat
@@ -2,8 +2,9 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
+moon::sleep 1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
index 58ec28767..cc1bf500f 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
index ee9e22ed7..b898de258 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
@@ -1,7 +1,6 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..aea5c228c
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
index 3a52f0db6..93dbda2d6 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1efe64d86
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat
index 812ccd162..5a4e73383 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
index 58ec28767..cc1bf500f 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip4-in-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt
index 5952ecc2d..26cb55e4d 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/description.txt
@@ -1,6 +1,8 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client
+<b>alice</b> behind <b>moon</b> sends an IPv6 ICMP request to client <b>bob</b>
+behind <b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat
index 803cf5ef5..849da7c61 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/evaltest.dat
@@ -1,7 +1,5 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]
+sun::swanctl --list-sas --raw 2> /dev/null::net-net.*version=1 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
index 0be55a717..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..e78611432
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
index 812d52a95..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
- install_routes=no
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
+ install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..db19938ac
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat
index 58711bc06..58be2992f 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/pretest.dat
@@ -6,8 +6,9 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
+moon::sleep 1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
index 345e2d808..9f1c9a1f3 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt
index 5952ecc2d..dee74097c 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/description.txt
@@ -1,6 +1,8 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-X.509 certificates. Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on X.509 certificates. Upon the successful
+establishment of the IPsec tunnel, automatically inserted ip6tables-based firewall
+rules let pass the tunneled traffic.
+In order to test both the net-to-net tunnel and the firewall rules, client
+<b>alice</b> behind <b>moon</b> sends an IPv6 ICMP request to client <b>bob</b>
+behind <b>sun</b> using the ping6 command. \ No newline at end of file
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat
index 803cf5ef5..40ae8524a 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/evaltest.dat
@@ -1,7 +1,4 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]
+sun::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index 0be55a717..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..775c2feae
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = fec2::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
index 812d52a95..89e0dfced 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
- install_routes=no
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ fragment_size = 1400
+ install_routes = no
}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..ed7e9b477
--- /dev/null
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ net-net {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat
index 58711bc06..e1d5265cc 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/pretest.dat
@@ -6,8 +6,8 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
index 345e2d808..9f1c9a1f3 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6-in-ip4.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt b/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt
index ebcc00724..0c0525ce1 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/description.txt
@@ -1,11 +1,14 @@
-An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is successfully set up.
-It connects the two subnets hiding behind their respective gateways. The authentication is based on
-<b>X.509 certificates</b> containing <b>RFC 3779 IP address block constraints</b>.
-Both <b>moon</b> and <b>sun</b> set <b>rightsubnet=::/0</b> thus allowing the peers to narrow down
-the address range to their actual subnets <b>fec1::/16</b> and <b>fec2::/16</b>, respectively.
-These unilaterally proposed traffic selectors must be validated by corresponding IP address block constraints.
+An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
+successfully set up. It connects the two subnets hiding behind their respective
+gateways. The authentication is based on <b>X.509 certificates</b> containing
+<b>RFC 3779 IP address block constraints</b>. Both <b>moon</b> and <b>sun</b> set
+<b>rightsubnet=::/0</b> thus allowing the peers to narrow down the address range
+to their actual subnets <b>fec1::/16</b> and <b>fec2::/16</b>, respectively.
+These unilaterally proposed traffic selectors must be validated by corresponding
+IP address block constraints.
<p/>
-Upon the successful establishment of the IPsec tunnel, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind <b>moon</b>
-sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b> using the ping6 command.
+Upon the successful establishment of the IPsec tunnel, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic. In order to test
+both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind
+<b>moon</b> sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b>
+using the ping6 command.
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat
index 3b0a3eeca..72dade743 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/evaltest.dat
@@ -1,9 +1,7 @@
-moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::TS fec2:\:/16 is contained in address block constraint fec2:\:/16::YES
sun:: cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
alice::ping6 -c 1 -p deadbeef ip6-bob.strongswan.org::64 bytes from ip6-bob.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec2:\:/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec2:\:/16] remote-ts=\[fec1:\:/16]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 46b9ad415..000000000
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- also=host-host
- leftsubnet=fec1::0/16
- rightsubnet=0::0/0
-
-conn host-host
- left=PH_IP6_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftfirewall=yes
- right=PH_IP6_SUN
- rightid=@sun.strongswan.org
- auto=add
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
index 11607c8cb..11607c8cb 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..c172a2c13
--- /dev/null
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
index 124e2ae46..124e2ae46 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index 4a0f911a3..000000000
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- also=host-host
- leftsubnet=fec2::0/16
- rightsubnet=0::0/0
-
-conn host-host
- left=PH_IP6_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftfirewall=yes
- right=PH_IP6_MOON
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/rsa/sunKey.pem
index 55f5f8037..55f5f8037 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/private/sunKey.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/rsa/sunKey.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..68927c36d
--- /dev/null
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,36 @@
+connections {
+
+ net-net {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509/sunCert.pem
index a93121da1..a93121da1 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/certs/sunCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509/sunCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat
index 078fca541..aec4aa7d0 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
alice::"ip route del fec2:\:/16 via fec1:\:1"
moon::"ip route del fec2:\:/16 via fec0:\:2"
sun::"ip route del fec1:\:/16 via fec0:\:1"
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat b/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat
index a14b3cf79..2db7a27c2 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/pretest.dat
@@ -6,8 +6,8 @@ alice::"ip route add fec2:\:/16 via fec1:\:1"
moon::"ip route add fec2:\:/16 via fec0:\:2"
sun::"ip route add fec1:\:/16 via fec0:\:1"
bob::"ip route add fec1:\:/16 via fec2:\:1"
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
sun::expect-connection net-net
-moon::ipsec up net-net
+moon::swanctl --initiate --child net-net
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
index abade5bba..5906883b1 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
-
+
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat b/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
index 8229b6254..eddc9bf97 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-compress-ikev2/evaltest.dat
@@ -1,14 +1,10 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES
-moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES
-moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES
-moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES
moon:: ip xfrm state::proto comp spi::YES
carol::ip xfrm state::proto comp spi::YES
# send two pings because the first is lost due to Path MTU Discovery between alice and moon
carol::ping6 -c 2 -W 1 -s 8184 -p deadbeef ip6-alice.strongswan.org::8192 bytes from ip6-alice.strongswan.org::YES
# reduce the size as the default is already larger than the threshold of 90 bytes
carol::ping6 -c 1 -s 40 ip6-alice.strongswan.org::48 bytes from ip6-alice.strongswan.org::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*cpi-in.*cpi-out.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*cpi-in.*cpi-out.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index bd9a9e59f..000000000
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- compress=yes
- leftfirewall=yes
-
-conn home
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- right=PH_IP6_MOON
- rightsubnet=fec1::/16
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
index af5fa19ef..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..279eb3205
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ ipcomp = yes
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index c4f9b5b5b..000000000
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- crluri=http://ip6-winnetou.strongswan.org/strongswan.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- compress=yes
- leftfirewall=yes
-
-conn rw
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=fec1::/16
- right=%any
- auto=add
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
index 93f434598..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b15b952cc
--- /dev/null
+++ b/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ ipcomp = yes
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-compress-ikev2/posttest.dat b/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
index fdaf44080..55b22dfde 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-compress-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-carol::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/rw-compress-ikev2/pretest.dat b/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
index 3f6427f50..96a2d7d9e 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-compress-ikev2/pretest.dat
@@ -6,8 +6,8 @@ carol::ip6tables-restore < /etc/ip6tables.rules
moon::ip6tables -I OUTPUT 1 -o eth1 -p icmpv6 --icmpv6-type 2 -j ACCEPT
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
-carol::ipsec up home
+carol::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-compress-ikev2/test.conf b/testing/tests/ipv6/rw-compress-ikev2/test.conf
index 8098d4720..8eedcd9f9 100644
--- a/testing/tests/ipv6/rw-compress-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-compress-ikev2/test.conf
@@ -24,3 +24,7 @@ IPSECHOSTS="moon carol"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ikev1/description.txt b/testing/tests/ipv6/rw-ikev1/description.txt
index 17461370e..c8549777d 100644
--- a/testing/tests/ipv6/rw-ikev1/description.txt
+++ b/testing/tests/ipv6/rw-ikev1/description.txt
@@ -1,7 +1,7 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+Upon the successful establishment of the IPv6 ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic.
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
using the ping6 command.
diff --git a/testing/tests/ipv6/rw-ikev1/evaltest.dat b/testing/tests/ipv6/rw-ikev1/evaltest.dat
index 0e125b70e..1202a99d2 100644
--- a/testing/tests/ipv6/rw-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/rw-ikev1/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:10 local-port=500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:20 local-port=500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
index 0835a1605..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..52970208b
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..c26ba5780
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..f72f9ef86
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev1/posttest.dat b/testing/tests/ipv6/rw-ikev1/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-ikev1/posttest.dat
+++ b/testing/tests/ipv6/rw-ikev1/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ikev1/pretest.dat b/testing/tests/ipv6/rw-ikev1/pretest.dat
index f60be3887..a8c8a7097 100644
--- a/testing/tests/ipv6/rw-ikev1/pretest.dat
+++ b/testing/tests/ipv6/rw-ikev1/pretest.dat
@@ -7,11 +7,11 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ikev1/test.conf b/testing/tests/ipv6/rw-ikev1/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ikev2/description.txt b/testing/tests/ipv6/rw-ikev2/description.txt
index 17461370e..c8549777d 100644
--- a/testing/tests/ipv6/rw-ikev2/description.txt
+++ b/testing/tests/ipv6/rw-ikev2/description.txt
@@ -1,7 +1,7 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
+Upon the successful establishment of the IPv6 ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic.
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
using the ping6 command.
diff --git a/testing/tests/ipv6/rw-ikev2/evaltest.dat b/testing/tests/ipv6/rw-ikev2/evaltest.dat
index 0e125b70e..d5d5a6b1c 100644
--- a/testing/tests/ipv6/rw-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-ikev2/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=4500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
index 9c9714a33..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..5bfbe324d
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7fe33bf8f
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b28e49e07
--- /dev/null
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-ikev2/posttest.dat b/testing/tests/ipv6/rw-ikev2/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ikev2/pretest.dat b/testing/tests/ipv6/rw-ikev2/pretest.dat
index f60be3887..a8c8a7097 100644
--- a/testing/tests/ipv6/rw-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-ikev2/pretest.dat
@@ -7,11 +7,11 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ikev2/test.conf b/testing/tests/ipv6/rw-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt
index f9412611b..ce07226c5 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/description.txt
@@ -1,10 +1,10 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
-the IKEv1 mode config payload.
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel
+connection each to gateway <b>moon</b>. The authentication is based on <b>X.509
+certificates</b>. Both <b>carol</b> and <b>dave</b> request a virtual IPv6
+address from <b>moon</b> via the IKEv1 mode config payload.
<p/>
-Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
-an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
-using the ping6 command.
+Upon the successful establishment of the ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic. In order to test
+both tunnel and firewall, both <b>carol</b> and <b>dave</b> send an IPv6 ICMP
+request to the client <b>alice</b> behind the gateway <b>moon</b> using the
+ping6 command.
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat
index f6dc9aa3e..78488871f 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16]
+dave::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16]
+moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128]
+moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128]
moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
index 9c9714a33..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..fcf530ebe
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..51fb8d65c
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..72201edc0
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+ pools = rw_pool
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+pools {
+ rw_pool {
+ addrs = fec3::/120
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat
index ebe5e2a80..d8d4bbbec 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat
index e73bde487..9a756eb78 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/pretest.dat
@@ -5,11 +5,11 @@ moon::ip6tables-restore < /etc/ip6tables.rules
carol::ip6tables-restore < /etc/ip6tables.rules
dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec3:\:/16 via fec1:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt
index 237e6fa52..790427243 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/description.txt
@@ -1,10 +1,10 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel connection each
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address from <b>moon</b> via
-the IKEv2 configuration payload.
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6-in-IPv4 tunnel
+connection each to gateway <b>moon</b>. The authentication is based on <b>X.509
+certificates</b> Both <b>carol</b> and <b>dave</b> request a virtual IPv6 address
+from <b>moon</b> via the IKEv2 configuration payload.
<p/>
-Upon the successful establishment of the ESP tunnels, <b>leftfirewall=yes</b>
-automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
-an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
-using the ping6 command.
+Upon the successful establishment of the ESP tunnels, automatically inserted
+ip6tables-based firewall rules let pass the tunneled traffic. In order to test
+both tunnel and firewall, both <b>carol</b> and <b>dave</b> send an IPv6 ICMP
+request to the client <b>alice</b> behind the gateway <b>moon</b> using the
+ping6 command.
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat
index f6dc9aa3e..d0f2bac96 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:1] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:1/128] remote-ts=\[fec1:\:/16]
+dave::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[fec3:\:2] child-sas.*home.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec3:\:2/128] remote-ts=\[fec1:\:/16]
+moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:2] child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:2/128]
+moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*remote-vips=\[fec3:\:1] child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec3:\:1/128]
moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
index 9c9714a33..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..1a9ed078f
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..1fb687eaa
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,28 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+ vips = 0::0
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..6624bfb3e
--- /dev/null
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+ pools = rw_pool
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+pools {
+ rw_pool {
+ addrs = fec3::/120
+ }
+}
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat
index ebe5e2a80..d8d4bbbec 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat
index e73bde487..9a756eb78 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/pretest.dat
@@ -5,11 +5,11 @@ moon::ip6tables-restore < /etc/ip6tables.rules
carol::ip6tables-restore < /etc/ip6tables.rules
dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec3:\:/16 via fec1:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-psk-ikev1/description.txt b/testing/tests/ipv6/rw-psk-ikev1/description.txt
index 66fc09053..fd7369d8f 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/description.txt
+++ b/testing/tests/ipv6/rw-psk-ikev1/description.txt
@@ -1,7 +1,7 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
-<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
-let pass the tunneled traffic. In order to test both tunnel and firewall, both
-<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
-behind the gateway <b>moon</b> using the ping6 command.
