From 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Wed, 18 Nov 2015 14:49:27 +0100 Subject: Imported Upstream version 5.3.4 --- testing/tests/ikev2/acert-cached/evaltest.dat | 2 +- testing/tests/ikev2/acert-cached/pretest.dat | 3 ++- testing/tests/ikev2/acert-fallback/evaltest.dat | 2 +- testing/tests/ikev2/acert-fallback/pretest.dat | 2 +- testing/tests/ikev2/acert-inline/evaltest.dat | 2 +- testing/tests/ikev2/acert-inline/pretest.dat | 3 ++- testing/tests/ikev2/after-2038-certs/pretest.dat | 2 +- testing/tests/ikev2/alg-3des-md5/pretest.dat | 2 +- testing/tests/ikev2/alg-aes-ccm/pretest.dat | 2 +- testing/tests/ikev2/alg-aes-ctr/pretest.dat | 2 +- testing/tests/ikev2/alg-aes-gcm/pretest.dat | 2 +- testing/tests/ikev2/alg-aes-xcbc/pretest.dat | 2 +- testing/tests/ikev2/alg-blowfish/pretest.dat | 3 ++- testing/tests/ikev2/alg-chacha20poly1305/pretest.dat | 2 +- testing/tests/ikev2/alg-modp-subgroup/pretest.dat | 3 ++- testing/tests/ikev2/alg-sha256-96/pretest.dat | 2 +- testing/tests/ikev2/alg-sha256/pretest.dat | 2 +- testing/tests/ikev2/alg-sha384/pretest.dat | 2 +- testing/tests/ikev2/alg-sha512/pretest.dat | 2 +- testing/tests/ikev2/any-interface/pretest.dat | 9 +++++---- testing/tests/ikev2/compress/pretest.dat | 2 +- testing/tests/ikev2/config-payload-swapped/pretest.dat | 4 ++-- testing/tests/ikev2/config-payload/pretest.dat | 4 ++-- testing/tests/ikev2/critical-extension/pretest.dat | 2 +- testing/tests/ikev2/crl-from-cache/pretest.dat | 2 +- testing/tests/ikev2/crl-ldap/pretest.dat | 3 +-- testing/tests/ikev2/crl-revoked/pretest.dat | 2 +- testing/tests/ikev2/crl-to-cache/pretest.dat | 2 +- testing/tests/ikev2/default-keys/pretest.dat | 4 ++-- testing/tests/ikev2/dhcp-dynamic/pretest.dat | 4 ++-- testing/tests/ikev2/dhcp-static-client-id/pretest.dat | 4 ++-- testing/tests/ikev2/dhcp-static-mac/pretest.dat | 4 ++-- testing/tests/ikev2/double-nat-net/pretest.dat | 3 +-- testing/tests/ikev2/double-nat/pretest.dat | 3 +-- testing/tests/ikev2/dpd-clear/description.txt | 2 +- testing/tests/ikev2/dpd-clear/evaltest.dat | 4 ++-- testing/tests/ikev2/dpd-clear/pretest.dat | 2 +- testing/tests/ikev2/dpd-hold/evaltest.dat | 8 ++++---- testing/tests/ikev2/dpd-hold/pretest.dat | 2 +- testing/tests/ikev2/dpd-restart/evaltest.dat | 6 +++--- testing/tests/ikev2/dpd-restart/pretest.dat | 2 +- testing/tests/ikev2/dynamic-initiator/description.txt | 6 +++--- testing/tests/ikev2/dynamic-initiator/posttest.dat | 1 - testing/tests/ikev2/dynamic-initiator/pretest.dat | 5 ++--- testing/tests/ikev2/dynamic-two-peers/posttest.dat | 1 - testing/tests/ikev2/dynamic-two-peers/pretest.dat | 4 ++-- testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat | 2 +- testing/tests/ikev2/esp-alg-md5-128/pretest.dat | 3 +-- testing/tests/ikev2/esp-alg-null/pretest.dat | 3 +-- testing/tests/ikev2/esp-alg-sha1-160/pretest.dat | 3 +-- testing/tests/ikev2/farp/pretest.dat | 4 ++-- testing/tests/ikev2/force-udp-encaps/pretest.dat | 4 +--- testing/tests/ikev2/forecast/pretest.dat | 4 ++-- testing/tests/ikev2/host2host-ah/pretest.dat | 2 +- testing/tests/ikev2/host2host-cert/pretest.dat | 2 +- testing/tests/ikev2/host2host-swapped/pretest.dat | 2 +- testing/tests/ikev2/host2host-transport/pretest.dat | 2 +- testing/tests/ikev2/inactivity-timeout/evaltest.dat | 4 ++-- testing/tests/ikev2/inactivity-timeout/pretest.dat | 3 +-- .../tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/ip-pool-db/posttest.dat | 1 - testing/tests/ikev2/ip-pool-db/pretest.dat | 10 +++++----- testing/tests/ikev2/ip-pool-db/test.conf | 4 ++++ testing/tests/ikev2/ip-pool-wish/pretest.dat | 4 ++-- testing/tests/ikev2/ip-pool/pretest.dat | 4 ++-- .../ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/ip-split-pools-db/posttest.dat | 1 - testing/tests/ikev2/ip-split-pools-db/pretest.dat | 8 ++++---- testing/tests/ikev2/ip-split-pools-db/test.conf | 4 ++++ .../ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/ip-two-pools-db/posttest.dat | 1 - testing/tests/ikev2/ip-two-pools-db/pretest.dat | 12 +++++++----- testing/tests/ikev2/ip-two-pools-db/test.conf | 4 ++++ .../ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/ip-two-pools-mixed/posttest.dat | 1 - testing/tests/ikev2/ip-two-pools-mixed/pretest.dat | 10 +++++----- testing/tests/ikev2/ip-two-pools-mixed/test.conf | 4 ++++ .../ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/ip-two-pools-v4v6-db/posttest.dat | 1 - testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat | 6 +++--- testing/tests/ikev2/ip-two-pools-v4v6-db/test.conf | 4 ++++ testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat | 2 +- testing/tests/ikev2/ip-two-pools/posttest.dat | 1 - testing/tests/ikev2/ip-two-pools/pretest.dat | 4 ++-- testing/tests/ikev2/lookip/pretest.dat | 4 ++-- .../tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules | 6 +++++- testing/tests/ikev2/mobike-nat/pretest.dat | 3 +-- .../ikev2/mobike-virtual-ip/hosts/alice/etc/iptables.rules | 4 ++++ testing/tests/ikev2/mobike-virtual-ip/pretest.dat | 3 +-- testing/tests/ikev2/mobike/hosts/alice/etc/iptables.rules | 4 ++++ testing/tests/ikev2/mobike/pretest.dat | 3 +-- testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat | 2 +- testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat | 4 ++-- testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat | 3 ++- testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat | 3 ++- testing/tests/ikev2/multi-level-ca-ldap/pretest.dat | 7 +++++-- testing/tests/ikev2/multi-level-ca-loop/pretest.dat | 2 +- testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat | 4 ++-- testing/tests/ikev2/multi-level-ca-revoked/pretest.dat | 2 +- testing/tests/ikev2/multi-level-ca-strict/pretest.dat | 5 ++++- testing/tests/ikev2/multi-level-ca/posttest.dat | 1 - testing/tests/ikev2/multi-level-ca/pretest.dat | 5 ++++- testing/tests/ikev2/nat-rw-mark/pretest.dat | 5 ++--- testing/tests/ikev2/nat-rw-psk/pretest.dat | 5 ++--- testing/tests/ikev2/nat-rw/pretest.dat | 5 ++--- testing/tests/ikev2/nat-virtual-ip/pretest.dat | 3 +-- testing/tests/ikev2/net2net-ah/pretest.dat | 2 +- testing/tests/ikev2/net2net-cert-sha2/pretest.dat | 2 +- testing/tests/ikev2/net2net-cert/pretest.dat | 2 +- testing/tests/ikev2/net2net-dnscert/pretest.dat | 2 +- testing/tests/ikev2/net2net-dnssec/pretest.dat | 2 +- testing/tests/ikev2/net2net-esn/pretest.dat | 2 +- testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat | 2 +- testing/tests/ikev2/net2net-ntru-cert/pretest.dat | 2 +- testing/tests/ikev2/net2net-pgp-v3/pretest.dat | 2 +- testing/tests/ikev2/net2net-pgp-v4/pretest.dat | 2 +- testing/tests/ikev2/net2net-pkcs12/pretest.dat | 2 +- testing/tests/ikev2/net2net-psk-dscp/pretest.dat | 5 +++-- testing/tests/ikev2/net2net-psk-fail/pretest.dat | 2 +- testing/tests/ikev2/net2net-psk/pretest.dat | 2 +- testing/tests/ikev2/net2net-rfc3779/pretest.dat | 3 +-- testing/tests/ikev2/net2net-route/pretest.dat | 4 ++-- testing/tests/ikev2/net2net-rsa/pretest.dat | 2 +- testing/tests/ikev2/net2net-same-nets/pretest.dat | 2 +- testing/tests/ikev2/net2net-start/pretest.dat | 3 +-- testing/tests/ikev2/ocsp-local-cert/pretest.dat | 2 +- testing/tests/ikev2/ocsp-multi-level/pretest.dat | 3 ++- testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat | 4 ++-- testing/tests/ikev2/ocsp-revoked/pretest.dat | 2 +- testing/tests/ikev2/ocsp-root-cert/pretest.dat | 2 +- testing/tests/ikev2/ocsp-signer-cert/pretest.dat | 2 +- testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat | 2 +- testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat | 3 ++- testing/tests/ikev2/ocsp-timeouts-good/description.txt | 2 +- testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat | 4 ++-- .../hosts/winnetou/etc/openssl/ocsp/ocsp.cgi | 2 +- testing/tests/ikev2/ocsp-timeouts-good/pretest.dat | 2 +- testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat | 2 +- testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat | 6 +++--- testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat | 4 ++-- testing/tests/ikev2/protoport-dual/pretest.dat | 3 ++- testing/tests/ikev2/protoport-route/pretest.dat | 6 +++--- testing/tests/ikev2/reauth-early/pretest.dat | 2 +- testing/tests/ikev2/reauth-late/pretest.dat | 2 +- testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat | 2 +- testing/tests/ikev2/reauth-mbb/pretest.dat | 2 +- testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-cert/pretest.dat | 4 +++- testing/tests/ikev2/rw-dnssec/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-dynamic/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat | 8 ++++---- testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat | 6 ++++-- testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-md5-radius/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-peap-md5/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-peap-radius/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat | 2 +- testing/tests/ikev2/rw-eap-sim-radius/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-tls-only/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-tls-radius/pretest.dat | 3 +-- testing/tests/ikev2/rw-eap-ttls-only/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat | 4 ++-- testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat | 4 ++-- testing/tests/ikev2/rw-hash-and-url/pretest.dat | 3 ++- .../ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf | 4 ---- testing/tests/ikev2/rw-initiator-only/pretest.dat | 3 ++- testing/tests/ikev2/rw-mark-in-out/pretest.dat | 11 +++++------ testing/tests/ikev2/rw-ntru-bliss/evaltest.dat | 8 ++++---- testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf | 1 + .../ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf | 1 + .../tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf | 1 + .../tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf | 2 +- testing/tests/ikev2/rw-ntru-bliss/pretest.dat | 4 ++-- testing/tests/ikev2/rw-ntru-psk/pretest.dat | 4 ++-- testing/tests/ikev2/rw-pkcs8/pretest.dat | 3 ++- testing/tests/ikev2/rw-psk-fqdn/pretest.dat | 3 ++- testing/tests/ikev2/rw-psk-ipv4/pretest.dat | 3 ++- testing/tests/ikev2/rw-psk-no-idr/pretest.dat | 3 ++- testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat | 3 ++- testing/tests/ikev2/rw-psk-rsa-split/pretest.dat | 3 ++- testing/tests/ikev2/rw-radius-accounting/pretest.dat | 3 +-- testing/tests/ikev2/rw-sig-auth/pretest.dat | 6 ++++-- testing/tests/ikev2/rw-whitelist/evaltest.dat | 2 +- testing/tests/ikev2/strong-keys-certs/pretest.dat | 4 ++-- testing/tests/ikev2/trap-any/evaltest.dat | 10 +++++----- testing/tests/ikev2/two-certs/pretest.dat | 4 ++-- testing/tests/ikev2/virtual-ip-override/pretest.dat | 3 ++- testing/tests/ikev2/virtual-ip/pretest.dat | 3 ++- testing/tests/ikev2/wildcards/pretest.dat | 5 ++++- 204 files changed, 348 insertions(+), 318 deletions(-) (limited to 'testing/tests/ikev2') diff --git a/testing/tests/ikev2/acert-cached/evaltest.dat b/testing/tests/ikev2/acert-cached/evaltest.dat index 682c55ce2..c0bb035a1 100644 --- a/testing/tests/ikev2/acert-cached/evaltest.dat +++ b/testing/tests/ikev2/acert-cached/evaltest.dat @@ -5,7 +5,7 @@ moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave moon::cat /var/log/daemon.log::constraint check failed: group membership to 'sales' required::YES dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/ikev2/acert-cached/pretest.dat b/testing/tests/ikev2/acert-cached/pretest.dat index 8bbea1412..a55cf37b2 100644 --- a/testing/tests/ikev2/acert-cached/pretest.dat +++ b/testing/tests/ikev2/acert-cached/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/acert-fallback/evaltest.dat b/testing/tests/ikev2/acert-fallback/evaltest.dat index 985f3208e..17d83d182 100644 --- a/testing/tests/ikev2/acert-fallback/evaltest.dat +++ b/testing/tests/ikev2/acert-fallback/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::finance.*: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon:: ipsec status 2> /dev/null::sales.*: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon::cat /var/log/daemon.log::constraint check failed: group membership to 'finance' required::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/acert-fallback/pretest.dat b/testing/tests/ikev2/acert-fallback/pretest.dat index baacc1605..de4acbbf0 100644 --- a/testing/tests/ikev2/acert-fallback/pretest.dat +++ b/testing/tests/ikev2/acert-fallback/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/acert-inline/evaltest.dat b/testing/tests/ikev2/acert-inline/evaltest.dat index ba448f81b..98128e715 100644 --- a/testing/tests/ikev2/acert-inline/evaltest.dat +++ b/testing/tests/ikev2/acert-inline/evaltest.dat @@ -8,7 +8,7 @@ dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O dave::cat /var/log/daemon.log::sending attribute certificate issued by \"C=CH, O=Linux strongSwan, CN=expired AA\"::YES dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/ikev2/acert-inline/pretest.dat b/testing/tests/ikev2/acert-inline/pretest.dat index 8bbea1412..a55cf37b2 100644 --- a/testing/tests/ikev2/acert-inline/pretest.dat +++ b/testing/tests/ikev2/acert-inline/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/after-2038-certs/pretest.dat b/testing/tests/ikev2/after-2038-certs/pretest.dat index baacc1605..de4acbbf0 100644 --- a/testing/tests/ikev2/after-2038-certs/pretest.dat +++ b/testing/tests/ikev2/after-2038-certs/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-3des-md5/pretest.dat b/testing/tests/ikev2/alg-3des-md5/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-3des-md5/pretest.dat +++ b/testing/tests/ikev2/alg-3des-md5/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-ccm/pretest.dat b/testing/tests/ikev2/alg-aes-ccm/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-aes-ccm/pretest.dat +++ b/testing/tests/ikev2/alg-aes-ccm/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-ctr/pretest.dat b/testing/tests/ikev2/alg-aes-ctr/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-aes-ctr/pretest.dat +++ b/testing/tests/ikev2/alg-aes-ctr/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-gcm/pretest.dat b/testing/tests/ikev2/alg-aes-gcm/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-aes-gcm/pretest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-aes-xcbc/pretest.dat b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/pretest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-blowfish/pretest.dat b/testing/tests/ikev2/alg-blowfish/pretest.dat index 8bbea1412..a55cf37b2 100644 --- a/testing/tests/ikev2/alg-blowfish/pretest.dat +++ b/testing/tests/ikev2/alg-blowfish/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat +++ b/testing/tests/ikev2/alg-chacha20poly1305/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat index 8bbea1412..a55cf37b2 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat +++ b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/alg-sha256-96/pretest.dat b/testing/tests/ikev2/alg-sha256-96/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-sha256-96/pretest.dat +++ b/testing/tests/ikev2/alg-sha256-96/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha256/pretest.dat b/testing/tests/ikev2/alg-sha256/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-sha256/pretest.dat +++ b/testing/tests/ikev2/alg-sha256/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha384/pretest.dat b/testing/tests/ikev2/alg-sha384/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-sha384/pretest.dat +++ b/testing/tests/ikev2/alg-sha384/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/alg-sha512/pretest.dat b/testing/tests/ikev2/alg-sha512/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/alg-sha512/pretest.dat +++ b/testing/tests/ikev2/alg-sha512/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/any-interface/pretest.dat b/testing/tests/ikev2/any-interface/pretest.dat index 0a6ce8be4..2f27224d2 100644 --- a/testing/tests/ikev2/any-interface/pretest.dat +++ b/testing/tests/ikev2/any-interface/pretest.dat @@ -4,7 +4,8 @@ alice::ipsec start moon::ipsec start sun::ipsec start bob::ipsec start -moon::sleep 2 -moon::ping -n -c 3 -s 8184 -p deadbeef PH_IP_ALICE -moon::ping -n -c 3 -s 8184 -p deadbeef PH_IP_SUN -bob::ping -n -c 3 -s 8184 -p deadbeef PH_IP_SUN1 +moon::expect-connection alice +moon::ping -n -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef PH_IP_ALICE +moon::ping -n -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef PH_IP_SUN +bob::expect-connection sun +bob::ping -n -c 3 -W 1 -i 0.2 -s 8184 -p deadbeef PH_IP_SUN1 diff --git a/testing/tests/ikev2/compress/pretest.dat b/testing/tests/ikev2/compress/pretest.dat index 29a90355f..1fd37b6a8 100644 --- a/testing/tests/ikev2/compress/pretest.dat +++ b/testing/tests/ikev2/compress/pretest.dat @@ -2,5 +2,5 @@ carol::iptables-restore < /etc/iptables.rules moon::iptables-restore < /etc/iptables.rules carol::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/config-payload-swapped/pretest.dat b/testing/tests/ikev2/config-payload-swapped/pretest.dat index 3864bdac3..2d09e88ce 100644 --- a/testing/tests/ikev2/config-payload-swapped/pretest.dat +++ b/testing/tests/ikev2/config-payload-swapped/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/config-payload/pretest.dat b/testing/tests/ikev2/config-payload/pretest.dat index 3864bdac3..2d09e88ce 100644 --- a/testing/tests/ikev2/config-payload/pretest.dat +++ b/testing/tests/ikev2/config-payload/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/critical-extension/pretest.dat b/testing/tests/ikev2/critical-extension/pretest.dat index c724e5df8..1732d6efa 100644 --- a/testing/tests/ikev2/critical-extension/pretest.dat +++ b/testing/tests/ikev2/critical-extension/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/crl-from-cache/pretest.dat b/testing/tests/ikev2/crl-from-cache/pretest.dat index acdb265ed..d4141a30c 100644 --- a/testing/tests/ikev2/crl-from-cache/pretest.dat +++ b/testing/tests/ikev2/crl-from-cache/pretest.dat @@ -4,5 +4,5 @@ carol::wget -q http://crl.strongswan.org/strongswan.crl carol::mv strongswan.crl /etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/crl-ldap/pretest.dat b/testing/tests/ikev2/crl-ldap/pretest.dat index 8ffa9d3ed..4eed5e073 100644 --- a/testing/tests/ikev2/crl-ldap/pretest.dat +++ b/testing/tests/ikev2/crl-ldap/pretest.dat @@ -3,6 +3,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home -carol::sleep 3 diff --git a/testing/tests/ikev2/crl-revoked/pretest.dat b/testing/tests/ikev2/crl-revoked/pretest.dat index 8984dcbcf..3a1982f8a 100644 --- a/testing/tests/ikev2/crl-revoked/pretest.dat +++ b/testing/tests/ikev2/crl-revoked/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/crl-to-cache/pretest.dat b/testing/tests/ikev2/crl-to-cache/pretest.dat index d92333d86..3a1982f8a 100644 --- a/testing/tests/ikev2/crl-to-cache/pretest.dat +++ b/testing/tests/ikev2/crl-to-cache/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat index ef5f67097..9e291d291 100644 --- a/testing/tests/ikev2/default-keys/pretest.dat +++ b/testing/tests/ikev2/default-keys/pretest.dat @@ -10,10 +10,10 @@ moon::rm /etc/ipsec.d/private/* moon::rm /etc/ipsec.d/certs/* moon::rm /etc/ipsec.d/cacerts/* moon::ipsec start -moon::sleep 5 +moon::expect-connection carol moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der moon::ipsec reload carol::ipsec reload -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat index 5670a2e89..3b22f29f2 100644 --- a/testing/tests/ikev2/dhcp-dynamic/pretest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat @@ -6,7 +6,7 @@ venus::/etc/init.d/isc-dhcp-server start 2> /dev/null carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat index 5670a2e89..8eafe1a9e 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat @@ -6,7 +6,7 @@ venus::/etc/init.d/isc-dhcp-server start 2> /dev/null carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +carol::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat index 5670a2e89..3b22f29f2 100644 --- a/testing/tests/ikev2/dhcp-static-mac/pretest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat @@ -6,7 +6,7 @@ venus::/etc/init.d/isc-dhcp-server start 2> /dev/null carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/double-nat-net/pretest.dat b/testing/tests/ikev2/double-nat-net/pretest.dat index 17a4fe5eb..d300a276f 100644 --- a/testing/tests/ikev2/double-nat-net/pretest.dat +++ b/testing/tests/ikev2/double-nat-net/pretest.dat @@ -7,6 +7,5 @@ sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-des sun::ip route add 10.1.0.0/16 via PH_IP_BOB alice::ipsec start bob::ipsec start -alice::sleep 2 +alice::expect-connection nat-t alice::ipsec up nat-t -alice::sleep 1 diff --git a/testing/tests/ikev2/double-nat/pretest.dat