From 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Wed, 21 Oct 2009 11:14:02 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.3.4) --- .../tests/ikev1/esp-alg-aes-ccm/description.txt | 4 +++ testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat | 5 ++++ .../esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf | 26 ++++++++++++++++++ .../esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf | 25 +++++++++++++++++ testing/tests/ikev1/esp-alg-aes-ccm/posttest.dat | 4 +++ testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat | 6 ++++ testing/tests/ikev1/esp-alg-aes-ccm/test.conf | 21 ++++++++++++++ .../tests/ikev1/esp-alg-aes-ctr/description.txt | 3 ++ testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat | 7 +++++ .../esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf | 26 ++++++++++++++++++ .../esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf | 25 +++++++++++++++++ testing/tests/ikev1/esp-alg-aes-ctr/posttest.dat | 4 +++ testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat | 6 ++++ testing/tests/ikev1/esp-alg-aes-ctr/test.conf | 21 ++++++++++++++ .../tests/ikev1/esp-alg-aes-gcm/description.txt | 4 +++ testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat | 5 ++++ .../esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf | 26 ++++++++++++++++++ .../esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf | 25 +++++++++++++++++ testing/tests/ikev1/esp-alg-aes-gcm/posttest.dat | 4 +++ testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat | 6 ++++ testing/tests/ikev1/esp-alg-aes-gcm/test.conf | 21 ++++++++++++++ .../esp-alg-camellia/hosts/carol/etc/ipsec.conf | 2 +- .../esp-alg-camellia/hosts/moon/etc/ipsec.conf | 2 +- testing/tests/ikev1/net2net-pgp-v3/description.txt | 6 ++++ testing/tests/ikev1/net2net-pgp-v3/evaltest.dat | 5 ++++ .../ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf | 22 +++++++++++++++ .../hosts/moon/etc/ipsec.d/certs/moonCert.asc | 15 ++++++++++ .../hosts/moon/etc/ipsec.d/certs/sunCert.asc | 15 ++++++++++ .../hosts/moon/etc/ipsec.d/private/moonKey.asc | 19 +++++++++++++ .../net2net-pgp-v3/hosts/moon/etc/ipsec.secrets | 3 ++ .../ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf | 22 +++++++++++++++ .../hosts/sun/etc/ipsec.d/certs/moonCert.asc | 15 ++++++++++ .../hosts/sun/etc/ipsec.d/certs/sunCert.asc | 15 ++++++++++ .../hosts/sun/etc/ipsec.d/private/sunKey.asc | 19 +++++++++++++ .../net2net-pgp-v3/hosts/sun/etc/ipsec.secrets | 3 ++ testing/tests/ikev1/net2net-pgp-v3/posttest.dat | 8 ++++++ testing/tests/ikev1/net2net-pgp-v3/pretest.dat | 8 ++++++ testing/tests/ikev1/net2net-pgp-v3/test.conf | 21 ++++++++++++++ testing/tests/ikev1/net2net-pgp-v4/description.txt | 6 ++++ testing/tests/ikev1/net2net-pgp-v4/evaltest.dat | 5 ++++ .../ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf | 22 +++++++++++++++ .../hosts/moon/etc/ipsec.d/certs/moonCert.asc | 24 ++++++++++++++++ .../hosts/moon/etc/ipsec.d/certs/sunCert.asc | 24 ++++++++++++++++ .../hosts/moon/etc/ipsec.d/private/moonKey.asc | 32 ++++++++++++++++++++++ .../net2net-pgp-v4/hosts/moon/etc/ipsec.secrets | 3 ++ .../ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf | 22 +++++++++++++++ .../hosts/sun/etc/ipsec.d/certs/moonCert.asc | 24 ++++++++++++++++ .../hosts/sun/etc/ipsec.d/certs/sunCert.asc | 24 ++++++++++++++++ .../hosts/sun/etc/ipsec.d/private/sunKey.asc | 32 ++++++++++++++++++++++ .../net2net-pgp-v4/hosts/sun/etc/ipsec.secrets | 3 ++ testing/tests/ikev1/net2net-pgp-v4/posttest.dat | 8 ++++++ testing/tests/ikev1/net2net-pgp-v4/pretest.dat | 8 ++++++ testing/tests/ikev1/net2net-pgp-v4/test.conf | 21 ++++++++++++++ testing/tests/ikev1/net2net-pgp/description.txt | 6 ---- testing/tests/ikev1/net2net-pgp/evaltest.dat | 5 ---- .../ikev1/net2net-pgp/hosts/moon/etc/ipsec.conf | 22 --------------- .../hosts/moon/etc/ipsec.d/certs/moonCert.asc | 15 ---------- .../hosts/moon/etc/ipsec.d/certs/sunCert.asc | 15 ---------- .../hosts/moon/etc/ipsec.d/private/moonKey.asc | 19 ------------- .../ikev1/net2net-pgp/hosts/moon/etc/ipsec.secrets | 3 -- .../ikev1/net2net-pgp/hosts/sun/etc/ipsec.conf | 22 --------------- .../hosts/sun/etc/ipsec.d/certs/moonCert.asc | 15 ---------- .../hosts/sun/etc/ipsec.d/certs/sunCert.asc | 15 ---------- .../hosts/sun/etc/ipsec.d/private/sunKey.asc | 19 ------------- .../ikev1/net2net-pgp/hosts/sun/etc/ipsec.secrets | 3 -- testing/tests/ikev1/net2net-pgp/posttest.dat | 8 ------ testing/tests/ikev1/net2net-pgp/pretest.dat | 8 ------ testing/tests/ikev1/net2net-pgp/test.conf | 21 -------------- .../ikev1/rw-cert/hosts/carol/etc/strongswan.conf | 1 + .../ikev1/rw-cert/hosts/moon/etc/strongswan.conf | 1 + 70 files changed, 732 insertions(+), 198 deletions(-) create mode 100644 testing/tests/ikev1/esp-alg-aes-ccm/description.txt create mode 100644 testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-aes-ccm/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-aes-ccm/test.conf create mode 100644 testing/tests/ikev1/esp-alg-aes-ctr/description.txt create mode 100644 testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-aes-ctr/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-aes-ctr/test.conf create mode 100644 testing/tests/ikev1/esp-alg-aes-gcm/description.txt create mode 100644 testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-aes-gcm/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-aes-gcm/test.