+automatically inserted ip6tables-based firewall rules let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to client <b>alice</b> behind the gateway <b>moon</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat b/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat
index 16982a736..e92aa028d 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev1/evaltest.dat
@@ -1,13 +1,10 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:10 local-port=500 local-id=fec0:\:10 remote-host=fec0:\:1 remote-port=500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:20 local-port=500 local-id=fec0:\:20 remote-host=fec0:\:1 remote-port=500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=fec0:\:1 remote-host=fec0:\:10 remote-port=500 remote-id=fec0:\:10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=fec0:\:1 remote-host=fec0:\:20 remote-port=500 remote-id=fec0:\:20.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..524530721
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::10
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7e3cff4ff
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::20
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..70c360ce7
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,37 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::1
+ }
+ remote {
+ auth = psk
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-carol {
+ id = fec0::10
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+
+ ike-dave {
+ id = fec0::20
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev1/posttest.dat b/testing/tests/ipv6/rw-psk-ikev1/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/posttest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev1/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-psk-ikev1/pretest.dat b/testing/tests/ipv6/rw-psk-ikev1/pretest.dat
index 93a96ec36..48cb77608 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/pretest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev1/pretest.dat
@@ -7,14 +7,14 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::rm /etc/ipsec.d/cacerts/*
-carol::rm /etc/ipsec.d/cacerts/*
-dave::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-psk-ikev1/test.conf b/testing/tests/ipv6/rw-psk-ikev1/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-psk-ikev1/test.conf
+++ b/testing/tests/ipv6/rw-psk-ikev1/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-psk-ikev2/description.txt b/testing/tests/ipv6/rw-psk-ikev2/description.txt
index 66fc09053..0bd1474a0 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/description.txt
+++ b/testing/tests/ipv6/rw-psk-ikev2/description.txt
@@ -1,7 +1,7 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
+TThe roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 tunnel connection each
to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
and IPv6 addresses. Upon the successful establishment of the IPsec tunnels,
-<b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall rules that
-let pass the tunneled traffic. In order to test both tunnel and firewall, both
-<b>carol</b> and <b>dave</b> send an IPv6 ICMP request to client <b>alice</b>
-behind the gateway <b>moon</b> using the ping6 command.
+automatically inserted ip6tables-based firewall rules let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
+an IPv6 ICMP request to client <b>alice</b> behind the gateway <b>moon</b> using
+the ping6 command.
diff --git a/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat b/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat
index 16982a736..ce79801ec 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev2/evaltest.dat
@@ -1,13 +1,9 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:10].*\[fec0.*:1]::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[fec0.*:20].*\[fec0.*:1]::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:10]::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[fec0.*:1].*\[fec0.*:20]::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=fec0:\:10 remote-host=fec0:\:1 remote-port=4500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=4500 local-id=fec0:\:20 remote-host=fec0:\:1 remote-port=4500 remote-id=fec0:\:1 initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=fec0:\:1 remote-host=fec0:\:10 remote-port=4500 remote-id=fec0:\:10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=fec0:\:1 remote-host=fec0:\:20 remote-port=4500 remote-id=fec0:\:20.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..6d1b0a61b
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::10
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..8d848205b
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::20
+ }
+ remote {
+ auth = psk
+ id = fec0::1
+ }
+ children {
+ home {
+ remote_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = fec0::1
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
index 955514391..306228a75 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..df4170e96
--- /dev/null
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,37 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = psk
+ id = fec0::1
+ }
+ remote {
+ auth = psk
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-carol {
+ id = fec0::10
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+
+ ike-dave {
+ id = fec0::20
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+}
diff --git a/testing/tests/ipv6/rw-psk-ikev2/posttest.dat b/testing/tests/ipv6/rw-psk-ikev2/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-psk-ikev2/pretest.dat b/testing/tests/ipv6/rw-psk-ikev2/pretest.dat
index 93a96ec36..48cb77608 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-psk-ikev2/pretest.dat
@@ -7,14 +7,14 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::rm /etc/ipsec.d/cacerts/*
-carol::rm /etc/ipsec.d/cacerts/*
-dave::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-psk-ikev2/test.conf b/testing/tests/ipv6/rw-psk-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat
index 551eae263..082416d60 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat
@@ -1,18 +1,13 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
moon:: cat /var/log/daemon.log::TS fec0:\:10/128 is contained in address block constraint fec0:\:10/128::YES
moon:: cat /var/log/daemon.log::TS fec0:\:20/128 is contained in address block constraint fec0:\:20/128::YES
carol::cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
dave:: cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
-moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=4500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index a2e054e13..000000000
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
-
-conn home
- left=PH_IP6_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- leftfirewall=yes
- right=PH_IP6_MOON
- rightid=@moon.strongswan.org
- rightsubnet=0::0/0
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
index da170cb15..285350d7b 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem
index a75622149..a75622149 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..54fb36da4
--- /dev/null
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::10
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem
index bf8a4919d..bf8a4919d 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 8d275e2bd..000000000
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
-
-conn home
- left=PH_IP6_DAVE
- leftcert=daveCert.pem
- leftid=dave@strongswan.org
- leftfirewall=yes
- right=PH_IP6_MOON
- rightid=@moon.strongswan.org
- rightsubnet=0::0/0
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem
index f72970c4d..f72970c4d 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..098ba6db7
--- /dev/null
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ home {
+ local_addrs = fec0::20
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 0::0/0
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem
index 88ce01ed5..88ce01ed5 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 236302350..000000000
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
- cacert=strongswanCert.pem
- certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
- crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
-
-conn rw
- left=PH_IP6_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=fec1::/16
- leftfirewall=yes
- right=%any
- keyexchange=ikev2
- auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4fa0583ed..285350d7b 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
index 11607c8cb..11607c8cb 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4edc8cd86
--- /dev/null
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,32 @@
+connections {
+
+ rw {
+ local_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = fec1::0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+ }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
index 124e2ae46..124e2ae46 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
index 8e872d89f..8e872d89f 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat
index 4e59395e3..59495fc46 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat b/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat
index f60be3887..a8c8a7097 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat
@@ -7,11 +7,11 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
index 69b0757fd..0f02a1a11 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/test.conf
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/transport-ikev1/description.txt b/testing/tests/ipv6/transport-ikev1/description.txt
index 2d54790aa..c464aa25b 100644
--- a/testing/tests/ipv6/transport-ikev1/description.txt
+++ b/testing/tests/ipv6/transport-ikev1/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the protected traffic. In order to test both the transport connection
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is
+successfully set up. The authentication is based on X.509 certificates. Upon the
+successful establishment of the IPsec SA, automatically inserted ip6tables-based
+firewall rules let pass the protected traffic. In order to test both the transport
+connection and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to
+<b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/transport-ikev1/evaltest.dat b/testing/tests/ipv6/transport-ikev1/evaltest.dat
index 5ae9d2c12..736425d36 100644
--- a/testing/tests/ipv6/transport-ikev1/evaltest.dat
+++ b/testing/tests/ipv6/transport-ikev1/evaltest.dat
@@ -1,9 +1,7 @@
-moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
moon::ip xfrm state::mode transport::YES
sun:: ip xfrm state::mode transport::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=1 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 dh-group=CURVE_25519.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..016d51707
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
index 02280ac2f..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
- fragment_size = 1024
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..deee09d83
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 1
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev1/posttest.dat b/testing/tests/ipv6/transport-ikev1/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/transport-ikev1/posttest.dat
+++ b/testing/tests/ipv6/transport-ikev1/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/transport-ikev1/pretest.dat b/testing/tests/ipv6/transport-ikev1/pretest.dat
index 46c015387..7ab42a1ce 100644
--- a/testing/tests/ipv6/transport-ikev1/pretest.dat
+++ b/testing/tests/ipv6/transport-ikev1/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection host-host
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host 2> /dev/null
diff --git a/testing/tests/ipv6/transport-ikev1/test.conf b/testing/tests/ipv6/transport-ikev1/test.conf
index e1d17aa16..459baf2d9 100644
--- a/testing/tests/ipv6/transport-ikev1/test.conf
+++ b/testing/tests/ipv6/transport-ikev1/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="moon winnetou sun"
-
+
# Corresponding block diagram
#
DIAGRAM="m-w-s-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ipv6/transport-ikev2/description.txt b/testing/tests/ipv6/transport-ikev2/description.txt
index 2d54790aa..c464aa25b 100644
--- a/testing/tests/ipv6/transport-ikev2/description.txt
+++ b/testing/tests/ipv6/transport-ikev2/description.txt
@@ -1,5 +1,6 @@
-An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
-The authentication is based on X.509 certificates. Upon the successful establishment of
-the IPsec SA, <b>leftfirewall=yes</b> automatically inserts ip6tables-based firewall
-rules that let pass the protected traffic. In order to test both the transport connection
-and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
+An IPv6 ESP transport connection between the hosts <b>moon</b> and <b>sun</b> is
+successfully set up. The authentication is based on X.509 certificates. Upon the
+successful establishment of the IPsec SA, automatically inserted ip6tables-based
+firewall rules let pass the protected traffic. In order to test both the transport
+connection and the firewall rules, <b>moon</b> sends an IPv6 ICMP request to
+<b>sun</b> using the ping6 command.
diff --git a/testing/tests/ipv6/transport-ikev2/evaltest.dat b/testing/tests/ipv6/transport-ikev2/evaltest.dat
index 0dfba54ea..48ddcd069 100644
--- a/testing/tests/ipv6/transport-ikev2/evaltest.dat
+++ b/testing/tests/ipv6/transport-ikev2/evaltest.dat
@@ -1,10 +1,7 @@
-moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
moon::ip xfrm state::mode transport::YES
sun:: ip xfrm state::mode transport::YES
moon::ping6 -c 1 -p deadbeef ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:1/128] remote-ts=\[fec0:\:2/128]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=fec0:\:2 local-port=500 local-id=sun.strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TRANSPORT protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:2/128] remote-ts=\[fec0:\:1/128]::YES
sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES
sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..2f06bbab4
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::1
+ remote_addrs = fec0::2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
index 3a52f0db6..15f8ad5bc 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
}
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..dc981a7a7
--- /dev/null
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,34 @@
+connections {
+
+ host-host {
+ local_addrs = fec0::2
+ remote_addrs = fec0::1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ mode = transport
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+authorities {
+ strongswan {
+ cacert = strongswanCert.pem
+ crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl
+ }
+}
diff --git a/testing/tests/ipv6/transport-ikev2/posttest.dat b/testing/tests/ipv6/transport-ikev2/posttest.dat
index d3bebd0c6..c0ba6f672 100644
--- a/testing/tests/ipv6/transport-ikev2/posttest.dat
+++ b/testing/tests/ipv6/transport-ikev2/posttest.dat
@@ -1,5 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::ip6tables-restore < /etc/ip6tables.flush
diff --git a/testing/tests/ipv6/transport-ikev2/pretest.dat b/testing/tests/ipv6/transport-ikev2/pretest.dat
index 46c015387..cb7fe951f 100644
--- a/testing/tests/ipv6/transport-ikev2/pretest.dat
+++ b/testing/tests/ipv6/transport-ikev2/pretest.dat
@@ -2,8 +2,8 @@ moon::iptables-restore < /etc/iptables.drop
sun::iptables-restore < /etc/iptables.drop
moon::ip6tables-restore < /etc/ip6tables.rules
sun::ip6tables-restore < /etc/ip6tables.rules
-moon::ipsec start
-sun::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection host-host
sun::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host
diff --git a/testing/tests/ipv6/transport-ikev2/test.conf b/testing/tests/ipv6/transport-ikev2/test.conf
index e1d17aa16..459baf2d9 100644
--- a/testing/tests/ipv6/transport-ikev2/test.conf
+++ b/testing/tests/ipv6/transport-ikev2/test.conf
@@ -6,7 +6,7 @@
# All guest instances that are required for this test
#
VIRTHOSTS="moon winnetou sun"
-
+
# Corresponding block diagram
#
DIAGRAM="m-w-s-ip6.png"
@@ -23,3 +23,7 @@ IPSECHOSTS="moon sun"
# IP protocol used by IPsec is IPv6
#
IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/host2host-cert/evaltest.dat b/testing/tests/libipsec/host2host-cert/evaltest.dat
index 77c2528ea..f482c558a 100644
--- a/testing/tests/libipsec/host2host-cert/evaltest.dat
+++ b/testing/tests/libipsec/host2host-cert/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES
+moon::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.2/32]
+sun::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*host-host.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.1/32]
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 6e8329a44..000000000
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn host-host
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- auto=add
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
index c8897b084..7fac82eb7 100644
--- a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+
multiple_authentication = no
plugins {
diff --git a/testing/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..8f8b04029
--- /dev/null
+++ b/testing/tests/libipsec/host2host-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,26 @@
+connections {
+
+ host-host {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /etc/updown
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index becb97e04..000000000
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn host-host
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- auto=add
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
index c8897b084..7fac82eb7 100644
--- a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+
multiple_authentication = no
plugins {
diff --git a/testing/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..a0739647c
--- /dev/null
+++ b/testing/tests/libipsec/host2host-cert/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,26 @@
+connections {
+
+ host-host {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ host-host {
+ updown = /etc/updown
+ esp_proposals = aes128-sha256-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/host2host-cert/posttest.dat b/testing/tests/libipsec/host2host-cert/posttest.dat
index 8b6052f38..23ebee582 100644
--- a/testing/tests/libipsec/host2host-cert/posttest.dat
+++ b/testing/tests/libipsec/host2host-cert/posttest.dat
@@ -1,5 +1,6 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike host-host 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::sysctl --pattern net.ipv4.conf.all.rp_filter --system
diff --git a/testing/tests/libipsec/host2host-cert/pretest.dat b/testing/tests/libipsec/host2host-cert/pretest.dat
index 35c0f3e1c..00e5c199f 100644
--- a/testing/tests/libipsec/host2host-cert/pretest.dat
+++ b/testing/tests/libipsec/host2host-cert/pretest.dat
@@ -2,8 +2,8 @@ moon::sysctl -w net.ipv4.conf.all.rp_filter=2
sun::sysctl -w net.ipv4.conf.all.rp_filter=2
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection host-host
moon::expect-connection host-host
-moon::ipsec up host-host
+moon::swanctl --initiate --child host-host 2> /dev/null
diff --git a/testing/tests/libipsec/host2host-cert/test.conf b/testing/tests/libipsec/host2host-cert/test.conf
index 9647dc6a2..52d886dcc 100644
--- a/testing/tests/libipsec/host2host-cert/test.conf
+++ b/testing/tests/libipsec/host2host-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat
index 9365a8f44..36c0ee781 100644
--- a/testing/tests/libipsec/net2net-3des/evaltest.dat
+++ b/testing/tests/libipsec/net2net-3des/evaltest.dat
@@ -1,11 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
-sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
-moon::ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
-sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES]
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 141b4a3ed..000000000
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp2048!
- esp=3des-sha1-modp2048!
- mobike=no
-
-conn net-net
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
index 467da3ac9..2d6b814dd 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..fe2a4dd75
--- /dev/null
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = 3des-sha1-modp2048
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = 3des-sha1-modp2048
+ }
+}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index 0108a04a3..000000000
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp2048!
- esp=3des-sha1-modp2048!