b/testing/tests/ikev2/double-nat/pretest.dat index 65f18b756..6a861d29f 100644 --- a/testing/tests/ikev2/double-nat/pretest.dat +++ b/testing/tests/ikev2/double-nat/pretest.dat @@ -6,6 +6,5 @@ sun::iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/16 -p tcp -j SNAT --to-s sun::iptables -t nat -A PREROUTING -i eth0 -s PH_IP_MOON -p udp -j DNAT --to-destination PH_IP_BOB alice::ipsec start bob::ipsec start -alice::sleep 2 +alice::expect-connection nat-t alice::ipsec up nat-t -alice::sleep 1 diff --git a/testing/tests/ikev2/dpd-clear/description.txt b/testing/tests/ikev2/dpd-clear/description.txt index 7f62dc576..0fb2f1064 100644 --- a/testing/tests/ikev2/dpd-clear/description.txt +++ b/testing/tests/ikev2/dpd-clear/description.txt @@ -1,5 +1,5 @@ The roadwarrior carol sets up an IPsec tunnel connection to the gateway moon which in turn activates Dead Peer Detection (DPD) with a polling interval of 10 s. When the network connectivity between carol and moon is forcefully disrupted, -moon clears the connection after 4 unsuccessful retransmits. +moon clears the connection after a number of unsuccessful retransmits. diff --git a/testing/tests/ikev2/dpd-clear/evaltest.dat b/testing/tests/ikev2/dpd-clear/evaltest.dat index c1a271903..2071e8fc8 100644 --- a/testing/tests/ikev2/dpd-clear/evaltest.dat +++ b/testing/tests/ikev2/dpd-clear/evaltest.dat @@ -1,8 +1,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -moon:: sleep 180::no output expected::NO +moon:: sleep 13::no output expected::NO moon:: cat /var/log/daemon.log::sending DPD request::YES moon:: cat /var/log/daemon.log::retransmit.*of request::YES -moon:: cat /var/log/daemon.log::giving up after 5 retransmits::YES +moon:: cat /var/log/daemon.log::giving up after.*retransmits::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO diff --git a/testing/tests/ikev2/dpd-clear/pretest.dat b/testing/tests/ikev2/dpd-clear/pretest.dat index 14ed95322..3a1982f8a 100644 --- a/testing/tests/ikev2/dpd-clear/pretest.dat +++ b/testing/tests/ikev2/dpd-clear/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dpd-hold/evaltest.dat b/testing/tests/ikev2/dpd-hold/evaltest.dat index 4c035a6e9..9ce76f976 100644 --- a/testing/tests/ikev2/dpd-hold/evaltest.dat +++ b/testing/tests/ikev2/dpd-hold/evaltest.dat @@ -2,13 +2,13 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -carol::sleep 180::no output expected::NO +carol::sleep 13::no output expected::NO carol::cat /var/log/daemon.log::sending DPD request::YES carol::cat /var/log/daemon.log::retransmit.*of request::YES -carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES +carol::cat /var/log/daemon.log::giving up after.*retransmits::YES carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO -carol::ping -c 1 PH_IP_ALICE::trigger route::NO -carol::sleep 2::no output expected::NO +carol::ping -c 1 -W 1 PH_IP_ALICE::trigger route::NO +carol::sleep 1::no output expected::NO carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/dpd-hold/pretest.dat b/testing/tests/ikev2/dpd-hold/pretest.dat index 14ed95322..3a1982f8a 100644 --- a/testing/tests/ikev2/dpd-hold/pretest.dat +++ b/testing/tests/ikev2/dpd-hold/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dpd-restart/evaltest.dat b/testing/tests/ikev2/dpd-restart/evaltest.dat index 962bd0636..25c54df95 100644 --- a/testing/tests/ikev2/dpd-restart/evaltest.dat +++ b/testing/tests/ikev2/dpd-restart/evaltest.dat @@ -2,12 +2,12 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -carol::sleep 180::no output expected::NO +carol::sleep 13::no output expected::NO carol::cat /var/log/daemon.log::sending DPD request::YES carol::cat /var/log/daemon.log::retransmit.*of request::YES -carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES +carol::cat /var/log/daemon.log::giving up after.*retransmits::YES carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO -carol::sleep 10::no output expected::NO +carol::sleep 2::no output expected::NO carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/dpd-restart/pretest.dat b/testing/tests/ikev2/dpd-restart/pretest.dat index 14ed95322..3a1982f8a 100644 --- a/testing/tests/ikev2/dpd-restart/pretest.dat +++ b/testing/tests/ikev2/dpd-restart/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/dynamic-initiator/description.txt b/testing/tests/ikev2/dynamic-initiator/description.txt index e74ee1569..3e441b2fe 100644 --- a/testing/tests/ikev2/dynamic-initiator/description.txt +++ b/testing/tests/ikev2/dynamic-initiator/description.txt @@ -1,12 +1,12 @@ The peers carol and moon both have dynamic IP addresses, so that the remote end -is defined symbolically by right=<hostname>. The ipsec starter resolves the +is defined symbolically by right=<hostname>. The IKE daemon resolves the fully-qualified hostname into the current IP address via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are expected to change over time, the option -rightallowany=yes will allow an IKE_SA rekeying to arrive from an arbitrary +% prefix in the right option will allow an IKE_SA rekeying to arrive from an arbitrary IP address under the condition that the peer identity remains unchanged. When this happens the old tunnel is replaced by an IPsec connection to the new origin.

In this scenario carol first initiates a tunnel to moon. After some time carol suddenly changes her IP address and restarts the connection to moon without deleting the old tunnel first (simulated by iptables blocking IKE packets to and from -carol and starting the connection from host dave using carol's identity). +carol and starting the connection from host dave using carol's identity). diff --git a/testing/tests/ikev2/dynamic-initiator/posttest.dat b/testing/tests/ikev2/dynamic-initiator/posttest.dat index 83063a23f..715bb9482 100644 --- a/testing/tests/ikev2/dynamic-initiator/posttest.dat +++ b/testing/tests/ikev2/dynamic-initiator/posttest.dat @@ -1,6 +1,5 @@ dave::ipsec stop carol::ipsec stop -dave::sleep 1 moon::ipsec stop moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/dynamic-initiator/pretest.dat b/testing/tests/ikev2/dynamic-initiator/pretest.dat index 3e1cfce77..f354efe51 100644 --- a/testing/tests/ikev2/dynamic-initiator/pretest.dat +++ b/testing/tests/ikev2/dynamic-initiator/pretest.dat @@ -4,10 +4,9 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection moon carol::ipsec up moon -carol::sleep 1 carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT +dave::expect-connection moon dave::ipsec up moon -dave::sleep 2 diff --git a/testing/tests/ikev2/dynamic-two-peers/posttest.dat b/testing/tests/ikev2/dynamic-two-peers/posttest.dat index 7b2609846..119c8e45a 100644 --- a/testing/tests/ikev2/dynamic-two-peers/posttest.dat +++ b/testing/tests/ikev2/dynamic-two-peers/posttest.dat @@ -1,6 +1,5 @@ carol::ipsec stop dave::ipsec stop -moon::sleep 1 moon::ipsec stop moon::mv /etc/hosts.ori /etc/hosts moon::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/dynamic-two-peers/pretest.dat