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v3/description.txt create mode 100644 testing/tests/ikev1/net2net-pgp-v3/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/net2net-pgp-v3/posttest.dat create mode 100644 testing/tests/ikev1/net2net-pgp-v3/pretest.dat create mode 100644 testing/tests/ikev1/net2net-pgp-v3/test.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v4/description.txt create mode 100644 testing/tests/ikev1/net2net-pgp-v4/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc create mode 100644 testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/net2net-pgp-v4/posttest.dat create mode 100644 testing/tests/ikev1/net2net-pgp-v4/pretest.dat create mode 100644 testing/tests/ikev1/net2net-pgp-v4/test.conf delete mode 100644 testing/tests/ikev1/net2net-pgp/description.txt delete mode 100644 testing/tests/ikev1/net2net-pgp/evaltest.dat delete mode 100755 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/moonCert.asc delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/sunCert.asc delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/private/moonKey.asc delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.secrets delete mode 100755 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.conf delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/moonCert.asc delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/sunCert.asc delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/private/sunKey.asc delete mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.secrets delete mode 100644 testing/tests/ikev1/net2net-pgp/posttest.dat delete mode 100644 testing/tests/ikev1/net2net-pgp/pretest.dat delete mode 100644 testing/tests/ikev1/net2net-pgp/test.conf (limited to 'testing/tests/ikev1') diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/description.txt b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt new file mode 100644 index 000000000..9fe03b010 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ccm/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CCM_12_128 by defining esp=aes128ccm12-modp2048 or alternatively +esp=aes128ccm96-modp2048 in ipsec.conf. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat new file mode 100644 index 000000000..27a5207a1 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat @@ -0,0 +1,5 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +moon::ipsec statusall::AES_CCM_12_128::YES +carol::ipsec statusall::AES_CCM_12_128::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..f8baa00e1 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutodebug="control crypt" + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes128-sha256-modp2048! + esp=aes128ccm96-modp2048! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..d4f0c3adc --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutodebug="control crypt" + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes128-sha256-modp2048! + esp=aes128ccm12-modp2048! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/posttest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ccm/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ccm/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/test.conf b/testing/tests/ikev1/esp-alg-aes-ccm/test.conf new file mode 100644 index 000000000..2b240d895 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ccm/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/description.txt b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt new file mode 100644 index 000000000..fbcc48022 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ctr/description.txt @@ -0,0 +1,3 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_CTR_256 / AES_XCBC_96 by defining esp=aes256ctr-aesxcbc-modp2048 in ipsec.conf. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat new file mode 100644 index 000000000..6f1cd4c49 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat @@ -0,0 +1,7 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +moon::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES +carol::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES +moon::ip xfrm state::rfc3686(ctr(aes))::YES +carol::ip xfrm state::rfc3686(ctr(aes))::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..acb4126cf --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutodebug="control crypt" + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes256-sha512-modp2048! + esp=aes256ctr-aesxcbc-modp2048! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..b5baa2b5d --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutodebug="control crypt" + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes256-sha512-modp2048! + esp=aes256ctr-aesxcbc-modp2048! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/posttest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ctr/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ctr/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/test.conf b/testing/tests/ikev1/esp-alg-aes-ctr/test.conf new file mode 100644 index 000000000..2b240d895 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-ctr/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/description.txt b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt new file mode 100644 index 000000000..bd9521e0d --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gcm/description.txt @@ -0,0 +1,4 @@ +Roadwarrior carol proposes to gateway moon the ESP cipher suite +AES_GCM_16_256 by defining esp=aes256gcm16-modp2048 or alternatively +esp=aes256gcm128-modp2048 in ipsec.conf. +A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat new file mode 100644 index 000000000..d7d4666ed --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat @@ -0,0 +1,5 @@ +carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES +moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +moon::ipsec statusall::AES_GCM_16_256::YES +carol::ipsec statusall::AES_GCM_16_256::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..5026e0d9e --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutodebug="control crypt" + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes256-sha512-modp2048! + esp=aes256gcm128-modp2048! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..5fa07962e --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutodebug="control crypt" + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes256-sha512-modp2048! + esp=aes256gcm16-modp2048! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/posttest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gcm/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gcm/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/test.conf b/testing/tests/ikev1/esp-alg-aes-gcm/test.conf new file mode 100644 index 000000000..2b240d895 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gcm/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf index fe74cc285..9af94a18e 100755 --- a/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control + plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no charonstart=no diff --git a/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf index 33871d484..3501319a5 100755 --- a/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug=control + plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no charonstart=no diff --git a/testing/tests/ikev1/net2net-pgp-v3/description.txt b/testing/tests/ikev1/net2net-pgp-v3/description.txt new file mode 100644 index 000000000..bd680b57a --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/description.txt @@ -0,0 +1,6 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on OpenPGP V3 keys. Upon the successful +establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/ikev1/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev1/net2net-pgp-v3/evaltest.dat new file mode 100644 index 000000000..7cbf92687 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/evaltest.dat @@ -0,0 +1,5 @@ +moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES +sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..a54482489 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + nocrsend=yes + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.asc + leftfirewall=yes + right=PH_IP_SUN + rightsubnet=10.2.0.0/16 + rightcert=sunCert.asc + auto=add diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..135cfaec0 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/613A3B61 2005/08/07 moon + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 ++bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 +RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR +tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB +vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1 +f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac +t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP +=oaBj +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..32f204b10 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/79949ADD 2005/08/07 sun + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ +rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 +I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR +tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR +A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj +0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn +lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ== +=lLvB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc new file mode 100644 index 000000000..6524773e0 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc @@ -0,0 +1,19 @@ +Type Bits/KeyID Date User ID +sec 1024/613A3B61 2005/08/07 moon + +-----BEGIN PGP SECRET KEY BLOCK----- +Version: 2.6.3i + +lQHYA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 ++bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 +RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR +AAP9Fj7OaaCfTL3Met8yuS8ZGMDL/fq+4f2bM+OdPSgD4N1Fiye0B1QMCVGWI1Xd +JXS0+9QI0A3iD12YAnYwsP50KmsLHA69AqchN7BuimoMfHDXqpTSRW57E9MCEzQ9 +FFN8mVPRiDxAUro8qCjdHmk1vmtdt/PXn1BuXHE36SzZmmMCANBA4WHaO6MJshM6 +7StRicSCxoMn/lPcj6rfJS4EaS+a0MwECxKQ3HKTpP3/+7kaWfLI/D65Xmi3cVK3 +0CPwUK8CAP2RYWoBZPSA8dBGFYwR7W6bdNYhdmGmsVCaM7v4sVr0FwHwMERadByN +8v0n5As3ZbrCURRp68wuE+JjfOM5mO8CAM3ZK7AVlBOqkoI3X3Ji3yviLlsr2ET7 +QrVKFQBq7eUhwYFo6mVemEqQb61tGirq+qL4Wfk/7+FffZPsUyLX1amfjLQabW9v +biA8bW9vbi5zdHJvbmdzd2FuLm9yZz4= +=YFQm +-----END PGP SECRET KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..afb1ff927 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.asc diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..419adc2f2 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + nocrsend=yes + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn net-net + left=PH_IP_SUN + leftsubnet=10.2.0.0/16 + leftcert=sunCert.asc + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightcert=moonCert.asc + auto=add diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..135cfaec0 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/613A3B61 2005/08/07 moon + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 ++bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 +RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR +tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB +vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1 +f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac +t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP +=oaBj +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..32f204b10 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,15 @@ +Type Bits/KeyID Date User ID +pub 1024/79949ADD 2005/08/07 sun + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 2.6.3i + +mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ +rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 +I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR +tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR +A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj +0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn +lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ== +=lLvB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc new file mode 100644 index 000000000..de2393649 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc @@ -0,0 +1,19 @@ +Type Bits/KeyID Date User ID +sec 1024/79949ADD 2005/08/07 sun + +-----BEGIN PGP SECRET KEY BLOCK----- +Version: 2.6.3i + +lQHYA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ +rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 +I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR +AAP8DHxBOQ7UeiO6cutdGSLfy6nxGf/eRR8d3dNLFKpRfy9IQxPN/yQHb8pzSQUI +Pqi3V4PcJUJQJIMNqzzgyTyey/OdTc+IFngywRGKQowyD7vY+urVbcEDHe+sRTL1 +GvrsQGMZoXNDimABHn5NbT6Pc06xQ9rNvpCSyHMyzcylpk0CANqf96aEaryGJozg +vSN5GlS77rPJ9Y9mU2EJs1+0BlMcb7Sy4HN2RRc/V56ZmlW2m3UbGwPqG8R9XQQ2 +LO03bTcCAPiJbTcRdA/YnZExbZPgEnV5nq8tVXTc7bz1Sw7ZWRef0iZyIQEXbwLn +2Z2EJik9bQpkcVJSBV17cH7Av/VdIosCAKJPVoBETiVzWejIpGHHqbnmZC8P9rUs +xAXZbNukbL3YElLeopNMyddTi6kf45/m0sb7fr7rzW/OJ7WP8mDrGPec4rQYc3Vu +IDxzdW4uc3Ryb25nc3dhbi5vcmc+ +=DwEu +-----END PGP SECRET KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets new file mode 100644 index 000000000..ee98b1611 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA sunKey.asc diff --git a/testing/tests/ikev1/net2net-pgp-v3/posttest.dat b/testing/tests/ikev1/net2net-pgp-v3/posttest.dat new file mode 100644 index 000000000..fafcde975 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null +moon::rm /etc/ipsec.d/certs/* +moon::rm /etc/ipsec.d/private/* +sun::rm /etc/ipsec.d/certs/* +sun::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev1/net2net-pgp-v3/pretest.dat b/testing/tests/ikev1/net2net-pgp-v3/pretest.dat new file mode 100644 index 000000000..9e40684ab --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/pretest.dat @@ -0,0 +1,8 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::rm /etc/ipsec.d/cacerts/* +sun::rm /etc/ipsec.d/cacerts/* +moon::ipsec start +sun::ipsec start +moon::sleep 2 +moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-pgp-v3/test.conf b/testing/tests/ikev1/net2net-pgp-v3/test.conf new file mode 100644 index 000000000..f74d0f7d6 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v3/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev1/net2net-pgp-v4/description.txt b/testing/tests/ikev1/net2net-pgp-v4/description.txt new file mode 100644 index 000000000..c82eec9ba --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/description.txt @@ -0,0 +1,6 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on OpenPGP V4 keys. Upon the successful +establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/ikev1/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev1/net2net-pgp-v4/evaltest.dat new file mode 100644 index 000000000..7cbf92687 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/evaltest.dat @@ -0,0 +1,5 @@ +moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES +sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..a54482489 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + nocrsend=yes + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.asc + leftfirewall=yes + right=PH_IP_SUN + rightsubnet=10.2.0.0/16 + rightcert=sunCert.asc + auto=add diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..a512f8f52 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf +UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A +nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd +6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/ +I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f +JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAG0E21vb24uc3Ryb25nc3dh +bi5vcmeJATcEEwECACEFAkpg0UQCGwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AA +CgkQ9djQiWs7dNHHNQf/UiwJPioLef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8K +N2yl6/L8djIdox0jw3yCYhCWxf94N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K +1niLPYmJf5sMWXPAmetT6tNEHNhkmE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1Y +D4HulHK0nfMxf1gVmFhRFtGpzrGS26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk +/EoRdO7hDOAEk80Gp23bDX6ygnvsAqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv +1I5GZ96wAo+s+KZAXaHlxFvq7r6OMzxgEWTtyNTtG4kBHAQQAQIABgUCSmDShgAK +CRCXegSsjRY401hVB/9HlBSdkal26U8HmVSjblOpMhaEKWjAZG1VnhcA5/GstzHc +ql7CuciAzOfRY9kcUvvonjLLBEb6P8H7mNaosE0XtqBI+Il8w6FIsfqXG+w2lISt +21/OoS3uXmUD43xdGkJACgoQP3eAqscRnoiNq/Wrg4GFvMmhK3pu3UR0joFrxwoX +mIbpJ1CZFrYDhLRFWUMV+93rzde7UfIeSuPwuE96yTJFgc4QKKFKT+msELTko9Fb +G5N0Q//Rfy+mbqQlk7JVd2WqUMfSx6Fw9X8z88uQamdcgx2/6HzFSL1QiBNyF/3D +spAwu2H5T4gSZH3FywlmRp+JJzNy+aci+M/eTvDz +=j2hu +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..5117cbb04 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB +QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM +/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV +CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP +B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN +4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAG0EnN1bi5zdHJvbmdzd2Fu +Lm9yZ4kBNwQTAQIAIQUCSmDRuAIbAwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK +CRCXegSsjRY407LCCACqHrnT1xqsQRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g +0P+Scnu84xj1o5bRWX2WyPYZUgDY6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0 +eNYmehGoIes4JfQm08UM7roywGaaWAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/D +RLu5rvCB6m5u62RncmppraAYuQWRjZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG +6XXcCnBr/34g/bQXWRxBhbf91ewVaDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97j +vnvvZKUwbd/TRFJkorkhkRpA1wSrJ0tAsvODgc8biQEcBBABAgAGBQJKYNK9AAoJ +EPXY0IlrO3TR8X4H/2eabptQ49q6SX5bwZ+13QoGZdarAvFxVGbbhaRrOrbsYNbg +Wd8k6R/Uwz1qkH3RJBmANm2wcDYhXsztprUrQ3a5jIgZfc+ZH/0cZiFUWk004m7t +mXdvWsGkbxye0kUChQOP9/VJBgpOBnK4MngX7d3nwSIO75r4ugey2Aud/eOvrm5m +t5MJBANTGAnBGwqXtsDm7v0L9VQY6PuLIgPwftB+vwy/Ea8vU5AmFKVkfAR/pVIT +gELY5mDHaqLxgvfMVJ+PFkvb5HF7QdpIcxUjo3SNgyOyYpN+pfQQbVLkPoOs1xqf +lIbIyjzMp02KM3iRElcuU/EBEfsp0/voJ/iyd+o= +=tAh4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc new file mode 100644 index 000000000..59de821d6 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +lQOYBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf +UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A +nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd +6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/ +I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f +JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAEAB/42Vsa7NTpAgwe92+gx +nscTQsjTs9xf5VSQV6gRKWmUAQYNZoNDue2Ot5AeBJFWV8x++fWAZfrrkLJUkwu/ +Z8UcPbSuJhEsrG4F5B3owTy8cBPbNYd9c6JZAKFPBY8W5l9M5OQyUF1amiuk/1jX +BNPEN6SBK3j0IhZvQ2bIgCJrxUH9igvOig2HmfOYv11UMzOErSA/eGRSA+TrM+QK +BDCG1ae3dLe/pXtIuh1/jkLo7Byk0ofgv2+Ty/LSwBCj0vtUjtMHHRNZFRYFrNiN +S6FyrS7+Q9BJolNkuXT83i4dm208+6bKQBPxV3ZaLgf2y19/g5av8f745ercygQI +MdGBBADaWGKpev55Oom2gNV4jaQFaAc4K4OqW1IbsXk8QSl1iaoHmt9VlGP+A+8O +GG+h0cfIlUHnAC29Hs5lDnlByqdTnG9zTyOrnzZEY1+jFGGgs+O/ehS3riGI5dB8 +mwReZfY/aqp7naLkkymHuIAizmxkYORPZtTugyi99Zha4m8j4QQA+39fTOthVIYi +RXMzGknEjh9fMLvCkx33ghapCtc4ftJRACfaatQJVBG2li7LHbPg9fboIyG/x/Ey +iyGtPxwBLo7MJige6xpzVB4Qk+zLDCKouca29uY1rGQzZ0FTmMMtu3Rm+dKh9lLv +vg7ZJNTfhxldC+R/L/gOIBWEzy/iXaMD/2A+wQuKDLDRb9/sOiq/6z7Ryl6FPbTC +AvvNU3hJtRImfmHodob//zzYYgOY7exY/qubC6FsDW4AN+2iHesCdIzCrAG7v9X3 +Rn1WPq96FfY2y5b6qEl8Tx+a71TZi5RJRtoWPe3IolausE0T3IjRbWI4XgMu/T5o +Rmv/f5gyc5OxPpG0E21vb24uc3Ryb25nc3dhbi5vcmeJATcEEwECACEFAkpg0UQC +GwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AACgkQ9djQiWs7dNHHNQf/UiwJPioL +ef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8KN2yl6/L8djIdox0jw3yCYhCWxf94 +N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K1niLPYmJf5sMWXPAmetT6tNEHNhk +mE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1YD4HulHK0nfMxf1gVmFhRFtGpzrGS +26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk/EoRdO7hDOAEk80Gp23bDX6ygnvs +AqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv1I5GZ96wAo+s+KZAXaHlxFvq7r6O +MzxgEWTtyNTtGw== +=Vb4y +-----END PGP PRIVATE KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..afb1ff927 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.asc diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..419adc2f2 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + nocrsend=yes + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn net-net + left=PH_IP_SUN + leftsubnet=10.2.0.0/16 + leftcert=sunCert.asc + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightcert=moonCert.asc + auto=add diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc new file mode 100644 index 000000000..a512f8f52 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf +UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A +nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd +6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/ +I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f +JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAG0E21vb24uc3Ryb25nc3dh +bi5vcmeJATcEEwECACEFAkpg0UQCGwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AA +CgkQ9djQiWs7dNHHNQf/UiwJPioLef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8K +N2yl6/L8djIdox0jw3yCYhCWxf94N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K +1niLPYmJf5sMWXPAmetT6tNEHNhkmE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1Y +D4HulHK0nfMxf1gVmFhRFtGpzrGS26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk +/EoRdO7hDOAEk80Gp23bDX6ygnvsAqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv +1I5GZ96wAo+s+KZAXaHlxFvq7r6OMzxgEWTtyNTtG4kBHAQQAQIABgUCSmDShgAK +CRCXegSsjRY401hVB/9HlBSdkal26U8HmVSjblOpMhaEKWjAZG1VnhcA5/GstzHc +ql7CuciAzOfRY9kcUvvonjLLBEb6P8H7mNaosE0XtqBI+Il8w6FIsfqXG+w2lISt +21/OoS3uXmUD43xdGkJACgoQP3eAqscRnoiNq/Wrg4GFvMmhK3pu3UR0joFrxwoX +mIbpJ1CZFrYDhLRFWUMV+93rzde7UfIeSuPwuE96yTJFgc4QKKFKT+msELTko9Fb +G5N0Q//Rfy+mbqQlk7JVd2WqUMfSx6Fw9X8z88uQamdcgx2/6HzFSL1QiBNyF/3D +spAwu2H5T4gSZH3FywlmRp+JJzNy+aci+M/eTvDz +=j2hu +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc new file mode 100644 index 000000000..5117cbb04 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQENBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB +QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM +/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV +CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP +B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN +4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAG0EnN1bi5zdHJvbmdzd2Fu +Lm9yZ4kBNwQTAQIAIQUCSmDRuAIbAwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK +CRCXegSsjRY407LCCACqHrnT1xqsQRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g +0P+Scnu84xj1o5bRWX2WyPYZUgDY6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0 +eNYmehGoIes4JfQm08UM7roywGaaWAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/D +RLu5rvCB6m5u62RncmppraAYuQWRjZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG +6XXcCnBr/34g/bQXWRxBhbf91ewVaDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97j +vnvvZKUwbd/TRFJkorkhkRpA1wSrJ0tAsvODgc8biQEcBBABAgAGBQJKYNK9AAoJ +EPXY0IlrO3TR8X4H/2eabptQ49q6SX5bwZ+13QoGZdarAvFxVGbbhaRrOrbsYNbg +Wd8k6R/Uwz1qkH3RJBmANm2wcDYhXsztprUrQ3a5jIgZfc+ZH/0cZiFUWk004m7t +mXdvWsGkbxye0kUChQOP9/VJBgpOBnK4MngX7d3nwSIO75r4ugey2Aud/eOvrm5m +t5MJBANTGAnBGwqXtsDm7v0L9VQY6PuLIgPwftB+vwy/Ea8vU5AmFKVkfAR/pVIT +gELY5mDHaqLxgvfMVJ+PFkvb5HF7QdpIcxUjo3SNgyOyYpN+pfQQbVLkPoOs1xqf +lIbIyjzMp02KM3iRElcuU/EBEfsp0/voJ/iyd+o= +=tAh4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc new file mode 100644 index 000000000..68899ae37 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +lQOYBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB +QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM +/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV +CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP +B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN +4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAEAB/0XU57hkU9R6mSoALnt +Qh+aqsDjOEvEllPTGmH+icFipJP9g0lr+B8EQ0egCUyj3Kb36mS7Yw+0Bv4WDxlh +9bm7Iohhn7vIWz9Y4HvjSWi+vGJLiWI+TkkqLz0zUAGemTjU2snKzNfwDrd3WFRn +VsZxKxpiBAITzk+nWSHGp+yCfl3NVaA/MYAI+FgiQlq/qTCRreEsexAJ09weDLGN +P95V4E6LACRy+wiy7X0lRzS1047UUtTcZUF6c5ERfgAGT5NKT/ZA4THZy5pPrSOw +bRIHbozSlWbnrZNz8DNa4iyHsEw/42IvjU/LflmGWL2hvVxA40ezlxGVi5ea5gFV +5q9dBADWGXToEaHMqie/HAC4+1/VCTmAvqIKcegNWHCL1PGYBBfRonF/TDcbkawy +0ATlk+rkyTaRvkapb1LdqE1qThGQWC6iLb3v8E2UEizCM1VFo2EqcKxbCoJdsEtR +mrK/zIqZ/h/4iEu/ekLPeDwdIWWdBlfYTtTwdMH40eoPOLyo/QQA7+dSOQcAUp8H +1NuNpyK+9M3/mkpXRF3cqdiY7AnHIf4WWDtgDUHugtO8HlAkq4cL27QYBojVHCqB +P+NLJo6A35nNbt2IPqAotCgk8NlgtsA+oJ9tvWGarOLMnIt0eBv80blqa5PGeoFt +EuYxYO2bRAE2cQtMXPMLKpl3VKSRMR8EAKINBJ81zq2twDG1qvRg40XAz2LOKkFd +B+fNAd0JSC8+qx4MMdn0iL6WaCIN6t1wzI7l1whLUc7f3MPF2dwrsrB9j3MgHppr +GBLl0A3a1tIkWPAejMcpSgFR63ooQQgoX+XH0woST3wgHTZT6fF+zFn3eaGJ3wqv +JNcE4vcbJf1COoi0EnN1bi5zdHJvbmdzd2FuLm9yZ4kBNwQTAQIAIQUCSmDRuAIb +AwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAKCRCXegSsjRY407LCCACqHrnT1xqs +QRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g0P+Scnu84xj1o5bRWX2WyPYZUgDY +6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0eNYmehGoIes4JfQm08UM7roywGaa +WAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/DRLu5rvCB6m5u62RncmppraAYuQWR +jZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG6XXcCnBr/34g/bQXWRxBhbf91ewV +aDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97jvnvvZKUwbd/TRFJkorkhkRpA1wSr +J0tAsvODgc8b +=QOF4 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets new file mode 100644 index 000000000..ee98b1611 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA sunKey.asc diff --git a/testing/tests/ikev1/net2net-pgp-v4/posttest.dat b/testing/tests/ikev1/net2net-pgp-v4/posttest.dat