- mobike=no
-
-conn net-net
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
index 467da3ac9..2d6b814dd 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..54c35b3e1
--- /dev/null
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = 3des-sha1-modp2048
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = 3des-sha1-modp2048
+ }
+}
diff --git a/testing/tests/libipsec/net2net-3des/posttest.dat b/testing/tests/libipsec/net2net-3des/posttest.dat
index 1f7aa73a1..755f0e5f8 100644
--- a/testing/tests/libipsec/net2net-3des/posttest.dat
+++ b/testing/tests/libipsec/net2net-3des/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-3des/pretest.dat b/testing/tests/libipsec/net2net-3des/pretest.dat
index bcc2cb04d..9440ddab0 100644
--- a/testing/tests/libipsec/net2net-3des/pretest.dat
+++ b/testing/tests/libipsec/net2net-3des/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
-sun::expect-connection net-net
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-3des/test.conf b/testing/tests/libipsec/net2net-3des/test.conf
index 646b8b3e6..07a3b247a 100644
--- a/testing/tests/libipsec/net2net-3des/test.conf
+++ b/testing/tests/libipsec/net2net-3des/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/description.txt b/testing/tests/libipsec/net2net-cert-ipv6/description.txt
new file mode 100644
index 000000000..ab582c3a5
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/description.txt
@@ -0,0 +1,14 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b> and the <b>kernel-libipsec</b>
+plugin is used for userland IPsec ESP encryption.
+<p/>
+Upon the successful establishment of the IPsec tunnel, an updown script automatically
+inserts iptables-based firewall rules that let pass the traffic tunneled via the
+<b>ipsec0</b> tun interface. In order to test both tunnel and firewall, client <b>alice</b>
+behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
+<p/>
+This scenario is mainly to test how fragmented IPv6 packets are handled (e.g. determining
+the protocol via IPv6 extension headers). Three pings are required due to PMTUD, the first
+is rejected by <b>moon</b>, so <b>alice</b> adjusts the MTU. The second gets through,
+but the response is rejected by <b>sun</b>, so <b>bob</b> will adjust the MTU. The third
+finally is successful.
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat b/testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat
new file mode 100644
index 000000000..e9a30b9ac
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/evaltest.dat
@@ -0,0 +1,5 @@
+alice::ping6 -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef ip6-bob.strongswan.org::8192 bytes from ip6-bob.strongswan.org: icmp_seq=3::YES
+moon ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=ECP_384.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[fec1::/16\[ipv6-icmp]] remote-ts=\[fec2::/16\[ipv6-icmp]]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_384_192 prf-alg=PRF_HMAC_SHA2_384 dh-group=ECP_384.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=256.*local-ts=\[fec2::/16\[ipv6-icmp]] remote-ts=\[fec1::/16\[ipv6-icmp]]::YES
+sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
+sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..6870d32fe
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 x509 openssl curl revocation vici kernel-libipsec kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..586cc57c1
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec1::0/16[ipv6-icmp]
+ remote_ts = fec2::0/16[ipv6-icmp]
+
+ updown = /etc/updown
+ esp_proposals = aes256gcm128-ecp384
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes256-sha384-ecp384
+ }
+}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/updown
index 6a5b18de6..e7c3640d4 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/updown
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/moon/etc/updown
@@ -223,50 +223,21 @@ case "$PLUTO_VERB:$1" in
up-host:)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
down-host:)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
PLUTO_INTERFACE=ipsec0
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
+ iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
;;
down-client:)
# connection to my client subnet going down
@@ -278,18 +249,6 @@ down-client:)
iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
;;
up-host:iptables)
# connection to me, with (left/right)firewall=yes, coming up
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..6870d32fe
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 x509 openssl curl revocation vici kernel-libipsec kernel-netlink socket-default updown
+ multiple_authentication = no
+}
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..74977608d
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = fec2::0/16[ipv6-icmp]
+ remote_ts = fec1::0/16[ipv6-icmp]
+
+ updown = /etc/updown
+ esp_proposals = aes256gcm128-ecp384
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes256-sha384-ecp384
+ }
+}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/updown
index 6a5b18de6..e7c3640d4 100755
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/updown
+++ b/testing/tests/libipsec/net2net-cert-ipv6/hosts/sun/etc/updown
@@ -223,50 +223,21 @@ case "$PLUTO_VERB:$1" in
up-host:)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
down-host:)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
PLUTO_INTERFACE=ipsec0
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
+ iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
;;
down-client:)
# connection to my client subnet going down
@@ -278,18 +249,6 @@ down-client:)
iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
;;
up-host:iptables)
# connection to me, with (left/right)firewall=yes, coming up
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/posttest.dat b/testing/tests/libipsec/net2net-cert-ipv6/posttest.dat
new file mode 100644
index 000000000..8cbf20027
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/posttest.dat
@@ -0,0 +1,9 @@
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
+alice::"ip route del fec2:\:/16 via fec1:\:1"
+moon::"ip route del fec2:\:/16 via fec0:\:2"
+sun::"ip route del fec1:\:/16 via fec0:\:1"
+bob::"ip route del fec1:\:/16 via fec2:\:1"
+moon::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/pretest.dat b/testing/tests/libipsec/net2net-cert-ipv6/pretest.dat
new file mode 100644
index 000000000..20aca8291
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+alice::"ip route add fec2:\:/16 via fec1:\:1"
+moon::"ip route add fec2:\:/16 via fec0:\:2"
+sun::"ip route add fec1:\:/16 via fec0:\:1"
+bob::"ip route add fec1:\:/16 via fec2:\:1"
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-cert-ipv6/test.conf b/testing/tests/libipsec/net2net-cert-ipv6/test.conf
new file mode 100644
index 000000000..07a3b247a
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert-ipv6/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-cert/evaltest.dat b/testing/tests/libipsec/net2net-cert/evaltest.dat
index e489fec64..5364c1e82 100644
--- a/testing/tests/libipsec/net2net-cert/evaltest.dat
+++ b/testing/tests/libipsec/net2net-cert/evaltest.dat
@@ -1,7 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES]
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 631adfcd3..000000000
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
index fa7c0ece2..e6a98b407 100644
--- a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..239b7a4fe
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index b16440aa1..000000000
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- mobike=no
-
-conn net-net
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
index fa7c0ece2..e6a98b407 100644
--- a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..75b1c46f1
--- /dev/null
+++ b/testing/tests/libipsec/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/libipsec/net2net-cert/posttest.dat b/testing/tests/libipsec/net2net-cert/posttest.dat
index 1f7aa73a1..755f0e5f8 100644
--- a/testing/tests/libipsec/net2net-cert/posttest.dat
+++ b/testing/tests/libipsec/net2net-cert/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-cert/pretest.dat b/testing/tests/libipsec/net2net-cert/pretest.dat
index bcc2cb04d..9440ddab0 100644
--- a/testing/tests/libipsec/net2net-cert/pretest.dat
+++ b/testing/tests/libipsec/net2net-cert/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
-sun::expect-connection net-net
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-cert/test.conf b/testing/tests/libipsec/net2net-cert/test.conf
index 646b8b3e6..07a3b247a 100644
--- a/testing/tests/libipsec/net2net-cert/test.conf
+++ b/testing/tests/libipsec/net2net-cert/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/net2net-null/evaltest.dat b/testing/tests/libipsec/net2net-null/evaltest.dat
index c1aae4032..af619f4b8 100644
--- a/testing/tests/libipsec/net2net-null/evaltest.dat
+++ b/testing/tests/libipsec/net2net-null/evaltest.dat
@@ -1,11 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-moon::ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
-sun:: ipsec statusall 2> /dev/null::net-net\[1].*NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
-moon::ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES
-sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*NULL/HMAC_SHA2_256::YES
+moon ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=NULL integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=NULL integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun ::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=NULL integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=NULL integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index f206a16fb..000000000
--- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=null-sha256-modp3072!
- esp=null-sha256-modp3072!
- mobike=no
-
-conn net-net
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
index 2beff1b76..9e2091f31 100644
--- a/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 revocation openssl curl vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..15b978249
--- /dev/null
+++ b/testing/tests/libipsec/net2net-null/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = null-sha256-modp3072
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = null-sha256-modp3072
+ }
+}
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index 21b116595..000000000
--- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=null-sha256-modp3072!
- esp=null-sha256-modp3072!
- mobike=no
-
-conn net-net
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
index 2beff1b76..9e2091f31 100644
--- a/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce pem pkcs1 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce pem pkcs1 revocation openssl curl vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..df65eb085
--- /dev/null
+++ b/testing/tests/libipsec/net2net-null/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = null-sha256-modp3072
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = null-sha256-modp3072
+ }
+}
diff --git a/testing/tests/libipsec/net2net-null/posttest.dat b/testing/tests/libipsec/net2net-null/posttest.dat
index 1f7aa73a1..755f0e5f8 100644
--- a/testing/tests/libipsec/net2net-null/posttest.dat
+++ b/testing/tests/libipsec/net2net-null/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-null/pretest.dat b/testing/tests/libipsec/net2net-null/pretest.dat
index bcc2cb04d..9440ddab0 100644
--- a/testing/tests/libipsec/net2net-null/pretest.dat
+++ b/testing/tests/libipsec/net2net-null/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
-sun::expect-connection net-net
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-null/test.conf b/testing/tests/libipsec/net2net-null/test.conf
index 646b8b3e6..07a3b247a 100644
--- a/testing/tests/libipsec/net2net-null/test.conf
+++ b/testing/tests/libipsec/net2net-null/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/libipsec/rw-suite-b/description.txt b/testing/tests/libipsec/rw-suite-b/description.txt
deleted file mode 100644
index a1b09405a..000000000
--- a/testing/tests/libipsec/rw-suite-b/description.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
-The authentication is based on Suite B with <b>128 bit</b> security based on <b>X.509 ECDSA</b>
-certificates, <b>ECP Diffie-Hellman</b> groups and <b>AES-GCM</b> authenticated encryption.
-The <b>kernel-libipsec</b> plugin is used for userland IPsec AES-GCM authenticated ESP
-encryption.
-<p/>
-Upon the successful establishment of the IPsec tunnel, an updown script automatically
-inserts iptables-based firewall rules that let pass the traffic tunneled via the <b>ipsec0</b>
-tun interface. In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/libipsec/rw-suite-b/evaltest.dat b/testing/tests/libipsec/rw-suite-b/evaltest.dat
deleted file mode 100644
index 487a21c57..000000000
--- a/testing/tests/libipsec/rw-suite-b/evaltest.dat
+++ /dev/null
@@ -1,19 +0,0 @@
-carol::cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-dave:: cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-moon:: cat /var/log/daemon.log::openssl FIPS mode(2) - enabled::YES
-moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA_WITH_SHA256_DER successful::YES
-moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA_WITH_SHA256_DER successful::YES
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-moon::tcpdump::IP carol.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > carol.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
-moon::tcpdump::IP dave.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > dave.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index 8106e28d2..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes128gcm128-prfsha256-ecp256!
- esp=aes128gcm128-ecp256!
-
-conn home
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- leftid=carol@strongswan.org
- leftsourceip=%config
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 3480a434a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index a85635faf..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
-A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
-zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
-BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
-GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
-bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
-YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
-nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
-Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
-hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index d29ddb9ee..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIMDstKxdv/vNBPfM8iHvn5g5/8T5aRSnlh27HHt6iTfGoAoGCCqGSM49
-AwEHoUQDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAjBuX3bs5ZIn7B
-rRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2nw==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 3d6725162..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA carolKey.pem
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 4ab9a617f..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
-
- initiator_only = yes
-
- plugins {
- openssl {
- fips_mode = 2
- }
- }
-}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 9b6ca682a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=aes128gcm128-prfsha256-ecp256!
- esp=aes128gcm128-ecp256!
-
-conn home
- left=PH_IP_DAVE
- leftcert=daveCert.pem
- leftid=dave@strongswan.org
- leftsourceip=%config
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 3480a434a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem
deleted file mode 100644
index c83be145d..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICXDCCAb2gAwIBAgIBCzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
-A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzMyOFoXDTE4MDYwMjA3MzMyOFowXjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQ0aUuue3BcBvF6aEISID4c+mVBJyvSm2fPVRRkAQqh
-RktTHMYDWY6B8e/iGr4GDeF5bjr46vMB5eEtVx3chWbQo4GBMH8wHwYDVR0jBBgw
-FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
-d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAd5ols9c
-CP6HPtfMXbPlSpUDKSRyB3c5Ix2Yn3z5ogMM1QSoS88FW8D7KKsb0qTY5TnlAls3
-45PmauVwEbI2cV6qAkIBphvsmhYWMnt/QMOij7DinihEL9Ib1vxOS2boUos6sHWi
-gj3wfHyfgHM3Pgt0YYoZxELDIxcLVJeoa1TmNey7IaI=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem
deleted file mode 100644
index 17e94022e..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEICwxFtCsSqIAzwZDyxHclTRdz/tGzAY7fP/vPoxqr8vuoAoGCCqGSM49
-AwEHoUQDQgAENGlLrntwXAbxemhCEiA+HPplQScr0ptnz1UUZAEKoUZLUxzGA1mO
-gfHv4hq+Bg3heW46+OrzAeXhLVcd3IVm0A==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index ebd3a2839..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA daveKey.pem
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush
deleted file mode 100644
index b3ab63c51..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.flush
+++ /dev/null
@@ -1,21 +0,0 @@
-*filter
-
--F
-
--P INPUT ACCEPT
--P OUTPUT ACCEPT
--P FORWARD ACCEPT
-
-COMMIT
-
-*nat
-
--F
-
-COMMIT
-
-*mangle
-
--F
-
-COMMIT
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules
deleted file mode 100644
index 3d99c0197..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/iptables.rules
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-# allow traffic tunnelled via IPsec
--A INPUT -i eth0 -m policy --dir in --pol ipsec --proto esp -j ACCEPT
--A OUTPUT -o eth0 -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 4ab9a617f..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
-
- initiator_only = yes
-
- plugins {
- openssl {
- fips_mode = 2
- }
- }
-}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index abb34ac91..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- charondebug="knl 3, esp 3"
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekey=no
- reauth=no
- keyexchange=ikev2
- ike=aes128gcm128-prfsha256-ecp256!
- esp=aes128gcm128-ecp256!