b/testing/tests/ikev2/dynamic-two-peers/pretest.dat index 4bb2a4686..ee0b156dd 100644 --- a/testing/tests/ikev2/dynamic-two-peers/pretest.dat +++ b/testing/tests/ikev2/dynamic-two-peers/pretest.dat @@ -6,7 +6,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection moon carol::ipsec up moon +dave::expect-connection moon dave::ipsec up moon -carol::sleep 1 diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat index 4fc25772b..de4acbbf0 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat +++ b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/esp-alg-md5-128/pretest.dat b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat index 886fdf55c..de4acbbf0 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/pretest.dat +++ b/testing/tests/ikev2/esp-alg-md5-128/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/esp-alg-null/pretest.dat b/testing/tests/ikev2/esp-alg-null/pretest.dat index 886fdf55c..de4acbbf0 100644 --- a/testing/tests/ikev2/esp-alg-null/pretest.dat +++ b/testing/tests/ikev2/esp-alg-null/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat index 886fdf55c..de4acbbf0 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat +++ b/testing/tests/ikev2/esp-alg-sha1-160/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/farp/pretest.dat b/testing/tests/ikev2/farp/pretest.dat index f0254da6c..1a982288d 100644 --- a/testing/tests/ikev2/farp/pretest.dat +++ b/testing/tests/ikev2/farp/pretest.dat @@ -6,7 +6,7 @@ alice::arp -d 10.1.0.40 carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/force-udp-encaps/pretest.dat b/testing/tests/ikev2/force-udp-encaps/pretest.dat index 7be66867a..87a7764cf 100644 --- a/testing/tests/ikev2/force-udp-encaps/pretest.dat +++ b/testing/tests/ikev2/force-udp-encaps/pretest.dat @@ -4,7 +4,5 @@ sun::ip route add 10.1.0.0/16 via PH_IP_MOON winnetou::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start -alice::sleep 4 +alice::expect-connection nat-t alice::ipsec up nat-t -alice::sleep 1 - diff --git a/testing/tests/ikev2/forecast/pretest.dat b/testing/tests/ikev2/forecast/pretest.dat index 206bf5b64..68a0c2cda 100644 --- a/testing/tests/ikev2/forecast/pretest.dat +++ b/testing/tests/ikev2/forecast/pretest.dat @@ -1,7 +1,7 @@ carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/host2host-ah/pretest.dat b/testing/tests/ikev2/host2host-ah/pretest.dat index 99789b90f..997a48167 100644 --- a/testing/tests/ikev2/host2host-ah/pretest.dat +++ b/testing/tests/ikev2/host2host-ah/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/host2host-cert/pretest.dat b/testing/tests/ikev2/host2host-cert/pretest.dat index 3bce9f6e5..997a48167 100644 --- a/testing/tests/ikev2/host2host-cert/pretest.dat +++ b/testing/tests/ikev2/host2host-cert/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/host2host-swapped/pretest.dat b/testing/tests/ikev2/host2host-swapped/pretest.dat index 3bce9f6e5..997a48167 100644 --- a/testing/tests/ikev2/host2host-swapped/pretest.dat +++ b/testing/tests/ikev2/host2host-swapped/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/host2host-transport/pretest.dat b/testing/tests/ikev2/host2host-transport/pretest.dat index 99789b90f..997a48167 100644 --- a/testing/tests/ikev2/host2host-transport/pretest.dat +++ b/testing/tests/ikev2/host2host-transport/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection host-host moon::ipsec up host-host diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat index 221c59318..76b45c280 100644 --- a/testing/tests/ikev2/inactivity-timeout/evaltest.dat +++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat @@ -1,8 +1,8 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES -carol::sleep 15::NO +carol::sleep 11::NO carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO carol::ipsec status 2> /dev/null::home.*INSTALLED::NO -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::NO +carol::ping -c 1 -W 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/inactivity-timeout/pretest.dat b/testing/tests/ikev2/inactivity-timeout/pretest.dat index b949aaeaf..ac7b8d978 100644 --- a/testing/tests/ikev2/inactivity-timeout/pretest.dat +++ b/testing/tests/ikev2/inactivity-timeout/pretest.dat @@ -1,6 +1,5 @@ carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf index a4542db77..6c22fd548 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -7,7 +7,7 @@ charon { libhydra { plugins { attr-sql { - database = sqlite:///etc/ipsec.d/ipsec.db + database = sqlite:///etc/db.d/ipsec.db } } } diff --git a/testing/tests/ikev2/ip-pool-db/posttest.dat b/testing/tests/ikev2/ip-pool-db/posttest.dat index c99f347e3..37436a3d9 100644 --- a/testing/tests/ikev2/ip-pool-db/posttest.dat +++ b/testing/tests/ikev2/ip-pool-db/posttest.dat @@ -7,4 +7,3 @@ dave::iptables-restore < /etc/iptables.flush moon::ipsec pool --del bigpool 2> /dev/null moon::ipsec pool --del dns 2> /dev/null moon::ipsec pool --del nbns 2> /dev/null -moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev2/ip-pool-db/pretest.dat b/testing/tests/ikev2/ip-pool-db/pretest.dat index 2327eb983..337ccb297 100644 --- a/testing/tests/ikev2/ip-pool-db/pretest.dat +++ b/testing/tests/ikev2/ip-pool-db/pretest.dat @@ -1,5 +1,5 @@ -moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql -moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/db.d/ipsec.sql +moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null moon::ipsec pool --addattr dns --server PH_IP_WINNETOU 2> /dev/null moon::ipsec pool --addattr dns --server PH_IP_VENUS 2> /dev/null @@ -7,10 +7,10 @@ moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/ip-pool-db/test.conf b/testing/tests/ikev2/ip-pool-db/test.conf index 164b07ff9..31820ea1a 100644 --- a/testing/tests/ikev2/ip-pool-db/test.conf +++ b/testing/tests/ikev2/ip-pool-db/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon alice" # Used for IPsec logging purposes # IPSECHOSTS="moon carol dave" + +# Guest instances on which databases are used +# +DBHOSTS="moon" diff --git a/testing/tests/ikev2/ip-pool-wish/pretest.dat b/testing/tests/ikev2/ip-pool-wish/pretest.dat index 1466fd2f2..2d09e88ce 100644 --- a/testing/tests/ikev2/ip-pool-wish/pretest.dat +++ b/testing/tests/ikev2/ip-pool-wish/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/ip-pool/pretest.dat b/testing/tests/ikev2/ip-pool/pretest.dat index 3864bdac3..2d09e88ce 100644 --- a/testing/tests/ikev2/ip-pool/pretest.dat +++ b/testing/tests/ikev2/ip-pool/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf index a4542db77..6c22fd548 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf @@ -7,7 +7,7 @@ charon { libhydra { plugins { attr-sql { - database = sqlite:///etc/ipsec.d/ipsec.db + database = sqlite:///etc/db.d/ipsec.db } } } diff --git a/testing/tests/ikev2/ip-split-pools-db/posttest.dat b/testing/tests/ikev2/ip-split-pools-db/posttest.dat index 9d88281ad..6066d464a 100644 --- a/testing/tests/ikev2/ip-split-pools-db/posttest.dat +++ b/testing/tests/ikev2/ip-split-pools-db/posttest.dat @@ -3,4 +3,3 @@ dave::ipsec stop moon::ipsec stop moon::ipsec pool --del pool0 2> /dev/null moon::ipsec pool --del pool1 2> /dev/null -moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev2/ip-split-pools-db/pretest.dat b/testing/tests/ikev2/ip-split-pools-db/pretest.dat index c5af81b38..f74576382 100644 --- a/testing/tests/ikev2/ip-split-pools-db/pretest.dat +++ b/testing/tests/ikev2/ip-split-pools-db/pretest.dat @@ -1,12 +1,12 @@ -moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql -moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/db.d/ipsec.sql +moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db moon::ipsec pool --add pool0 --start 10.3.0.1 --end 10.3.0.1 --timeout 48 2> /dev/null moon::ipsec pool --add pool1 --start 10.3.1.1 --end 10.3.1.1 --timeout 48 2> /dev/null moon::ipsec pool --status 2> /dev/null carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/ip-split-pools-db/test.conf b/testing/tests/ikev2/ip-split-pools-db/test.conf index 164b07ff9..31820ea1a 100644 --- a/testing/tests/ikev2/ip-split-pools-db/test.conf +++ b/testing/tests/ikev2/ip-split-pools-db/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon alice" # Used for IPsec logging purposes # IPSECHOSTS="moon carol dave" + +# Guest instances on which databases are used +# +DBHOSTS="moon" diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf index fe6cdde42..cf3b0d81b 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf @@ -7,7 +7,7 @@ charon { libhydra { plugins { attr-sql { - database = sqlite:///etc/ipsec.d/ipsec.db + database = sqlite:///etc/db.d/ipsec.db } } } diff --git a/testing/tests/ikev2/ip-two-pools-db/posttest.dat b/testing/tests/ikev2/ip-two-pools-db/posttest.dat index 150690e3c..dd4abebad 100644 --- a/testing/tests/ikev2/ip-two-pools-db/posttest.dat +++ b/testing/tests/ikev2/ip-two-pools-db/posttest.dat @@ -15,4 +15,3 @@ moon::ipsec pool --del intpool 2> /dev/null moon::ipsec pool --delattr dns --server PH_IP_VENUS --pool intpool --identity venus.strongswan.org 2> /dev/null moon::ipsec pool --delattr dns --server PH_IP_ALICE --pool intpool --identity alice@strongswan.org 2> /dev/null moon::ipsec pool --delattr dns --server PH_IP_WINNETOU --pool extpool 2> /dev/null -moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev2/ip-two-pools-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-db/pretest.dat index bb36a2630..2d8b28cd9 100644 --- a/testing/tests/ikev2/ip-two-pools-db/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-db/pretest.dat @@ -1,5 +1,5 @@ -moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql -moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/db.d/ipsec.sql +moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db moon::ipsec pool --add extpool --start 10.3.0.1 --end 10.3.1.244 --timeout 48 2> /dev/null moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout 0 2> /dev/null moon::ipsec pool --addattr dns --server PH_IP_VENUS --pool intpool --identity venus.strongswan.org 2> /dev/null @@ -13,14 +13,16 @@ venus::iptables-restore < /etc/iptables.rules moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules +moon::ipsec start alice::ipsec start venus::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home +alice::expect-connection home alice::ipsec up home +venus::expect-connection home venus::ipsec up home -alice::sleep 1 diff --git a/testing/tests/ikev2/ip-two-pools-db/test.conf b/testing/tests/ikev2/ip-two-pools-db/test.conf index c88e11d28..167c75d9d 100644 --- a/testing/tests/ikev2/ip-two-pools-db/test.conf +++ b/testing/tests/ikev2/ip-two-pools-db/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="alice venus carol dave" # Used for IPsec logging purposes # IPSECHOSTS="alice venus moon carol dave" + +# Guest instances on which databases are used +# +DBHOSTS="moon" diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf index fe6cdde42..cf3b0d81b 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf @@ -7,7 +7,7 @@ charon { libhydra { plugins { attr-sql { - database = sqlite:///etc/ipsec.d/ipsec.db + database = sqlite:///etc/db.d/ipsec.db } } } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/posttest.dat b/testing/tests/ikev2/ip-two-pools-mixed/posttest.dat index 57449be25..0c3cd2648 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/posttest.dat +++ b/testing/tests/ikev2/ip-two-pools-mixed/posttest.dat @@ -5,4 +5,3 @@ moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush alice::iptables-restore < /etc/iptables.flush moon::ipsec pool --del intpool 2> /dev/null -moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat index 8ebfdc740..5b3274131 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-mixed/pretest.dat @@ -1,13 +1,13 @@ -moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql -moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/db.d/ipsec.sql +moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout 0 2> /dev/null moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules alice::iptables-restore < /etc/iptables.rules -carol::ipsec start moon::ipsec start +carol::ipsec start alice::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +alice::expect-connection home alice::ipsec up home -alice::sleep 1 diff --git a/testing/tests/ikev2/ip-two-pools-mixed/test.conf b/testing/tests/ikev2/ip-two-pools-mixed/test.conf index 1ed3473ab..0c1b38d49 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/test.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="alice carol" # Used for IPsec logging purposes # IPSECHOSTS="alice moon carol" + +# Guest instances on which databases are used +# +DBHOSTS="moon" diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf index c7e9a44c1..5176e2a4d 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf @@ -7,7 +7,7 @@ charon { libhydra { plugins { attr-sql { - database = sqlite:///etc/ipsec.d/ipsec.db + database = sqlite:///etc/db.d/ipsec.db } } } diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/posttest.dat b/testing/tests/ikev2/ip-two-pools-v4v6-db/posttest.dat index 2e78893e3..e46195cd3 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/posttest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/posttest.dat @@ -1,4 +1,3 @@ alice::ip -6 route del default via fec1:\:1 carol::ipsec stop moon::ipsec stop -moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat index 466a5eaec..60af3bce9 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/pretest.dat @@ -1,9 +1,9 @@ -moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/ipsec.d/ipsec.sql -moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql > /etc/db.d/ipsec.sql +moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db moon::ipsec pool --add v4_pool --start 10.3.0.1 --end 10.3.1.244 --timeout 48 2> /dev/null moon::ipsec pool --add v6_pool --start fec3:\:1 --end fec3:\:fe --timeout 