new file mode 100644 index 000000000..fafcde975 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null +moon::rm /etc/ipsec.d/certs/* +moon::rm /etc/ipsec.d/private/* +sun::rm /etc/ipsec.d/certs/* +sun::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev1/net2net-pgp-v4/pretest.dat b/testing/tests/ikev1/net2net-pgp-v4/pretest.dat new file mode 100644 index 000000000..9e40684ab --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/pretest.dat @@ -0,0 +1,8 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::rm /etc/ipsec.d/cacerts/* +sun::rm /etc/ipsec.d/cacerts/* +moon::ipsec start +sun::ipsec start +moon::sleep 2 +moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-pgp-v4/test.conf b/testing/tests/ikev1/net2net-pgp-v4/test.conf new file mode 100644 index 000000000..f74d0f7d6 --- /dev/null +++ b/testing/tests/ikev1/net2net-pgp-v4/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev1/net2net-pgp/description.txt b/testing/tests/ikev1/net2net-pgp/description.txt deleted file mode 100644 index c85f2e5d0..000000000 --- a/testing/tests/ikev1/net2net-pgp/description.txt +++ /dev/null @@ -1,6 +0,0 @@ -A connection between the subnets behind the gateways moon and sun is set up. -The authentication is based on OpenPGP keys. Upon the successful -establishment of the IPsec tunnel, leftfirewall=yes automatically -inserts iptables-based firewall rules that let pass the tunneled traffic. -In order to test both tunnel and firewall, client alice behind gateway moon -pings client bob located behind gateway sun. diff --git a/testing/tests/ikev1/net2net-pgp/evaltest.dat b/testing/tests/ikev1/net2net-pgp/evaltest.dat deleted file mode 100644 index 7cbf92687..000000000 --- a/testing/tests/ikev1/net2net-pgp/evaltest.dat +++ /dev/null @@ -1,5 +0,0 @@ -moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES -sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES -sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.conf deleted file mode 100755 index a54482489..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug=control - nocrsend=yes - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn net-net - left=PH_IP_MOON - leftsubnet=10.1.0.0/16 - leftcert=moonCert.asc - leftfirewall=yes - right=PH_IP_SUN - rightsubnet=10.2.0.0/16 - rightcert=sunCert.asc - auto=add diff --git a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/moonCert.asc deleted file mode 100644 index 135cfaec0..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/moonCert.asc +++ /dev/null @@ -1,15 +0,0 @@ -Type Bits/KeyID Date User ID -pub 1024/613A3B61 2005/08/07 moon - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3i - -mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 -+bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 -RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR -tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB -vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1 -f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac -t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP -=oaBj ------END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/sunCert.asc deleted file mode 100644 index 32f204b10..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/sunCert.asc +++ /dev/null @@ -1,15 +0,0 @@ -Type Bits/KeyID Date User ID -pub 1024/79949ADD 2005/08/07 sun - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3i - -mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ -rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 -I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR -tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR -A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj -0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn -lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ== -=lLvB ------END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/private/moonKey.asc b/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/private/moonKey.asc deleted file mode 100644 index 6524773e0..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/private/moonKey.asc +++ /dev/null @@ -1,19 +0,0 @@ -Type Bits/KeyID Date User ID -sec 1024/613A3B61 2005/08/07 moon - ------BEGIN PGP SECRET KEY BLOCK----- -Version: 2.6.3i - -lQHYA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 -+bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 -RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR -AAP9Fj7OaaCfTL3Met8yuS8ZGMDL/fq+4f2bM+OdPSgD4N1Fiye0B1QMCVGWI1Xd -JXS0+9QI0A3iD12YAnYwsP50KmsLHA69AqchN7BuimoMfHDXqpTSRW57E9MCEzQ9 -FFN8mVPRiDxAUro8qCjdHmk1vmtdt/PXn1BuXHE36SzZmmMCANBA4WHaO6MJshM6 -7StRicSCxoMn/lPcj6rfJS4EaS+a0MwECxKQ3HKTpP3/+7kaWfLI/D65Xmi3cVK3 -0CPwUK8CAP2RYWoBZPSA8dBGFYwR7W6bdNYhdmGmsVCaM7v4sVr0FwHwMERadByN -8v0n5As3ZbrCURRp68wuE+JjfOM5mO8CAM3ZK7AVlBOqkoI3X3Ji3yviLlsr2ET7 -QrVKFQBq7eUhwYFo6mVemEqQb61tGirq+qL4Wfk/7+FffZPsUyLX1amfjLQabW9v -biA8bW9vbi5zdHJvbmdzd2FuLm9yZz4= -=YFQm ------END PGP SECRET KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.secrets deleted file mode 100644 index afb1ff927..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA moonKey.asc diff --git a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.conf deleted file mode 100755 index 419adc2f2..