-
-conn rw
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=%any
- rightsourceip=10.3.0.0/24
- auto=add
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 3480a434a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem
deleted file mode 100644
index a3b043e82..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICXDCCAb2gAwIBAgIBBzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
-A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MTc0M1oXDTE4MDYwMjA3MTc0M1owXjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAATf97+pfDnyPIA9gf6bYTZiIjNBAbCjCIqxxWou/oMq
-/9V1O20vyI/dg2g3yzTdzESUa+X81fop+i2n9ymBqI1No4GBMH8wHwYDVR0jBBgw
-FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
-d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCALNndw3C
-DDWCb0f+6P6hxkqiYmUpv39XrioZrLbw+MjMD2WAchbj60KibBep1cVwIq3kWIJ6
-Jj0tYXG+f6yjmImqAkIBGOGRm+MQZxPFdYZoJZq5QXwIN0w2hJxmLIxBASW4PLdl
-RLIlvW/XTJObdb0VVYmClg0HTSvuuYOJrzwdyd8D1w0=
------END CERTIFICATE-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem
deleted file mode 100644
index 5bd2778a9..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIHWBnv6tDi/CTTWOQi/0XME7r8Wd5GRPaXx3wNTElpSvoAoGCCqGSM49
-AwEHoUQDQgAE3/e/qXw58jyAPYH+m2E2YiIzQQGwowiKscVqLv6DKv/VdTttL8iP
-3YNoN8s03cxElGvl/NX6Kfotp/cpgaiNTQ==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 1ef3eccb5..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA moonKey.pem
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index d68b6e57a..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
- load = random nonce pem pkcs1 pkcs8 x509 revocation openssl curl stroke kernel-libipsec kernel-netlink socket-default updown
-
- plugins {
- openssl {
- fips_mode = 2
- }
- }
-}
diff --git a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown b/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
deleted file mode 100755
index 6a5b18de6..000000000
--- a/testing/tests/libipsec/rw-suite-b/hosts/moon/etc/updown
+++ /dev/null
@@ -1,638 +0,0 @@
-#!/bin/sh
-# default updown script
-#
-# Copyright (C) 2003-2004 Nigel Meteringham
-# Copyright (C) 2003-2004 Tuomo Soini
-# Copyright (C) 2002-2004 Michael Richardson
-# Copyright (C) 2005-2007 Andreas Steffen <andreas.steffen@strongswan.org>
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# for more details.
-
-# CAUTION: Installing a new version of strongSwan will install a new
-# copy of this script, wiping out any custom changes you make. If
-# you need changes, make a copy of this under another name, and customize
-# that, and use the (left/right)updown parameters in ipsec.conf to make
-# strongSwan use yours instead of this default one.
-
-# PLUTO_VERSION
-# indicates what version of this interface is being
-# used. This document describes version 1.1. This
-# is upwardly compatible with version 1.0.
-#
-# PLUTO_VERB
-# specifies the name of the operation to be performed
-# (prepare-host, prepare-client, up-host, up-client,
-# down-host, or down-client). If the address family
-# for security gateway to security gateway communica-
-# tions is IPv6, then a suffix of -v6 is added to the
-# verb.
-#
-# PLUTO_CONNECTION
-# is the name of the connection for which we are
-# routing.
-#
-# PLUTO_INTERFACE
-# is the name of the ipsec interface to be used.
-#
-# PLUTO_REQID
-# is the requid of the AH|ESP policy
-#
-# PLUTO_PROTO
-# is the negotiated IPsec protocol, ah|esp
-#
-# PLUTO_IPCOMP
-# is not empty if IPComp was negotiated
-#
-# PLUTO_UNIQUEID
-# is the unique identifier of the associated IKE_SA
-#
-# PLUTO_ME
-# is the IP address of our host.
-#
-# PLUTO_MY_ID
-# is the ID of our host.
-#
-# PLUTO_MY_CLIENT
-# is the IP address / count of our client subnet. If
-# the client is just the host, this will be the
-# host's own IP address / max (where max is 32 for
-# IPv4 and 128 for IPv6).
-#
-# PLUTO_MY_SOURCEIP
-# PLUTO_MY_SOURCEIP4_$i
-# PLUTO_MY_SOURCEIP6_$i
-# contains IPv4/IPv6 virtual IP received from a responder,
-# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_MY_SOURCEIP is a legacy variable and equal to the first
-# virtual IP, IPv4 or IPv6.
-#
-# PLUTO_MY_PROTOCOL
-# is the IP protocol that will be transported.
-#
-# PLUTO_MY_PORT
-# is the UDP/TCP port to which the IPsec SA is
-# restricted on our side. For ICMP/ICMPv6 this contains the
-# message type, and PLUTO_PEER_PORT the message code.
-#
-# PLUTO_PEER
-# is the IP address of our peer.
-#
-# PLUTO_PEER_ID
-# is the ID of our peer.
-#
-# PLUTO_PEER_CLIENT
-# is the IP address / count of the peer's client sub-
-# net. If the client is just the peer, this will be
-# the peer's own IP address / max (where max is 32
-# for IPv4 and 128 for IPv6).
-#
-# PLUTO_PEER_SOURCEIP
-# PLUTO_PEER_SOURCEIP4_$i
-# PLUTO_PEER_SOURCEIP6_$i
-# contains IPv4/IPv6 virtual IP sent to an initiator,
-# $i enumerates from 1 to the number of IP per address family.
-# PLUTO_PEER_SOURCEIP is a legacy variable and equal to the first
-# virtual IP, IPv4 or IPv6.
-#
-# PLUTO_PEER_PROTOCOL
-# is the IP protocol that will be transported.
-#
-# PLUTO_PEER_PORT
-# is the UDP/TCP port to which the IPsec SA is
-# restricted on the peer side. For ICMP/ICMPv6 this contains the
-# message code, and PLUTO_MY_PORT the message type.
-#
-# PLUTO_XAUTH_ID
-# is an optional user ID employed by the XAUTH protocol
-#
-# PLUTO_MARK_IN
-# is an optional XFRM mark set on the inbound IPsec SA
-#
-# PLUTO_MARK_OUT
-# is an optional XFRM mark set on the outbound IPsec SA
-#
-# PLUTO_UDP_ENC
-# contains the remote UDP port in the case of ESP_IN_UDP
-# encapsulation
-#
-# PLUTO_DNS4_$i
-# PLUTO_DNS6_$i
-# contains IPv4/IPv6 DNS server attribute received from a
-# responder, $i enumerates from 1 to the number of servers per
-# address family.
-#
-
-# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin"
-export PATH
-
-# comment to disable logging VPN connections to syslog
-VPN_LOGGING=1
-#
-# tag put in front of each log entry:
-TAG=vpn
-#
-# syslog facility and priority used:
-FAC_PRIO=local0.notice
-#
-# to create a special vpn logging file, put the following line into
-# the syslog configuration file /etc/syslog.conf:
-#
-# local0.notice -/var/log/vpn
-
-# check interface version
-case "$PLUTO_VERSION" in
-1.[0|1]) # Older release?!? Play it safe, script may be using new features.
- echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
- echo "$0: called by obsolete release?" >&2
- exit 2
- ;;
-1.*) ;;
-*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
- exit 2
- ;;
-esac
-
-# check parameter(s)
-case "$1:$*" in
-':') # no parameters
- ;;
-iptables:iptables) # due to (left/right)firewall; for default script only
- ;;
-custom:*) # custom parameters (see above CAUTION comment)
- ;;
-*) echo "$0: unknown parameters \`$*'" >&2
- exit 2
- ;;
-esac
-
-IPSEC_POLICY="-m policy --pol ipsec --proto $PLUTO_PROTO --reqid $PLUTO_REQID"
-IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-
-# use protocol specific options to set ports
-case "$PLUTO_MY_PROTOCOL" in
-1) # ICMP
- ICMP_TYPE_OPTION="--icmp-type"
- ;;
-58) # ICMPv6
- ICMP_TYPE_OPTION="--icmpv6-type"
- ;;
-*)
- ;;
-esac
-
-# are there port numbers?
-if [ "$PLUTO_MY_PORT" != 0 ]
-then
- if [ -n "$ICMP_TYPE_OPTION" ]
- then
- S_MY_PORT="$ICMP_TYPE_OPTION $PLUTO_MY_PORT"
- D_MY_PORT="$ICMP_TYPE_OPTION $PLUTO_MY_PORT"
- else
- S_MY_PORT="--sport $PLUTO_MY_PORT"
- D_MY_PORT="--dport $PLUTO_MY_PORT"
- fi
-fi
-if [ "$PLUTO_PEER_PORT" != 0 ]
-then
- if [ -n "$ICMP_TYPE_OPTION" ]
- then
- # the syntax is --icmp[v6]-type type[/code], so add it to the existing option
- S_MY_PORT="$S_MY_PORT/$PLUTO_PEER_PORT"
- D_MY_PORT="$D_MY_PORT/$PLUTO_PEER_PORT"
- else
- S_PEER_PORT="--sport $PLUTO_PEER_PORT"
- D_PEER_PORT="--dport $PLUTO_PEER_PORT"
- fi
-fi
-
-# resolve octal escape sequences
-PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
-PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
-
-case "$PLUTO_VERB:$1" in
-up-host:)
- # connection to me coming up
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- ;;
-down-host:)
- # connection to me going down
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- ;;
-up-client:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
- ;;
-down-client:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
- PLUTO_INTERFACE=ipsec0
- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- fi
- ;;
-up-host:iptables)
- # connection to me, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # allow IPIP traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed)
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-down-host:iptables)
- # connection to me, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # IPIP exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-up-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # allow IPIP traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed).
- # INPUT is correct here even for forwarded traffic.
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-down-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
- then
- iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # IPIP exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-#
-# IPv6
-#
-up-host-v6:)
- # connection to me coming up
- # If you are doing a custom version, firewall commands go here.
- ;;
-down-host-v6:)
- # connection to me going down
- # If you are doing a custom version, firewall commands go here.
- ;;
-up-client-v6:)
- # connection to my client subnet coming up
- # If you are doing a custom version, firewall commands go here.
- ;;
-down-client-v6:)
- # connection to my client subnet going down
- # If you are doing a custom version, firewall commands go here.
- ;;
-up-host-v6:iptables)
- # connection to me, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # allow IP6IP6 traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed)
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-down-host-v6:iptables)
- # connection to me, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
- #
- # IP6IP6 exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec host connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
- fi
- fi
- ;;
-up-client-v6:iptables)
- # connection to client subnet, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
- then
- ip6tables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- ip6tables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # allow IP6IP6 traffic because of the implicit SA created by the kernel if
- # IPComp is used (for small inbound packets that are not compressed).
- # INPUT is correct here even for forwarded traffic.
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection setup
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO \
- "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-down-client-v6:iptables)
- # connection to client subnet, with (left/right)firewall=yes, going down
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
- if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
- then
- ip6tables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- ip6tables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # a virtual IP requires an INPUT and OUTPUT rule on the host
- # or sometimes host access via the internal IP is needed
- if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
- then
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
- -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
- -d $PLUTO_MY_CLIENT $D_MY_PORT \
- $IPSEC_POLICY_IN -j ACCEPT
- ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
- -s $PLUTO_MY_CLIENT $S_MY_PORT \
- -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
- $IPSEC_POLICY_OUT -j ACCEPT
- fi
- #
- # IP6IP6 exception teardown
- if [ -n "$PLUTO_IPCOMP" ]
- then
- ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \
- -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
- fi
- #
- # log IPsec client connection teardown
- if [ $VPN_LOGGING ]
- then
- if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/128" ]
- then
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- else
- logger -t $TAG -p $FAC_PRIO -- \
- "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
- fi
- fi
- ;;
-*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
- exit 1
- ;;
-esac
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
index c8f63bced..ee8cbcdef 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
index f2c60511b..f5b116b3b 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -3,4 +3,9 @@
charon {
load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
index 28a5cad31..2236a5f71 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="tls 2"
-
conn %default
ikelifetime=60m
keylife=20m
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
index 7af4b4e37..4aa2068f4 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -3,6 +3,11 @@
charon {
load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
+ syslog {
+ daemon {
+ tls = 2
+ }
+ }
}
libtls {
diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf
index dcd98b4de..ec3daa00a 100644
--- a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,5 @@
# /etc/ipsec.conf - strongSwan IPsec configuration file
-config setup
- charondebug="knl 2"
-
conn %default
ikelifetime=60m
lifetime=10s
diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
index 4234eb134..855ba919d 100644
--- a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
@@ -4,4 +4,9 @@ charon {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
# remove rekeyed inbound SA a bit quicker for the test scenario
delete_rekeyed_delay = 2
+ syslog {
+ daemon {
+ knl = 2
+ }
+ }
}
diff --git a/testing/tests/sql/ip-pool-db-expired/evaltest.dat b/testing/tests/sql/ip-pool-db-expired/evaltest.dat
index a105fc040..cf289abd0 100644
--- a/testing/tests/sql/ip-pool-db-expired/evaltest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/evaltest.dat
@@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
moon:: cat /var/log/daemon.log::assigning virtual IP::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.1] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.1/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
-moon:: ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.0.6.*1h.*2::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*remote-vips=\[10.3.0.2] child-sas.*rw.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.3.0.2/32]::YES
+moon:: ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.0.6.*60m.*2::YES
moon:: ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
moon:: ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/sql/ip-pool-db-expired/posttest.dat b/testing/tests/sql/ip-pool-db-expired/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/ip-pool-db-expired/posttest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/ip-pool-db-expired/pretest.dat b/testing/tests/sql/ip-pool-db-expired/pretest.dat
index 068d72917..f8b710495 100644
--- a/testing/tests/sql/ip-pool-db-expired/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-expired/pretest.dat
@@ -5,12 +5,15 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --leases 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-pool-db-restart/posttest.dat b/testing/tests/sql/ip-pool-db-restart/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/ip-pool-db-restart/posttest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/ip-pool-db-restart/pretest.dat b/testing/tests/sql/ip-pool-db-restart/pretest.dat
index 374693e36..e918fc238 100644
--- a/testing/tests/sql/ip-pool-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/pretest.dat
@@ -5,12 +5,15 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --leases 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-pool-db/posttest.dat b/testing/tests/sql/ip-pool-db/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/ip-pool-db/posttest.dat
+++ b/testing/tests/sql/ip-pool-db/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/ip-pool-db/pretest.dat b/testing/tests/sql/ip-pool-db/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/ip-pool-db/pretest.dat
+++ b/testing/tests/sql/ip-pool-db/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-split-pools-db-restart/posttest.dat b/testing/tests/sql/ip-split-pools-db-restart/posttest.dat
index b257564dc..ea0241af0 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/posttest.dat
+++ b/testing/tests/sql/ip-split-pools-db-restart/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/sql/ip-split-pools-db-restart/pretest.dat b/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
index d0c7b9c76..084bcd2f4 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-split-pools-db-restart/pretest.dat
@@ -6,9 +6,12 @@ carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --status 2> /dev/null
moon::ipsec pool --leases 2> /dev/null
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/ip-split-pools-db/posttest.dat b/testing/tests/sql/ip-split-pools-db/posttest.dat
index b257564dc..ea0241af0 100644
--- a/testing/tests/sql/ip-split-pools-db/posttest.dat
+++ b/testing/tests/sql/ip-split-pools-db/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/sql/ip-split-pools-db/pretest.dat b/testing/tests/sql/ip-split-pools-db/pretest.dat
index e1f0c22ae..94df5b360 100644
--- a/testing/tests/sql/ip-split-pools-db/pretest.dat
+++ b/testing/tests/sql/ip-split-pools-db/pretest.dat
@@ -5,9 +5,12 @@ moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
moon::ipsec pool --status 2> /dev/null
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/multi-level-ca/posttest.dat b/testing/tests/sql/multi-level-ca/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/multi-level-ca/posttest.dat
+++ b/testing/tests/sql/multi-level-ca/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/multi-level-ca/pretest.dat b/testing/tests/sql/multi-level-ca/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/multi-level-ca/pretest.dat
+++ b/testing/tests/sql/multi-level-ca/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/net2net-cert/posttest.dat b/testing/tests/sql/net2net-cert/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-cert/posttest.dat
+++ b/testing/tests/sql/net2net-cert/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-cert/pretest.dat b/testing/tests/sql/net2net-cert/pretest.dat
index 6580e7604..dd91c3859 100644
--- a/testing/tests/sql/net2net-cert/pretest.dat
+++ b/testing/tests/sql/net2net-cert/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
-moon::expect-connection net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection net-net
sun::expect-connection net-net
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/sql/net2net-psk/posttest.dat b/testing/tests/sql/net2net-psk/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-psk/posttest.dat
+++ b/testing/tests/sql/net2net-psk/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-psk/pretest.dat b/testing/tests/sql/net2net-psk/pretest.dat
index 6580e7604..dd91c3859 100644
--- a/testing/tests/sql/net2net-psk/pretest.dat
+++ b/testing/tests/sql/net2net-psk/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
