From c1343b3278cdf99533b7902744d15969f9d6fdc1 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Wed, 2 Jan 2013 14:18:20 +0100 Subject: Imported Upstream version 5.0.1 --- testing/tests/ikev2/rw-whitelist/evaltest.dat | 20 ++++++++++---------- .../ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf | 3 --- .../rw-whitelist/hosts/carol/etc/strongswan.conf | 2 +- .../ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf | 3 --- .../rw-whitelist/hosts/dave/etc/strongswan.conf | 2 +- .../ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf | 3 --- .../rw-whitelist/hosts/moon/etc/strongswan.conf | 2 +- 7 files changed, 13 insertions(+), 22 deletions(-) mode change 100755 => 100644 testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf mode change 100755 => 100644 testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf mode change 100755 => 100644 testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf (limited to 'testing/tests/ikev2/rw-whitelist') diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat index 733cfd844..d6f71d7c0 100644 --- a/testing/tests/ikev2/rw-whitelist/evaltest.dat +++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat @@ -1,14 +1,14 @@ -moon::cat /var/log/daemon.log::whitelist functionality was already enabled::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES -carol::ipsec status::home.*INSTALLED::YES +moon:: cat /var/log/daemon.log::whitelist functionality was already enabled::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES -dave::ipsec status::home.*INSTALLED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::NO +dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf old mode 100755 new mode 100644 index a19f6cfae..8c6c28bd6 --- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf old mode 100755 new mode 100644 index 1a89f4e5d..72b8a59c0 --- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf index 339b56987..dc937641c 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf old mode 100755 new mode 100644 index 0b4cded6c..85c48a7bb --- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf @@ -1,9 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf index 938b45518..984985a1a 100644 --- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc whitelist stroke kernel-netlink socket-default updown plugins { whitelist { enable = yes -- cgit v1.2.3