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.conf +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - plutodebug=control - nocrsend=yes - charonstart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn net-net - left=PH_IP_SUN - leftsubnet=10.2.0.0/16 - leftcert=sunCert.asc - leftfirewall=yes - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightcert=moonCert.asc - auto=add diff --git a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/moonCert.asc deleted file mode 100644 index 135cfaec0..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/moonCert.asc +++ /dev/null @@ -1,15 +0,0 @@ -Type Bits/KeyID Date User ID -pub 1024/613A3B61 2005/08/07 moon - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3i - -mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61 -+bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9 -RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR -tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB -vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1 -f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac -t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP -=oaBj ------END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/sunCert.asc deleted file mode 100644 index 32f204b10..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/sunCert.asc +++ /dev/null @@ -1,15 +0,0 @@ -Type Bits/KeyID Date User ID -pub 1024/79949ADD 2005/08/07 sun - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3i - -mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ -rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 -I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR -tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR -A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj -0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn -lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ== -=lLvB ------END PGP PUBLIC KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/private/sunKey.asc b/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/private/sunKey.asc deleted file mode 100644 index de2393649..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/private/sunKey.asc +++ /dev/null @@ -1,19 +0,0 @@ -Type Bits/KeyID Date User ID -sec 1024/79949ADD 2005/08/07 sun - ------BEGIN PGP SECRET KEY BLOCK----- -Version: 2.6.3i - -lQHYA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ -rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7 -I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR -AAP8DHxBOQ7UeiO6cutdGSLfy6nxGf/eRR8d3dNLFKpRfy9IQxPN/yQHb8pzSQUI -Pqi3V4PcJUJQJIMNqzzgyTyey/OdTc+IFngywRGKQowyD7vY+urVbcEDHe+sRTL1 -GvrsQGMZoXNDimABHn5NbT6Pc06xQ9rNvpCSyHMyzcylpk0CANqf96aEaryGJozg -vSN5GlS77rPJ9Y9mU2EJs1+0BlMcb7Sy4HN2RRc/V56ZmlW2m3UbGwPqG8R9XQQ2 -LO03bTcCAPiJbTcRdA/YnZExbZPgEnV5nq8tVXTc7bz1Sw7ZWRef0iZyIQEXbwLn -2Z2EJik9bQpkcVJSBV17cH7Av/VdIosCAKJPVoBETiVzWejIpGHHqbnmZC8P9rUs -xAXZbNukbL3YElLeopNMyddTi6kf45/m0sb7fr7rzW/OJ7WP8mDrGPec4rQYc3Vu -IDxzdW4uc3Ryb25nc3dhbi5vcmc+ -=DwEu ------END PGP SECRET KEY BLOCK----- diff --git a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.secrets deleted file mode 100644 index ee98b1611..000000000 --- a/testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA sunKey.asc diff --git a/testing/tests/ikev1/net2net-pgp/posttest.dat b/testing/tests/ikev1/net2net-pgp/posttest.dat deleted file mode 100644 index fafcde975..000000000 --- a/testing/tests/ikev1/net2net-pgp/posttest.dat +++ /dev/null @@ -1,8 +0,0 @@ -moon::ipsec stop -sun::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -sun::/etc/init.d/iptables stop 2> /dev/null -moon::rm /etc/ipsec.d/certs/* -moon::rm /etc/ipsec.d/private/* -sun::rm /etc/ipsec.d/certs/* -sun::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev1/net2net-pgp/pretest.dat b/testing/tests/ikev1/net2net-pgp/pretest.dat deleted file mode 100644 index 9e40684ab..000000000 --- a/testing/tests/ikev1/net2net-pgp/pretest.dat +++ /dev/null @@ -1,8 +0,0 @@ -moon::/etc/init.d/iptables start 2> /dev/null -sun::/etc/init.d/iptables start 2> /dev/null -moon::rm /etc/ipsec.d/cacerts/* -sun::rm /etc/ipsec.d/cacerts/* -moon::ipsec start -sun::ipsec start -moon::sleep 2 -moon::ipsec up net-net diff --git a/testing/tests/ikev1/net2net-pgp/test.conf b/testing/tests/ikev1/net2net-pgp/test.conf deleted file mode 100644 index f74d0f7d6..000000000 --- a/testing/tests/ikev1/net2net-pgp/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice moon winnetou sun bob" - -# Corresponding block diagram -# -DIAGRAM="a-m-w-s-b.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="sun" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf index 304ef99e0..ac4b8d589 100644 --- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf @@ -8,6 +8,7 @@ pluto { libstrongswan { dh_exponent_ansi_x9_42 = no + integrity_test = yes crypto_test { on_add = yes } diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf index 304ef99e0..ac4b8d589 100644 --- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf @@ -8,6 +8,7 @@ pluto { libstrongswan { dh_exponent_ansi_x9_42 = no + integrity_test = yes crypto_test { on_add = yes } -- cgit v1.2.3