-moon::expect-connection net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection net-net
sun::expect-connection net-net
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/sql/net2net-route-pem/posttest.dat b/testing/tests/sql/net2net-route-pem/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-route-pem/posttest.dat
+++ b/testing/tests/sql/net2net-route-pem/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-route-pem/pretest.dat b/testing/tests/sql/net2net-route-pem/pretest.dat
index 576bd6738..614109c91 100644
--- a/testing/tests/sql/net2net-route-pem/pretest.dat
+++ b/testing/tests/sql/net2net-route-pem/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection net-net
alice::ping -c 1 -W 1 10.2.0.10
bob::ping -c 1 -W 1 10.1.0.20
diff --git a/testing/tests/sql/net2net-start-pem/posttest.dat b/testing/tests/sql/net2net-start-pem/posttest.dat
index 59badb867..8b792b878 100644
--- a/testing/tests/sql/net2net-start-pem/posttest.dat
+++ b/testing/tests/sql/net2net-start-pem/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/net2net-start-pem/pretest.dat b/testing/tests/sql/net2net-start-pem/pretest.dat
index 8fc6d1a1c..f5eef5528 100644
--- a/testing/tests/sql/net2net-start-pem/pretest.dat
+++ b/testing/tests/sql/net2net-start-pem/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
sun::expect-connection net-net
-moon::service charon start 2> /dev/null
-moon::sleep 4
+moon::systemctl start strongswan-swanctl
+moon::sleep 4
diff --git a/testing/tests/sql/rw-cert/posttest.dat b/testing/tests/sql/rw-cert/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-cert/posttest.dat
+++ b/testing/tests/sql/rw-cert/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-cert/pretest.dat b/testing/tests/sql/rw-cert/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-cert/pretest.dat
+++ b/testing/tests/sql/rw-cert/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-eap-aka-rsa/posttest.dat b/testing/tests/sql/rw-eap-aka-rsa/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/posttest.dat
+++ b/testing/tests/sql/rw-eap-aka-rsa/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-eap-aka-rsa/pretest.dat b/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
index d964629a2..3b1742150 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
+++ b/testing/tests/sql/rw-eap-aka-rsa/pretest.dat
@@ -2,10 +2,12 @@ moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
carol::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap-aka
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-psk-ipv4/posttest.dat b/testing/tests/sql/rw-psk-ipv4/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-psk-ipv4/posttest.dat
+++ b/testing/tests/sql/rw-psk-ipv4/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-psk-ipv4/pretest.dat b/testing/tests/sql/rw-psk-ipv4/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/sql/rw-psk-ipv4/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-psk-ipv6/posttest.dat b/testing/tests/sql/rw-psk-ipv6/posttest.dat
index 3f82576b6..8248b2d4d 100644
--- a/testing/tests/sql/rw-psk-ipv6/posttest.dat
+++ b/testing/tests/sql/rw-psk-ipv6/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-psk-ipv6/pretest.dat b/testing/tests/sql/rw-psk-ipv6/pretest.dat
index 60a1055a2..0659eabbc 100644
--- a/testing/tests/sql/rw-psk-ipv6/pretest.dat
+++ b/testing/tests/sql/rw-psk-ipv6/pretest.dat
@@ -4,6 +4,9 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
@@ -13,9 +16,9 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-psk-rsa-split/posttest.dat b/testing/tests/sql/rw-psk-rsa-split/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-psk-rsa-split/posttest.dat
+++ b/testing/tests/sql/rw-psk-rsa-split/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-psk-rsa-split/pretest.dat b/testing/tests/sql/rw-psk-rsa-split/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-psk-rsa-split/pretest.dat
+++ b/testing/tests/sql/rw-psk-rsa-split/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-rsa-keyid/posttest.dat b/testing/tests/sql/rw-rsa-keyid/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-rsa-keyid/posttest.dat
+++ b/testing/tests/sql/rw-rsa-keyid/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-rsa-keyid/pretest.dat b/testing/tests/sql/rw-rsa-keyid/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-rsa-keyid/pretest.dat
+++ b/testing/tests/sql/rw-rsa-keyid/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/rw-rsa/posttest.dat b/testing/tests/sql/rw-rsa/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/sql/rw-rsa/posttest.dat
+++ b/testing/tests/sql/rw-rsa/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/sql/rw-rsa/pretest.dat b/testing/tests/sql/rw-rsa/pretest.dat
index 4d89bed3e..01a7fdff3 100644
--- a/testing/tests/sql/rw-rsa/pretest.dat
+++ b/testing/tests/sql/rw-rsa/pretest.dat
@@ -4,12 +4,15 @@ dave::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ips
moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
carol::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
dave::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/sql/shunt-policies-nat-rw/posttest.dat b/testing/tests/sql/shunt-policies-nat-rw/posttest.dat
index b02b19357..f66c5c57c 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/posttest.dat
+++ b/testing/tests/sql/shunt-policies-nat-rw/posttest.dat
@@ -1,5 +1,5 @@
-alice::service charon stop 2> /dev/null
-venus::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+alice::systemctl stop strongswan-swanctl
+venus::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
sun::iptables-restore < /etc/iptables.flush
moon::iptables -t nat -F
diff --git a/testing/tests/sql/shunt-policies-nat-rw/pretest.dat b/testing/tests/sql/shunt-policies-nat-rw/pretest.dat
index 8d61e4c87..d95028998 100644
--- a/testing/tests/sql/shunt-policies-nat-rw/pretest.dat
+++ b/testing/tests/sql/shunt-policies-nat-rw/pretest.dat
@@ -4,12 +4,15 @@ sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipse
alice::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
venus::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db
+alice::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+venus::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+sun::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-sun::service charon start 2> /dev/null
-alice::service charon start 2> /dev/null
-venus::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+alice::systemctl start strongswan-swanctl
+venus::systemctl start strongswan-swanctl
sun::expect-connection nat-t
alice::expect-connection nat-t
alice::swanctl --initiate --child nat-t 2> /dev/null
diff --git a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
index ff6e7193e..ad4c18e43 100755
--- a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/config-payload/posttest.dat b/testing/tests/swanctl/config-payload/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/config-payload/posttest.dat
+++ b/testing/tests/swanctl/config-payload/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/config-payload/pretest.dat b/testing/tests/swanctl/config-payload/pretest.dat
index 9c281d032..706c08b5f 100755
--- a/testing/tests/swanctl/config-payload/pretest.dat
+++ b/testing/tests/swanctl/config-payload/pretest.dat
@@ -2,9 +2,9 @@ moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
moon::cat /etc/swanctl/swanctl_base.conf
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-carol
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
index 61ff4005b..48e34abba 100644
--- a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
cache_crls = yes
}
diff --git a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
index 61ff4005b..48e34abba 100644
--- a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
cache_crls = yes
}
diff --git a/testing/tests/swanctl/crl-to-cache/posttest.dat b/testing/tests/swanctl/crl-to-cache/posttest.dat
index 210685a90..58dfa27b8 100644
--- a/testing/tests/swanctl/crl-to-cache/posttest.dat
+++ b/testing/tests/swanctl/crl-to-cache/posttest.dat
@@ -1,4 +1,4 @@
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/x509crl/*
carol::rm /etc/swanctl/x509crl/*
diff --git a/testing/tests/swanctl/crl-to-cache/pretest.dat b/testing/tests/swanctl/crl-to-cache/pretest.dat
index 8f72f9cc7..b9e2a8eee 100644
--- a/testing/tests/swanctl/crl-to-cache/pretest.dat
+++ b/testing/tests/swanctl/crl-to-cache/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
index dda67e0fc..9932df379 100755
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
index dda67e0fc..9932df379 100755
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
index 1f1e0a652..c00d3dc4b 100755
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -4,14 +4,9 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
dhcp {
server = 10.1.255.255
diff --git a/testing/tests/swanctl/dhcp-dynamic/posttest.dat b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
index 87e731511..37e8b02d8 100644
--- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
venus::cat /var/state/dhcp/dhcpd.leases
venus::server isc-dhcp-server stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/dhcp-dynamic/pretest.dat b/testing/tests/swanctl/dhcp-dynamic/pretest.dat
index fd3d1bf5b..ace13851a 100644
--- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/pretest.dat
@@ -3,9 +3,9 @@ carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
venus::cat /etc/dhcp/dhcpd.conf
venus::service isc-dhcp-server start 2> /dev/null
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
index 2a7eaaa15..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
index 2a7eaaa15..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
index 2a7eaaa15..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/frags-ipv4/posttest.dat b/testing/tests/swanctl/frags-ipv4/posttest.dat
index 17e36599c..2b4cc0c1a 100755
--- a/testing/tests/swanctl/frags-ipv4/posttest.dat
+++ b/testing/tests/swanctl/frags-ipv4/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/frags-ipv4/pretest.dat b/testing/tests/swanctl/frags-ipv4/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/frags-ipv4/pretest.dat
+++ b/testing/tests/swanctl/frags-ipv4/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
index f9c0ace55..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
index f9c0ace55..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
index f9c0ace55..6081084f7 100755
--- a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
fragment_size = 1400
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auth = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/frags-ipv6/posttest.dat b/testing/tests/swanctl/frags-ipv6/posttest.dat
index 39b16a9be..07434159c 100755
--- a/testing/tests/swanctl/frags-ipv6/posttest.dat
+++ b/testing/tests/swanctl/frags-ipv6/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/frags-ipv6/pretest.dat b/testing/tests/swanctl/frags-ipv6/pretest.dat
index 9593ac9f8..131ec9937 100755
--- a/testing/tests/swanctl/frags-ipv6/pretest.dat
+++ b/testing/tests/swanctl/frags-ipv6/pretest.dat
@@ -7,9 +7,9 @@ dave::ip6tables-restore < /etc/ip6tables.rules
alice::"ip route add fec0:\:/16 via fec1:\:1"
carol::"ip route add fec1:\:/16 via fec0:\:1"
dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
index 11b1576e4..886b31f9b 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
index be90bde25..886b31f9b 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
index 885d986c3..31cf56d24 100755
--- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
plugins {
attr-sql {
@@ -21,4 +16,5 @@ charon {
pool {
load = sqlite
+ database = sqlite:///etc/db.d/ipsec.db
}
diff --git a/testing/tests/swanctl/ip-pool-db/posttest.dat b/testing/tests/swanctl/ip-pool-db/posttest.dat
index 2644b3941..9767f38a5 100755
--- a/testing/tests/swanctl/ip-pool-db/posttest.dat
+++ b/testing/tests/swanctl/ip-pool-db/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/ip-pool-db/pretest.dat b/testing/tests/swanctl/ip-pool-db/pretest.dat
index 955a3c9be..9573581df 100755
--- a/testing/tests/swanctl/ip-pool-db/pretest.dat
+++ b/testing/tests/swanctl/ip-pool-db/pretest.dat
@@ -7,9 +7,9 @@ moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
index 67e5a616a..ad4c18e43 100755
--- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/ip-pool/posttest.dat b/testing/tests/swanctl/ip-pool/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/ip-pool/posttest.dat
+++ b/testing/tests/swanctl/ip-pool/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/ip-pool/pretest.dat b/testing/tests/swanctl/ip-pool/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/ip-pool/pretest.dat
+++ b/testing/tests/swanctl/ip-pool/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/manual-prio/posttest.dat b/testing/tests/swanctl/manual-prio/posttest.dat
index fd9726374..c9dcaa167 100755
--- a/testing/tests/swanctl/manual-prio/posttest.dat
+++ b/testing/tests/swanctl/manual-prio/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/swanctl/manual-prio/pretest.dat b/testing/tests/swanctl/manual-prio/pretest.dat
index 8613a0189..ba345ffea 100755
--- a/testing/tests/swanctl/manual-prio/pretest.dat
+++ b/testing/tests/swanctl/manual-prio/pretest.dat
@@ -1,9 +1,9 @@
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
carol::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
index 7e2ee002e..54b79b35d 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
index 7e2ee002e..54b79b35d 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
index 40b0c5962..b18ba6809 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
eap-radius {
secret = gv6URkSs
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
index 25354d363..010a4f9c4 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
@@ -1,4 +1,4 @@
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
diff --git a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
index a6909c89f..57d39a5e6 100644
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
@@ -5,9 +5,9 @@ alice::cat /etc/freeradius/triplets.dat
carol::cat /etc/ipsec.d/triplets.dat
dave::cat /etc/ipsec.d/triplets.dat
alice::radiusd
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
index 7c5aca6bf..f3b571a1b 100644
--- a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
index 7c5aca6bf..f3b571a1b 100644
--- a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
index 6d368f08b..f3b571a1b 100644
--- a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/multi-level-ca/posttest.dat b/testing/tests/swanctl/multi-level-ca/posttest.dat
index acac04a3b..53013d08d 100644
--- a/testing/tests/swanctl/multi-level-ca/posttest.dat
+++ b/testing/tests/swanctl/multi-level-ca/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
-carol::rm -r /etc/swanctl
-dave::rm -r /etc/swanctl
-moon::rm -r /etc/swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
diff --git a/testing/tests/swanctl/multi-level-ca/pretest.dat b/testing/tests/swanctl/multi-level-ca/pretest.dat
index 4c1be2e14..e7f2ef179 100644
--- a/testing/tests/swanctl/multi-level-ca/pretest.dat
+++ b/testing/tests/swanctl/multi-level-ca/pretest.dat
@@ -1,6 +1,6 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection research
carol::expect-connection alice
carol::swanctl --initiate --child alice 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-cert/posttest.dat b/testing/tests/swanctl/net2net-cert/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-cert/posttest.dat
+++ b/testing/tests/swanctl/net2net-cert/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-cert/pretest.dat b/testing/tests/swanctl/net2net-cert/pretest.dat
index b128bef44..9440ddab0 100755
--- a/testing/tests/swanctl/net2net-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-cert/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
index d766a705c..a35aea01c 100755
--- a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
@@ -1,22 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- default = 1
- }
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
index d766a705c..a35aea01c 100755
--- a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
@@ -1,22 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- default = 1
- }
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-ed25519/posttest.dat b/testing/tests/swanctl/net2net-ed25519/posttest.dat
index 8d47767a0..30f6ede76 100755
--- a/testing/tests/swanctl/net2net-ed25519/posttest.dat
+++ b/testing/tests/swanctl/net2net-ed25519/posttest.dat
@@ -1,6 +1,6 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pkcs8/*
diff --git a/testing/tests/swanctl/net2net-ed25519/pretest.dat b/testing/tests/swanctl/net2net-ed25519/pretest.dat
index f939b3ac4..410253e54 100755
--- a/testing/tests/swanctl/net2net-ed25519/pretest.dat
+++ b/testing/tests/swanctl/net2net-ed25519/pretest.dat
@@ -2,8 +2,8 @@ moon::rm /etc/swanctl/rsa/moonKey.pem
sun::rm /etc/swanctl/rsa/sunKey.pem
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
index 4f54f610a..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
index 4f54f610a..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
index 4f54f610a..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-gw/posttest.dat b/testing/tests/swanctl/net2net-gw/posttest.dat
index 94914f832..b29cf321e 100755
--- a/testing/tests/swanctl/net2net-gw/posttest.dat
+++ b/testing/tests/swanctl/net2net-gw/posttest.dat
@@ -1,8 +1,8 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
sun::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
-carol::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-gw/pretest.dat b/testing/tests/swanctl/net2net-gw/pretest.dat
index e3136491c..acfd0e95e 100755
--- a/testing/tests/swanctl/net2net-gw/pretest.dat
+++ b/testing/tests/swanctl/net2net-gw/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
carol::expect-connection gw-moon
carol::expect-connection gw-sun
moon::expect-connection gw-gw
diff --git a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
index 2ff6ac024..812c12bf9 100644
--- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
@@ -4,15 +4,11 @@ swanctl {
load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
multiple_authentication = no
+
plugins {
forecast {
groups = 224.0.0.251
diff --git a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
index b119e8274..1c5da7b88 100644
--- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,10 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
multiple_authentication = no
+
plugins {
forecast {
groups = 224.0.0.251
diff --git a/testing/tests/swanctl/net2net-multicast/posttest.dat b/testing/tests/swanctl/net2net-multicast/posttest.dat
index ba484f90d..dc6949dbb 100644
--- a/testing/tests/swanctl/net2net-multicast/posttest.dat
+++ b/testing/tests/swanctl/net2net-multicast/posttest.dat
@@ -1,3 +1,3 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
diff --git a/testing/tests/swanctl/net2net-multicast/pretest.dat b/testing/tests/swanctl/net2net-multicast/pretest.dat
index 5b8d98879..c5b1bdbfd 100644
--- a/testing/tests/swanctl/net2net-multicast/pretest.dat
+++ b/testing/tests/swanctl/net2net-multicast/pretest.dat
@@ -1,7 +1,7 @@
moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
index 531e286ce..29e75f7b8 100644
--- a/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
index 531e286ce..29e75f7b8 100644
--- a/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-pubkey/posttest.dat b/testing/tests/swanctl/net2net-pubkey/posttest.dat
index c2227a5dd..a8696960d 100644
--- a/testing/tests/swanctl/net2net-pubkey/posttest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/posttest.dat
@@ -1,6 +1,6 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/net2net-pubkey/pretest.dat b/testing/tests/swanctl/net2net-pubkey/pretest.dat
index b4f48af72..021675bc5 100644
--- a/testing/tests/swanctl/net2net-pubkey/pretest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/pretest.dat
@@ -2,8 +2,8 @@ sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
sun::cd /etc/swanctl; rm x509/* x509ca/*
moon::cd /etc/swanctl; rm x509/* x509ca/*
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
sun::expect-connection gw-gw
moon::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
index 9d7fa51d4..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
index 4ca179a5f..61d2bd9e4 100755
--- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-route/posttest.dat b/testing/tests/swanctl/net2net-route/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-route/posttest.dat
+++ b/testing/tests/swanctl/net2net-route/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-route/pretest.dat b/testing/tests/swanctl/net2net-route/pretest.dat
index 459879bbc..fa303b64e 100755
--- a/testing/tests/swanctl/net2net-route/pretest.dat
+++ b/testing/tests/swanctl/net2net-route/pretest.dat
@@ -1,7 +1,7 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
sun::expect-connection gw-gw
moon::expect-connection gw-gw
alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
index f102eeeae..73bb5f6b3 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
index f102eeeae..73bb5f6b3 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
index b128bef44..9440ddab0 100755
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-sun::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
index 1f367c2a0..ad4c18e43 100755
--- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/net2net-start/posttest.dat b/testing/tests/swanctl/net2net-start/posttest.dat
index 30d10b555..755f0e5f8 100755
--- a/testing/tests/swanctl/net2net-start/posttest.dat
+++ b/testing/tests/swanctl/net2net-start/posttest.dat
@@ -1,5 +1,5 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/net2net-start/pretest.dat b/testing/tests/swanctl/net2net-start/pretest.dat
index 6c1783b74..681293753 100755
--- a/testing/tests/swanctl/net2net-start/pretest.dat
+++ b/testing/tests/swanctl/net2net-start/pretest.dat
@@ -1,5 +1,5 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
-moon::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
moon::sleep 0.5
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
index e3eb4e36d..79b138bd5 100644
--- a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auths = /usr/local/sbin/swanctl --load-authorities
- }
plugins {
revocation {
enable_ocsp = no
}
- }
+ }
}
diff --git a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
index 3912f5e07..2e78d2279 100644
--- a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
@@ -1,12 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
revocation {
enable_ocsp = no
diff --git a/testing/tests/swanctl/ocsp-disabled/posttest.dat b/testing/tests/swanctl/ocsp-disabled/posttest.dat
index 672f4188c..f13bb51b0 100644
--- a/testing/tests/swanctl/ocsp-disabled/posttest.dat
+++ b/testing/tests/swanctl/ocsp-disabled/posttest.dat
@@ -1,3 +1,3 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/swanctl/ocsp-disabled/pretest.dat b/testing/tests/swanctl/ocsp-disabled/pretest.dat
index e6d60458d..864909e24 100644
--- a/testing/tests/swanctl/ocsp-disabled/pretest.dat
+++ b/testing/tests/swanctl/ocsp-disabled/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
index acf2151a9..f3b571a1b 100644
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
index 6d368f08b..f3b571a1b 100644
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
index 6d368f08b..f3b571a1b 100644
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,15 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-multi-level/posttest.dat b/testing/tests/swanctl/ocsp-multi-level/posttest.dat
index acac04a3b..53013d08d 100644
--- a/testing/tests/swanctl/ocsp-multi-level/posttest.dat
+++ b/testing/tests/swanctl/ocsp-multi-level/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home 2> /dev/null
dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
-carol::rm -r /etc/swanctl
-dave::rm -r /etc/swanctl
-moon::rm -r /etc/swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
diff --git a/testing/tests/swanctl/ocsp-multi-level/pretest.dat b/testing/tests/swanctl/ocsp-multi-level/pretest.dat
index 7b83e219d..505f17572 100644
--- a/testing/tests/swanctl/ocsp-multi-level/pretest.dat
+++ b/testing/tests/swanctl/ocsp-multi-level/pretest.dat
@@ -1,6 +1,6 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection research
carol::expect-connection home
carol::swanctl --initiate --child alice 2> /dev/null
diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
index 9ea516013..c7b494ddc 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- auths = /usr/local/sbin/swanctl --load-authorities
- }
}
diff --git a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
index 9ba617c0a..d9c31430b 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
index 672f4188c..f13bb51b0 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
+++ b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
@@ -1,3 +1,3 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
diff --git a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
index e6d60458d..864909e24 100644
--- a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
+++ b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
@@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
diff --git a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-dual/posttest.dat b/testing/tests/swanctl/protoport-dual/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/protoport-dual/posttest.dat
+++ b/testing/tests/swanctl/protoport-dual/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/protoport-dual/pretest.dat b/testing/tests/swanctl/protoport-dual/pretest.dat
index 87ee29bf6..2bdc109ab 100644
--- a/testing/tests/swanctl/protoport-dual/pretest.dat
+++ b/testing/tests/swanctl/protoport-dual/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection icmp
moon::expect-connection ssh
carol::expect-connection icmp
diff --git a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
index 383a24213..91e32f7ba 100644
--- a/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-range/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/protoport-range/posttest.dat b/testing/tests/swanctl/protoport-range/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/protoport-range/posttest.dat
+++ b/testing/tests/swanctl/protoport-range/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/protoport-range/pretest.dat b/testing/tests/swanctl/protoport-range/pretest.dat
index b45d4b3c6..7f38b7662 100644
--- a/testing/tests/swanctl/protoport-range/pretest.dat
+++ b/testing/tests/swanctl/protoport-range/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection icmp-req
moon::expect-connection icmp-rep
moon::expect-connection ftp-ssh
diff --git a/testing/tests/swanctl/rw-cert-pss/description.txt b/testing/tests/swanctl/rw-cert-pss/description.txt
new file mode 100755
index 000000000..41c02b519
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/description.txt
@@ -0,0 +1,8 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
+and <b>IKEv2 AUTH</b> payloads based on RSA-PSS signatures.
+<p/>
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/rw-cert-pss/evaltest.dat b/testing/tests/swanctl/rw-cert-pss/evaltest.dat
new file mode 100755
index 000000000..a62fda968
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/evaltest.dat
@@ -0,0 +1,14 @@
+carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PSS_SHA2_256 successful::YES
+moon ::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with RSA_EMSA_PSS_SHA2_256 successful::YES
+moon ::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA_EMSA_PSS_SHA2_512 successful::YES
+moon ::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with RSA_EMSA_PSS_SHA2_384 successful::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave :: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon :: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon :: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..3a9630fc1
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,18 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..1454ec54c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
+
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7aceb6913
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = rsa/pss-sha512
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ rsa-carol {
+ file = carolKey.pem
+ secret = "nH5ZQEWtku0RJEZ6"
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..3a9630fc1
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,18 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4c7c177ed
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = rsa/pss-sha384
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..4bd975a00
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,20 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4ba02ad6c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-pss/posttest.dat b/testing/tests/swanctl/rw-cert-pss/posttest.dat
new file mode 100755
index 000000000..b909ac76c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-cert-pss/pretest.dat b/testing/tests/swanctl/rw-cert-pss/pretest.dat
new file mode 100755
index 000000000..dd1a17ccb
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-pss/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/libipsec/rw-suite-b/test.conf b/testing/tests/swanctl/rw-cert-pss/test.conf
index f29298850..1227b9d1c 100644..100755
--- a/testing/tests/libipsec/rw-suite-b/test.conf
+++ b/testing/tests/swanctl/rw-cert-pss/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
index 909bca0fc..b415e075c 100755
--- a/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
index 909bca0fc..b415e075c 100755
--- a/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
index 909bca0fc..b415e075c 100755
--- a/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-cert/posttest.dat b/testing/tests/swanctl/rw-cert/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-cert/posttest.dat
+++ b/testing/tests/swanctl/rw-cert/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-cert/pretest.dat b/testing/tests/swanctl/rw-cert/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/rw-cert/pretest.dat
+++ b/testing/tests/swanctl/rw-cert/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf
index ec6625370..6339790cd 100644
--- a/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-dnssec/hosts/carol/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
ipseckey {
enable = yes
diff --git a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf
index ec6625370..6339790cd 100644
--- a/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-dnssec/hosts/dave/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
plugins {
ipseckey {
enable = yes
diff --git a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf
index dcca175db..617b812d5 100644
--- a/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-dnssec/hosts/moon/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
diff --git a/testing/tests/swanctl/rw-dnssec/posttest.dat b/testing/tests/swanctl/rw-dnssec/posttest.dat
index 48a4abe78..dba97a988 100644
--- a/testing/tests/swanctl/rw-dnssec/posttest.dat
+++ b/testing/tests/swanctl/rw-dnssec/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/rw-dnssec/pretest.dat b/testing/tests/swanctl/rw-dnssec/pretest.dat
index 5faf602fc..ca44e08fc 100644
--- a/testing/tests/swanctl/rw-dnssec/pretest.dat
+++ b/testing/tests/swanctl/rw-dnssec/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
index dd99cdbf9..653488a66 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-simaka-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
index dd99cdbf9..653488a66 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
@@ -1,16 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-simaka-sql {
database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat
index 3842250e6..2fa2d200d 100644
--- a/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat
+++ b/testing/tests/swanctl/rw-eap-aka-sql-rsa/pretest.dat
@@ -3,8 +3,8 @@ carol::iptables-restore < /etc/iptables.rules
carol::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db
moon::cd /etc/ipsec.d; cat tables.sql data.sql > ipsec.sql; cat ipsec.sql | sqlite3 ipsec.db
carol::cd /etc/swanctl; rm rsa/* x509/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
index 4b8e68e6d..d2cc789b3 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
index 4b8e68e6d..d2cc789b3 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat
index 2fc2bbb75..2b00bea8e 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/posttest.dat
@@ -1,5 +1,5 @@
carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat
index 96c1ed114..8cc1c4dc5 100644
--- a/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa/pretest.dat
@@ -1,8 +1,8 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
carol::cd /etc/swanctl; rm rsa/* x509/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-eap
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
index 14afb43a1..cae0025f6 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
}
libtls {
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
index 14afb43a1..cae0025f6 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
@@ -1,16 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
}
libtls {
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
index c090d6853..9c4e819c5 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl eap-tls kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat
+++ b/testing/tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
index d58694c38..90f42a1c5 100755
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
hash_and_url = yes
}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
index d58694c38..90f42a1c5 100755
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
hash_and_url = yes
}
diff --git a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
index d58694c38..90f42a1c5 100755
--- a/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- auths = /usr/local/sbin/swanctl --load-authorities
- conns = /usr/local/sbin/swanctl --load-conns
- }
-
hash_and_url = yes
}
diff --git a/testing/tests/swanctl/rw-hash-and-url/posttest.dat b/testing/tests/swanctl/rw-hash-and-url/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-hash-and-url/posttest.dat
+++ b/testing/tests/swanctl/rw-hash-and-url/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-hash-and-url/pretest.dat b/testing/tests/swanctl/rw-hash-and-url/pretest.dat
index 762c35418..dd1a17ccb 100755
--- a/testing/tests/swanctl/rw-hash-and-url/pretest.dat
+++ b/testing/tests/swanctl/rw-hash-and-url/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
index 22b318472..b8874523b 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,23 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
index a55b90a5d..c2b18d966 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,23 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
index e7b5caaf8..85354251d 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,23 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
+charon-systemd {
load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
index 37029c074..dc541004d 100755
--- a/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
+++ b/testing/tests/swanctl/rw-multi-ciphers-ikev1/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net-1
moon::expect-connection net-2
carol::expect-connection home
diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
index 6bfef3d39..16dcf16a1 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
@@ -1,17 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
index 1d90adb5d..475705026 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
@@ -1,17 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
+charon-systemd {
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
index d4e3ca2e5..16dcf16a1 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl mgf1 bliss random
}
-charon {
+charon-systemd {
load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-newhope-bliss/posttest.dat b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/posttest.dat
+++ b/testing/tests/swanctl/rw-newhope-bliss/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-newhope-bliss/pretest.dat b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat
index a550a2f6d..7772b25eb 100755
--- a/testing/tests/swanctl/rw-newhope-bliss/pretest.dat
+++ b/testing/tests/swanctl/rw-newhope-bliss/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
index b158ccdb3..d655720cf 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
index b158ccdb3..d655720cf 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
@@ -1,13 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
index c6dd6be45..d655720cf 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,8 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-ntru-bliss/posttest.dat b/testing/tests/swanctl/rw-ntru-bliss/posttest.dat
index 58d5b8675..84935ec51 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/posttest.dat
+++ b/testing/tests/swanctl/rw-ntru-bliss/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-ntru-bliss/pretest.dat b/testing/tests/swanctl/rw-ntru-bliss/pretest.dat
index a550a2f6d..7772b25eb 100644
--- a/testing/tests/swanctl/rw-ntru-bliss/pretest.dat
+++ b/testing/tests/swanctl/rw-ntru-bliss/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/moonCert.pem x509ca/strongswanCert.pem
carol::cd /etc/swanctl; rm rsa/* x509/carolCert.pem x509ca/strongswanCert.pem
dave::cd /etc/swanctl; rm rsa/* x509/daveCert.pem x509ca/strongswanCert.pem
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 335f38995..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index 335f38995..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 335f38995..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-fqdn/posttest.dat b/testing/tests/swanctl/rw-psk-fqdn/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/posttest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
index 519b168ae..48849c8b0 100755
--- a/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-fqdn/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
index e539ea5f4..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -4,20 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
index 02f6c1b36..a12456f26 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -4,20 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
index c42979965..f196d2431 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -4,20 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
- daemon {
- cfg = 1
- ike = 1
- }
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ikev1/posttest.dat b/testing/tests/swanctl/rw-psk-ikev1/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/posttest.dat
+++ b/testing/tests/swanctl/rw-psk-ikev1/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-psk-ikev1/pretest.dat b/testing/tests/swanctl/rw-psk-ikev1/pretest.dat
index 3393f516d..51c301923 100755
--- a/testing/tests/swanctl/rw-psk-ikev1/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-ikev1/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection net-1
moon::expect-connection net-2
carol::expect-connection home
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 53973cf61..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index 53973cf61..dcef959ef 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 5efaed621..0325fe9a2 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -4,11 +4,6 @@ swanctl {
load = random openssl
}
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/rw-psk-ipv4/posttest.dat b/testing/tests/swanctl/rw-psk-ipv4/posttest.dat
index d7107ccc6..b909ac76c 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/posttest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
index 519b168ae..48849c8b0 100755
--- a/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/swanctl/rw-psk-ipv4/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf
index 720e903c9..6b99d98a9 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-anon/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-anon/posttest.dat b/testing/tests/swanctl/rw-pubkey-anon/posttest.dat
index 48a4abe78..dba97a988 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/posttest.dat
+++ b/testing/tests/swanctl/rw-pubkey-anon/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/rw-pubkey-anon/pretest.dat b/testing/tests/swanctl/rw-pubkey-anon/pretest.dat
index 5faf602fc..ca44e08fc 100755
--- a/testing/tests/swanctl/rw-pubkey-anon/pretest.dat
+++ b/testing/tests/swanctl/rw-pubkey-anon/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/carol/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
index dc166b588..331d5bc94 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/dave/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 pubkey openssl random
+ load = pem pkcs1 pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
index 720e903c9..6b99d98a9 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/rw-pubkey-keyid/hosts/moon/etc/strongswan.conf
@@ -1,14 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = pem pkcs1 x509 revocation constraints pubkey openssl random
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
}
-charon {
- load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+charon-systemd {
+ load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default updown vici
}
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat b/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat
index 48a4abe78..dba97a988 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat
+++ b/testing/tests/swanctl/rw-pubkey-keyid/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::rm /etc/swanctl/pubkey/*
carol::rm /etc/swanctl/pubkey/*
dave::rm /etc/swanctl/pubkey/*
diff --git a/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat b/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat
index de43d510d..e0ca17a4c 100755
--- a/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat
+++ b/testing/tests/swanctl/rw-pubkey-keyid/pretest.dat
@@ -5,9 +5,9 @@ moon::cd /etc/swanctl; rm x509/* x509ca/*
carol::cd /etc/swanctl; rm x509/* x509ca/*
dave::cd /etc/swanctl; rm x509/* x509ca/*
moon::cat /etc/swanctl/swanctl_base.conf
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-carol
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
index ee5b26120..bf799a29b 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,11 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
keep_alive = 5
}
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
index e5c0136d8..91e32f7ba 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,11 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- pools = /usr/local/sbin/swanctl --load-pools
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
index ee5b26120..bf799a29b 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,11 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
keep_alive = 5
}
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat
index b02b19357..f66c5c57c 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/posttest.dat
@@ -1,5 +1,5 @@
-alice::service charon stop 2> /dev/null
-venus::service charon stop 2> /dev/null
-sun::service charon stop 2> /dev/null
+alice::systemctl stop strongswan-swanctl
+venus::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
sun::iptables-restore < /etc/iptables.flush
moon::iptables -t nat -F
diff --git a/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat b/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat
index d6bc0709e..e871fba2b 100644
--- a/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat
+++ b/testing/tests/swanctl/shunt-policies-nat-rw/pretest.dat
@@ -1,9 +1,9 @@
sun::iptables-restore < /etc/iptables.rules
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-sun::service charon start 2> /dev/null
-alice::service charon start 2> /dev/null
-venus::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
+alice::systemctl start strongswan-swanctl
+venus::systemctl start strongswan-swanctl
sun::expect-connection nat-t
alice::expect-connection nat-t
venus::expect-connection nat-t
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf
index 2976558fc..fccc73f22 100644
--- a/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf
index 2976558fc..fccc73f22 100644
--- a/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf
index 2976558fc..fccc73f22 100644
--- a/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation gmp curl xauth-generic kernel-netlink socket-default updown vici
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
}
diff --git a/testing/tests/swanctl/xauth-rsa/posttest.dat b/testing/tests/swanctl/xauth-rsa/posttest.dat
index d7107ccc6..b909ac76c 100644
--- a/testing/tests/swanctl/xauth-rsa/posttest.dat
+++ b/testing/tests/swanctl/xauth-rsa/posttest.dat
@@ -1,8 +1,8 @@
carol::swanctl --terminate --ike home
dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
-dave::service charon stop 2> /dev/null
-moon::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/xauth-rsa/pretest.dat b/testing/tests/swanctl/xauth-rsa/pretest.dat
index 762c35418..dd1a17ccb 100644
--- a/testing/tests/swanctl/xauth-rsa/pretest.dat
+++ b/testing/tests/swanctl/xauth-rsa/pretest.dat
@@ -1,9 +1,9 @@
moon::iptables-restore < /etc/iptables.rules
carol::iptables-restore < /etc/iptables.rules
dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
-carol::service charon start 2> /dev/null
-dave::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
index 063bb6fc9..b094a3aaa 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
index 063bb6fc9..b094a3aaa 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
index a3d85b054..aacee2221 100644
--- a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
}
diff --git a/testing/tests/tnc/tnccs-11-fhh/posttest.dat b/testing/tests/tnc/tnccs-11-fhh/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-11-fhh/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-fhh/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11-fhh/pretest.dat b/testing/tests/tnc/tnccs-11-fhh/pretest.dat
index f0f6446bf..79340af29 100644
--- a/testing/tests/tnc/tnccs-11-fhh/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-fhh/pretest.dat
@@ -10,9 +10,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
index 80c96b677..305a9d1e6 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
index 691cdbc2d..5d17eb638 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
index 71fc7dd0c..4c9dd6e1f 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
- secret = gv6URkSs
- server = 10.1.0.10
+ secret = gv6URkSs
+ server = 10.1.0.10
filter_id = yes
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat
index 2989f347c..0d96563c1 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
index cc0ce6c31..efddc609e 100644
--- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
@@ -11,9 +11,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
index 978cc6659..a534ac66e 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
index 0bc6e3525..469e81156 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
retransmit_tries = 5
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
index 387236ebc..cbaf67c89 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
- secret = gv6URkSs
- server = 10.1.0.10
+ secret = gv6URkSs
+ server = 10.1.0.10
filter_id = yes
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat
index db806c3c9..ab96df0ed 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
carol::echo 1 > /proc/sys/net/ipv4/ip_forward
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
index 5745ffede..7d0dfa385 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius-pts/pretest.dat
@@ -15,9 +15,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
index 09ca9d0e4..1ca6c3d10 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
index 9c6f28fe3..9df983c80 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
- syslog {
- auth {
- default = 0
- }
+ syslog {
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
index 71fc7dd0c..4c9dd6e1f 100644
--- a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
- secret = gv6URkSs
- server = 10.1.0.10
+ secret = gv6URkSs
+ server = 10.1.0.10
filter_id = yes
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius/posttest.dat b/testing/tests/tnc/tnccs-11-radius/posttest.dat
index 2989f347c..0d96563c1 100644
--- a/testing/tests/tnc/tnccs-11-radius/posttest.dat
+++ b/testing/tests/tnc/tnccs-11-radius/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
alice::killall radiusd
alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat
index 57e2ee6b4..bb2ce93b3 100644
--- a/testing/tests/tnc/tnccs-11-radius/pretest.dat
+++ b/testing/tests/tnc/tnccs-11-radius/pretest.dat
@@ -11,9 +11,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
index af30c204d..649426628 100644
--- a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
index 524536228..0a20b9407 100644
--- a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
index bba631b1f..ad5cb6205 100644
--- a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-11/posttest.dat b/testing/tests/tnc/tnccs-11/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-11/posttest.dat
+++ b/testing/tests/tnc/tnccs-11/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-11/pretest.dat b/testing/tests/tnc/tnccs-11/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-11/pretest.dat
+++ b/testing/tests/tnc/tnccs-11/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
index fac3dc02d..aa8bb7cd3 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
index 168e4ec64..b3d3049be 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
index bb15d3ffa..b3845a3ee 100644
--- a/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20-block/posttest.dat b/testing/tests/tnc/tnccs-20-block/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-block/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-block/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-block/pretest.dat b/testing/tests/tnc/tnccs-20-block/pretest.dat
index c09abf917..13677a470 100644
--- a/testing/tests/tnc/tnccs-20-block/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-block/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
index aceddc368..fa3458e22 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
@@ -27,7 +20,7 @@ libtls {
libimcv {
plugins {
imc-test {
- command = isolate
+ command = isolate
retry = yes
retry_command = allow
}
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
index 7ac1a5d70..f4d6543aa 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
plugins {
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
index a0b807755..10d0ae864 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 2
@@ -34,7 +27,7 @@ libtls {
libimcv {
plugins {
imv-test {
- rounds = 0
+ rounds = 0
}
imv-scanner {
closed_port_policy = yes
diff --git a/testing/tests/tnc/tnccs-20-client-retry/posttest.dat b/testing/tests/tnc/tnccs-20-client-retry/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-client-retry/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
index 2248d002c..a327dae63 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/evaltest.dat
@@ -11,7 +11,7 @@ alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by T
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::role=.softwareCreator licensor tagCreator::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
@@ -20,5 +20,5 @@ alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by passwo
alice::cat /var/log/daemon.log::received software ID events with ... items for request 9 at last eid 2 of epoch::YES
alice::cat /var/log/daemon.log::3 SWID tag target::YES
alice::cat /var/log/daemon.log::received software inventory with 3 items for request 9 at last eid 2 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf
index 1148b945a..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
- auth {
- default = 0
- }
daemon {
tls = 2
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -32,7 +29,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swima {
@@ -44,6 +41,6 @@ libimcv {
}
imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
+ command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
}
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat
index 09c8a6cbc..c0049d7fd 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/posttest.dat
@@ -1,8 +1,8 @@
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::service charon stop
-alice::service apache2 stop
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat
index c0d732368..3e4fbefa1 100644
--- a/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-ev-pt-tls/pretest.dat
@@ -13,8 +13,8 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service charon start
-alice::service apache2 start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
index 073355713..e91440326 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
index 6c1b9917b..6c84f3abb 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
@@ -24,7 +17,7 @@ charon {
}
tnccs-20 {
tests {
- pb_tnc_noskip = yes
+ pb_tnc_noskip = yes
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
index 165c5ccb9..1e9995eb6 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-init/posttest.dat b/testing/tests/tnc/tnccs-20-fail-init/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-init/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-init/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
index 56fa7a967..66c6cb541 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
index cb6abf305..a6e58ba4e 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat b/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat
index 9af5f39a2..8158822a6 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-resp/posttest.dat
@@ -1,4 +1,4 @@
-carol::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
index 5af3b7500..d61ea90ad 100644
--- a/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fail-resp/pretest.dat
@@ -4,8 +4,8 @@ moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
carol::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
index c3338d43b..aa4934fb1 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
index 89d9e50bd..8fc1c8729 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
index 0cd34865c..4732fbd4b 100644
--- a/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 2
diff --git a/testing/tests/tnc/tnccs-20-fhh/posttest.dat b/testing/tests/tnc/tnccs-20-fhh/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-fhh/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-fhh/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-fhh/pretest.dat b/testing/tests/tnc/tnccs-20-fhh/pretest.dat
index f0f6446bf..79340af29 100644
--- a/testing/tests/tnc/tnccs-20-fhh/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-fhh/pretest.dat
@@ -10,9 +10,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
carol::expect-connection home
carol::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
index 195534315..fb77fd87e 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -36,5 +30,5 @@ charon {
libimcv {
debug_level = 3
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
index f0a6c4bde..883f154b8 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
@@ -43,7 +36,7 @@ libimcv {
plugins {
imc-hcd {
- push_info = no
+ push_info = no
subtypes {
system {
attributes_natural_language = en
@@ -78,7 +71,7 @@ libimcv {
resident_application {
resident-app-1 {
- name = Resident App XYZ
+ name = Resident App XYZ
patches = "xmas patch 2014-12-24\r\nservice patch for App XYZ 2015-05-22\r\n"
string_version = 2.5
version = 00000002000000050000000000000000
@@ -137,7 +130,7 @@ libimcv {
version = 00000007000000080000000000000000
}
}
-
+
resident_application {
resident-app-if {
name = Resident Interface App
@@ -150,10 +143,10 @@ libimcv {
scanner {
attributes_natural_language = en
-
+
firmware {
fw-scanner {
- name = Scanner Firmware
+ name = Scanner Firmware
patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n"
string_version = 2.5.3
version = 00000002000000050000000300000000
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
index f5c3440c1..9f1718992 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
@@ -52,18 +45,18 @@ libimcv {
vendor_smi_code = 36906
pstn_fax_enabled = yes
time_source = 0.ch.pool.ntp.org
- user_application_enabled = no
+ user_application_enabled = no
user_application_persistence_enabled = no
firmware {
fw-1 {
- name = Firmware ABC
+ name = Firmware ABC
patches = "security patch 2014-05-08\r\nupgrade 2014-08-16\r\nsecurity patch 2015-3-22\r\n"
string_version = 1.0.7
version = 00000001000000000000000700000000
}
fw-2 {
- name = Firmware UVW
+ name = Firmware UVW
string_version = 13.8.5
version = 0000000D000000080000000500000000
}
@@ -71,7 +64,7 @@ libimcv {
resident_application {
resident-app-1 {
- name = Resident App XYZ
+ name = Resident App XYZ
patches = "xmas patch 2014-12-24\r\nservice patch 2015-05-22\r\n"
string_version = 2.5
version = 00000002000000050000000000000000
@@ -96,7 +89,7 @@ libimcv {
interface {
attributes_natural_language = en
-
+
firmware {
fw-if {
name = Interface Firmware
@@ -118,10 +111,10 @@ libimcv {
scanner {
attributes_natural_language = en
-
+
firmware {
fw-scanner {
- name = Scanner Firmware
+ name = Scanner Firmware
patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n"
string_version = 2.5.3
version = 00000002000000050000000300000000
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
index 4dae69352..08e5e38e5 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
@@ -1,17 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
secret = gv6URkSs
- #server = PH_IP6_ALICE
+ #server = PH_IP6_ALICE
server = PH_IP_ALICE
filter_id = yes
}
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
index bcd655353..33a60f9ab 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat
@@ -1,7 +1,7 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
-alice::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+alice::systemctl stop strongswan-swanctl
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
index f9b4159d9..decc2394a 100644
--- a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat
@@ -9,10 +9,10 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward
dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
alice::rm /etc/swanctl/rsa/aliceKey.pem
alice::rm /etc/swanctl/x509/aliceCert.pem
-alice::service charon start
-moon::service charon start
-carol::service charon start
-dave::service charon start
+alice::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf
index a555970ec..a773b17be 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -36,10 +29,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = allow
+ command = allow
}
imv-test {
rounds = 1
- }
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf
index b2280db18..7e049dc02 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf
@@ -1,20 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
- multiple_authentication = no
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ multiple_authentication = no
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -38,10 +30,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = none
+ command = none
}
imv-test {
- rounds = 1
- }
+ rounds = 1
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat
index 4677e46f0..8b792b878 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop
-sun::service charon stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
index ac707d436..1a20775d8 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start
-sun::service charon start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection mutual
moon::expect-connection mutual
moon::swanctl --initiate --child mutual
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf
index 1212e2356..a773b17be 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -40,6 +33,6 @@ libimcv {
}
imv-test {
rounds = 1
- }
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf
index f29175d67..879a3cdac 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf
@@ -1,20 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
- multiple_authentication = no
-
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
+ multiple_authentication = no
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -38,10 +30,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = allow
+ command = allow
}
imv-test {
- rounds = 1
- }
+ rounds = 1
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat
index 4677e46f0..8b792b878 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat
@@ -1,4 +1,4 @@
-moon::service charon stop
-sun::service charon stop
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
index ac707d436..1a20775d8 100644
--- a/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-moon::service charon start
-sun::service charon start
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
sun::expect-connection mutual
moon::expect-connection mutual
moon::swanctl --initiate --child mutual
diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf
index 9e694bc01..b596dbc1b 100644
--- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20
+charon-systemd {
+ load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
imv = 2
}
@@ -36,10 +30,10 @@ libtls {
libimcv {
plugins {
imc-test {
- command = allow
+ command = allow
}
imv-test {
- rounds = 1
- }
+ rounds = 1
+ }
}
}
diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat
index d1f83a319..767e8f2ba 100644
--- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat
@@ -1 +1 @@
-sun::service charon stop
+sun::systemctl stop strongswan-swanctl
diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat
index 8642292a8..9da18266e 100644
--- a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat
@@ -1,4 +1,4 @@
-sun::service charon start
+sun::systemctl start strongswan-swanctl
moon::cat /etc/pts/options
moon::sleep 1
moon::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
index 198b2bde3..7850e2e74 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
@@ -10,7 +10,7 @@ alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
@@ -21,5 +21,5 @@ alice::cat /var/log/daemon.log::received software ID inventory with ... items fo
alice::cat /var/log/daemon.log::1 SWID tag target::YES
alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
index 1148b945a..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
- auth {
- default = 0
- }
daemon {
tls = 2
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -32,7 +29,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swima {
@@ -44,6 +41,6 @@ libimcv {
}
imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
+ command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
index 09c8a6cbc..c0049d7fd 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
@@ -1,8 +1,8 @@
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::service charon stop
-alice::service apache2 stop
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
index d8ac3ab41..c895148f2 100644
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
@@ -13,8 +13,8 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service charon start
-alice::service apache2 start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
index 8056a90e9..5dbfa8247 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/evaltest.dat
@@ -1,19 +1,19 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*carol@strongswan.org - allow::YES
moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
moon:: ipsec attest --session 2> /dev/null::Debian.*x86_64.*dave@strongswan.org - isolate::YES
moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
index d3941d811..3e4d76f10 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/carol/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
pts = 3
}
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
index 134cd991c..2e249d48d 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/dave/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
retransmit_tries = 5
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
pts = 3
}
diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
index e58bab611..a683ba77c 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imv = 3
pts = 3
}
@@ -34,10 +27,10 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
- hash_algorithm = sha1
+ hash_algorithm = sha256
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-os-pts/posttest.dat b/testing/tests/tnc/tnccs-20-os-pts/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
index 03e5f22af..1167f55ea 100644
--- a/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os-pts/pretest.dat
@@ -12,14 +12,14 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
dave::expect-connection home
dave::swanctl --initiate --child home 2> /dev/null
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
moon::ipsec attest --sessions
moon::ipsec attest --devices
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
index ef90078f2..3ec0227b2 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
index 4af05ad31..7de2756a9 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
index 53c515f77..8e8fda6c4 100644
--- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 2
imv = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-os/posttest.dat b/testing/tests/tnc/tnccs-20-os/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-os/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-os/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-os/pretest.dat b/testing/tests/tnc/tnccs-20-os/pretest.dat
index 13ae2b71f..3c5037aae 100644
--- a/testing/tests/tnc/tnccs-20-os/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-os/pretest.dat
@@ -13,9 +13,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
index 240ebbafb..e01fe4b4c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -1,17 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -35,7 +29,7 @@ charon {
}
libimcv {
- debug_level = 3
+ debug_level = 3
database = sqlite:///etc/db.d/config.db
policy_script = /usr/local/libexec/ipsec/imv_policy_manager
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
index 47b9affed..a8aff3883 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
index d00808398..852e0714e 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 3
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
index 8b931afc9..bcf316622 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
plugins {
eap-radius {
secret = gv6URkSs
- #server = PH_IP6_ALICE
+ #server = PH_IP6_ALICE
server = PH_IP_ALICE
filter_id = yes
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
index e5ec2afc7..97850dc97 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/posttest.dat
@@ -1,8 +1,8 @@
-moon::service charon stop
-carol::service charon stop
-dave::service charon stop
-alice::service charon stop
-alice::service apache2 stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::rm /etc/swanctl/rsa/aaaKey.pem
moon::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
index 385cc305a..15dcc54d8 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/pretest.dat
@@ -17,11 +17,11 @@ alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db
alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
-alice::service apache2 start
-alice::service charon start
-moon::service charon start
-dave::service charon start
-carol::service charon start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
+moon::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index fc232bfde..bf4191618 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
@@ -9,7 +9,7 @@ alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
@@ -19,5 +19,5 @@ alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items fo
alice::cat /var/log/daemon.log::1 SWID tag target::YES
alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES
alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
+alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index b08a85bb4..944a5928d 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -1,15 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
- auth {
- default = 0
- }
daemon {
tls = 2
- tnc = 2
+ tnc = 2
imv = 3
}
}
@@ -29,7 +26,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-swid {
@@ -39,6 +36,6 @@ libimcv {
}
imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon -p auth.alert "\"host with IP address %s is blocked\""'
+ command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
+ command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
index 09c8a6cbc..c0049d7fd 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/posttest.dat
@@ -1,8 +1,8 @@
carol::ip route del 10.1.0.0/16 via 192.168.0.1
dave::ip route del 10.1.0.0/16 via 192.168.0.1
winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::service charon stop
-alice::service apache2 stop
+alice::systemctl stop strongswan-swanctl
+alice::systemctl stop apache2
alice::rm /etc/swanctl/rsa/aaaKey.pem
alice::rm /etc/swanctl/x509/aaaCert.pem
alice::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
index d8ac3ab41..c895148f2 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/pretest.dat
@@ -13,8 +13,8 @@ alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
alice::/usr/local/bin/init_tnc
alice::rm /etc/swanctl/x509/aliceCert.pem
alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::service charon start
-alice::service apache2 start
+alice::systemctl start apache2
+alice::systemctl start strongswan-swanctl
alice::swanctl --load-creds
winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
dave::ip route add 10.1.0.0/16 via 192.168.0.1
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
index f4fb7e2dc..3b477dd81 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
index b7a772692..9da89723d 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
index 46ed39bb8..1e5f7becf 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
@@ -34,7 +27,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
index d89aa2309..2e95da89d 100644
--- a/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts-no-ecc/pretest.dat
@@ -12,9 +12,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-dave::service charon start
-carol::service charon start
+moon::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
index 2eb34841d..8ebf56878 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/carol/etc/strongswan.conf
@@ -1,22 +1,15 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 3
+ tnc = 3
imc = 3
- pts = 3
+ pts = 3
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
index e9fa8cb80..0b47d35e7 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
index e58bab611..bf14fe327 100644
--- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
@@ -34,7 +27,7 @@ libtls {
libimcv {
database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
+ policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
imv-attestation {
hash_algorithm = sha1
diff --git a/testing/tests/tnc/tnccs-20-pts/posttest.dat b/testing/tests/tnc/tnccs-20-pts/posttest.dat
index ce72d2ca9..9c55c19cd 100644
--- a/testing/tests/tnc/tnccs-20-pts/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-pts/pretest.dat b/testing/tests/tnc/tnccs-20-pts/pretest.dat
index d89aa2309..2e95da89d 100644
--- a/testing/tests/tnc/tnccs-20-pts/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-pts/pretest.dat
@@ -12,9 +12,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-dave::service charon start
-carol::service charon start
+moon::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
dave::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
index 7e51900a1..7f7f52869 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
}
@@ -27,7 +20,7 @@ libtls {
libimcv {
plugins {
imc-test {
- command = retry
+ command = retry
retry_command = allow
}
}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
index 4aeda6674..d93482b10 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imc = 2
+ imc = 2
}
}
plugins {
@@ -32,7 +25,7 @@ libtls {
libimcv {
plugins {
imc-test {
- command = retry
+ command = retry
retry_command = isolate
}
imc-scanner {
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
index 902e837f5..10d0ae864 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
@@ -1,21 +1,14 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
- imv = 2
+ imv = 2
}
}
plugins {
@@ -34,7 +27,7 @@ libtls {
libimcv {
plugins {
imv-test {
- rounds = 0
+ rounds = 0
}
imv-scanner {
closed_port_policy = yes
diff --git a/testing/tests/tnc/tnccs-20-server-retry/posttest.dat b/testing/tests/tnc/tnccs-20-server-retry/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-server-retry/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
index 73f32424e..dab32e727 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
}
}
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
index 07df4c086..e26da3e7a 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imc = 2
}
}
diff --git a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
index 7aef92f39..66799c1e4 100644
--- a/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
@@ -1,20 +1,13 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
- tnc = 2
+ tnc = 2
imv = 2
}
}
diff --git a/testing/tests/tnc/tnccs-20-tls/posttest.dat b/testing/tests/tnc/tnccs-20-tls/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20-tls/posttest.dat
+++ b/testing/tests/tnc/tnccs-20-tls/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-tls/pretest.dat b/testing/tests/tnc/tnccs-20-tls/pretest.dat
index 1d11baa99..57985e682 100644
--- a/testing/tests/tnc/tnccs-20-tls/pretest.dat
+++ b/testing/tests/tnc/tnccs-20-tls/pretest.dat
@@ -4,9 +4,9 @@ dave::iptables-restore < /etc/iptables.rules
moon::cat /etc/tnc_config
carol::cat /etc/tnc_config
dave::cat /etc/tnc_config
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
index 887806475..da21bc6f8 100644
--- a/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
index e78272b43..e90055fad 100644
--- a/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
index 165c5ccb9..1e9995eb6 100644
--- a/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
@@ -1,18 +1,11 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-20/posttest.dat b/testing/tests/tnc/tnccs-20/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-20/posttest.dat
+++ b/testing/tests/tnc/tnccs-20/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20/pretest.dat b/testing/tests/tnc/tnccs-20/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-20/pretest.dat
+++ b/testing/tests/tnc/tnccs-20/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
index 609852bc7..f0f941815 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
integrity_test = yes
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
index 2c0deca5e..e5925a4cf 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
integrity_test = yes
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imc = 3
diff --git a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
index d61bcd111..0261fe1b0 100644
--- a/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,19 +1,12 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
multiple_authentication=no
integrity_test = yes
- start-scripts {
- creds = /usr/local/sbin/swanctl --load-creds
- conns = /usr/local/sbin/swanctl --load-conns
- }
syslog {
- auth {
- default = 0
- }
daemon {
tnc = 3
imv = 3
diff --git a/testing/tests/tnc/tnccs-dynamic/posttest.dat b/testing/tests/tnc/tnccs-dynamic/posttest.dat
index 770cf6ede..199873ba1 100644
--- a/testing/tests/tnc/tnccs-dynamic/posttest.dat
+++ b/testing/tests/tnc/tnccs-dynamic/posttest.dat
@@ -1,6 +1,6 @@
-carol::service charon stop
-dave::service charon stop
-moon::service charon stop
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
carol::iptables-restore < /etc/iptables.flush
dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-dynamic/pretest.dat b/testing/tests/tnc/tnccs-dynamic/pretest.dat
index e173ae798..a1f0470fe 100644
--- a/testing/tests/tnc/tnccs-dynamic/pretest.dat
+++ b/testing/tests/tnc/tnccs-dynamic/pretest.dat
@@ -8,9 +8,9 @@ carol::rm /etc/swanctl/rsa/*
dave::rm /etc/swanctl/rsa/*
carol::rm /etc/swanctl/x509/*
dave::rm /etc/swanctl/x509/*
-moon::service charon start
-carol::service charon start
-dave::service charon start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
moon::expect-connection rw-allow
moon::expect-connection rw-isolate
carol::expect-connection home