48 2> /dev/null alice::ip -6 route add default via fec1:\:1 moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ip-two-pools-v4v6-db/test.conf b/testing/tests/ikev2/ip-two-pools-v4v6-db/test.conf index cd03759f0..60819189c 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6-db/test.conf +++ b/testing/tests/ikev2/ip-two-pools-v4v6-db/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="carol" # Used for IPsec logging purposes # IPSECHOSTS="moon carol" + +# Guest instances on which databases are used +# +DBHOSTS="moon" diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat index 04139badf..7eb81b60c 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat @@ -1,5 +1,5 @@ alice::ip -6 route add default via fec1:\:1 moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ip-two-pools/posttest.dat b/testing/tests/ikev2/ip-two-pools/posttest.dat index 7de2bc9be..e4b043696 100644 --- a/testing/tests/ikev2/ip-two-pools/posttest.dat +++ b/testing/tests/ikev2/ip-two-pools/posttest.dat @@ -4,4 +4,3 @@ moon::ipsec stop moon::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush alice::iptables-restore < /etc/iptables.flush -moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev2/ip-two-pools/pretest.dat b/testing/tests/ikev2/ip-two-pools/pretest.dat index 4e8b639f4..56c1785cc 100644 --- a/testing/tests/ikev2/ip-two-pools/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools/pretest.dat @@ -4,7 +4,7 @@ alice::iptables-restore < /etc/iptables.rules carol::ipsec start moon::ipsec start alice::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +alice::expect-connection home alice::ipsec up home -alice::sleep 1 diff --git a/testing/tests/ikev2/lookip/pretest.dat b/testing/tests/ikev2/lookip/pretest.dat index 3864bdac3..2d09e88ce 100644 --- a/testing/tests/ikev2/lookip/pretest.dat +++ b/testing/tests/ikev2/lookip/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules index 6dd261f20..450e7cef6 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/iptables.rules @@ -5,11 +5,15 @@ -P OUTPUT DROP -P FORWARD DROP +# allow traffic on lo as ifup/ifdown call bind's rndc which accesses TCP 953 +-A OUTPUT -o lo -j ACCEPT +-A INPUT -i lo -j ACCEPT + # allow IPsec tunnel traffic -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT -# allow ESP +# allow ESP -A INPUT -i eth0 -p 50 -j ACCEPT -A INPUT -i eth1 -p 50 -j ACCEPT -A OUTPUT -o eth0 -p 50 -j ACCEPT diff --git a/testing/tests/ikev2/mobike-nat/pretest.dat b/testing/tests/ikev2/mobike-nat/pretest.dat index fde195daa..68df1b533 100644 --- a/testing/tests/ikev2/mobike-nat/pretest.dat +++ b/testing/tests/ikev2/mobike-nat/pretest.dat @@ -5,6 +5,5 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to- moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 alice::ipsec start sun::ipsec start -alice::sleep 2 +alice::expect-connection mobike alice::ipsec up mobike -alice::sleep 1 diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/iptables.rules b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/iptables.rules index a238c8d19..450e7cef6 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/iptables.rules +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/iptables.rules @@ -5,6 +5,10 @@ -P OUTPUT DROP -P FORWARD DROP +# allow traffic on lo as ifup/ifdown call bind's rndc which accesses TCP 953 +-A OUTPUT -o lo -j ACCEPT +-A INPUT -i lo -j ACCEPT + # allow IPsec tunnel traffic -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT diff --git a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat index 067c1a1ec..8197296ee 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat @@ -4,6 +4,5 @@ sun::iptables-restore < /etc/iptables.rules sun::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start -alice::sleep 2 +alice::expect-connection mobike alice::ipsec up mobike -alice::sleep 1 diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/iptables.rules b/testing/tests/ikev2/mobike/hosts/alice/etc/iptables.rules index a238c8d19..450e7cef6 100644 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/iptables.rules +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/iptables.rules @@ -5,6 +5,10 @@ -P OUTPUT DROP -P FORWARD DROP +# allow traffic on lo as ifup/ifdown call bind's rndc which accesses TCP 953 +-A OUTPUT -o lo -j ACCEPT +-A INPUT -i lo -j ACCEPT + # allow IPsec tunnel traffic -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT diff --git a/testing/tests/ikev2/mobike/pretest.dat b/testing/tests/ikev2/mobike/pretest.dat index 067c1a1ec..8197296ee 100644 --- a/testing/tests/ikev2/mobike/pretest.dat +++ b/testing/tests/ikev2/mobike/pretest.dat @@ -4,6 +4,5 @@ sun::iptables-restore < /etc/iptables.rules sun::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start -alice::sleep 2 +alice::expect-connection mobike alice::ipsec up mobike -alice::sleep 1 diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat index 8457ae0dd..eb20c7f0b 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat @@ -18,4 +18,4 @@ moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 22806012345600 moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave::ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat index eb69d2e45..07ffe10fa 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat @@ -8,7 +8,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat b/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat index 2eebc0f84..bee9bc792 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-init/pretest.dat @@ -1,6 +1,7 @@ carol::ipsec start dave::ipsec start moon::ipsec start -moon::sleep 2 +moon::expect-connection alice +moon::expect-connection venus moon::ipsec up alice moon::ipsec up venus diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat b/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat index 86dd31e83..be0051e0b 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/pretest.dat @@ -1,6 +1,7 @@ carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection alice carol::ipsec up alice +dave::expect-connection venus dave::ipsec up venus diff --git a/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat b/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat index 41319ae4d..d9ed52718 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-ldap/pretest.dat @@ -1,10 +1,13 @@ winnetou::/etc/init.d/slapd start moon::iptables-restore < /etc/iptables.rules +moon::ipsec start carol::ipsec start dave::ipsec start -moon::ipsec start -carol::sleep 2 +carol::expect-connection alice +carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus +dave::expect-connection alice +dave::expect-connection venus dave::ipsec up venus dave::ipsec up alice diff --git a/testing/tests/ikev2/multi-level-ca-loop/pretest.dat b/testing/tests/ikev2/multi-level-ca-loop/pretest.dat index bb538c160..3407743b3 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-loop/pretest.dat @@ -1,5 +1,5 @@ moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem carol::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection alice carol::ipsec up alice diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat index e209e60ff..8230de058 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-pathlen/pretest.dat @@ -1,4 +1,4 @@ carol::ipsec start moon::ipsec start -carol::sleep 2 -carol::ipsec up home +carol::expect-connection home +carol::ipsec up home diff --git a/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat b/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat index d92333d86..3a1982f8a 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-revoked/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/multi-level-ca-strict/pretest.dat b/testing/tests/ikev2/multi-level-ca-strict/pretest.dat index 755564cbc..2134d6bea 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca-strict/pretest.dat @@ -1,8 +1,11 @@ carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection alice +carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus +dave::expect-connection alice +dave::expect-connection venus dave::ipsec up venus dave::ipsec up alice diff --git a/testing/tests/ikev2/multi-level-ca/posttest.dat b/testing/tests/ikev2/multi-level-ca/posttest.dat index 1646d5ed2..0f3f1ff89 100644 --- a/testing/tests/ikev2/multi-level-ca/posttest.dat +++ b/testing/tests/ikev2/multi-level-ca/posttest.dat @@ -2,4 +2,3 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop moon::rm /etc/ipsec.d/cacerts/* - diff --git a/testing/tests/ikev2/multi-level-ca/pretest.dat b/testing/tests/ikev2/multi-level-ca/pretest.dat index 755564cbc..2134d6bea 100644 --- a/testing/tests/ikev2/multi-level-ca/pretest.dat +++ b/testing/tests/ikev2/multi-level-ca/pretest.dat @@ -1,8 +1,11 @@ carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection alice +carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus +dave::expect-connection alice +dave::expect-connection venus dave::ipsec up venus dave::ipsec up alice diff --git a/testing/tests/ikev2/nat-rw-mark/pretest.dat b/testing/tests/ikev2/nat-rw-mark/pretest.dat index 6cddfd4fe..9d68e3c6e 100644 --- a/testing/tests/ikev2/nat-rw-mark/pretest.dat +++ b/testing/tests/ikev2/nat-rw-mark/pretest.dat @@ -13,8 +13,7 @@ sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 20 sun::ipsec start alice::ipsec start venus::ipsec start -alice::sleep 2 +alice::expect-connection nat-t alice::ipsec up nat-t -venus::sleep 2 +venus::expect-connection nat-t venus::ipsec up nat-t -venus::sleep 2 diff --git a/testing/tests/ikev2/nat-rw-psk/pretest.dat b/testing/tests/ikev2/nat-rw-psk/pretest.dat index c5d091f32..e52bc9d9c 100644 --- a/testing/tests/ikev2/nat-rw-psk/pretest.dat +++ b/testing/tests/ikev2/nat-rw-psk/pretest.dat @@ -9,8 +9,7 @@ sun::rm /etc/ipsec.d/cacerts/* sun::ipsec start alice::ipsec start venus::ipsec start -alice::sleep 2 +alice::expect-connection nat-t alice::ipsec up nat-t -venus::sleep 2 +venus::expect-connection nat-t venus::ipsec up nat-t -venus::sleep 2 diff --git a/testing/tests/ikev2/nat-rw/pretest.dat b/testing/tests/ikev2/nat-rw/pretest.dat index 12676f7ac..e3d9fc858 100644 --- a/testing/tests/ikev2/nat-rw/pretest.dat +++ b/testing/tests/ikev2/nat-rw/pretest.dat @@ -6,8 +6,7 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to- alice::ipsec start venus::ipsec start sun::ipsec start -alice::sleep 2 +alice::expect-connection nat-t alice::ipsec up nat-t -venus::sleep 2 +venus::expect-connection nat-t venus::ipsec up nat-t -venus::sleep 2 diff --git a/testing/tests/ikev2/nat-virtual-ip/pretest.dat b/testing/tests/ikev2/nat-virtual-ip/pretest.dat index 8945d87b9..1732d6efa 100644 --- a/testing/tests/ikev2/nat-virtual-ip/pretest.dat +++ b/testing/tests/ikev2/nat-virtual-ip/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net -moon::sleep 1 diff --git a/testing/tests/ikev2/net2net-ah/pretest.dat b/testing/tests/ikev2/net2net-ah/pretest.dat index 81a98fa41..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-ah/pretest.dat +++ b/testing/tests/ikev2/net2net-ah/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-cert-sha2/pretest.dat b/testing/tests/ikev2/net2net-cert-sha2/pretest.dat index 81a98fa41..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-cert-sha2/pretest.dat +++ b/testing/tests/ikev2/net2net-cert-sha2/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-cert/pretest.dat b/testing/tests/ikev2/net2net-cert/pretest.dat index c724e5df8..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-cert/pretest.dat +++ b/testing/tests/ikev2/net2net-cert/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-dnscert/pretest.dat b/testing/tests/ikev2/net2net-dnscert/pretest.dat index 0f4ae0f4f..f2cbf6a0c 100644 --- a/testing/tests/ikev2/net2net-dnscert/pretest.dat +++ b/testing/tests/ikev2/net2net-dnscert/pretest.dat @@ -4,5 +4,5 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-dnssec/pretest.dat b/testing/tests/ikev2/net2net-dnssec/pretest.dat index 0f4ae0f4f..f2cbf6a0c 100644 --- a/testing/tests/ikev2/net2net-dnssec/pretest.dat +++ b/testing/tests/ikev2/net2net-dnssec/pretest.dat @@ -4,5 +4,5 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-esn/pretest.dat b/testing/tests/ikev2/net2net-esn/pretest.dat index c724e5df8..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-esn/pretest.dat +++ b/testing/tests/ikev2/net2net-esn/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat b/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat index c724e5df8..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-ntru-cert/pretest.dat b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat index c724e5df8..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/pretest.dat +++ b/testing/tests/ikev2/net2net-ntru-cert/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pgp-v3/pretest.dat b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat index 0f4ae0f4f..f2cbf6a0c 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/pretest.dat +++ b/testing/tests/ikev2/net2net-pgp-v3/pretest.dat @@ -4,5 +4,5 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pgp-v4/pretest.dat b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat index 0f4ae0f4f..f2cbf6a0c 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/pretest.dat +++ b/testing/tests/ikev2/net2net-pgp-v4/pretest.dat @@ -4,5 +4,5 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-pkcs12/pretest.dat b/testing/tests/ikev2/net2net-pkcs12/pretest.dat index 3492238f0..fd1ce379f 100644 --- a/testing/tests/ikev2/net2net-pkcs12/pretest.dat +++ b/testing/tests/ikev2/net2net-pkcs12/pretest.dat @@ -6,5 +6,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-psk-dscp/pretest.dat b/testing/tests/ikev2/net2net-psk-dscp/pretest.dat index 0495890dd..ef3eb9e06 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/pretest.dat +++ b/testing/tests/ikev2/net2net-psk-dscp/pretest.dat @@ -9,9 +9,10 @@ moon::iptables -t mangle -A PREROUTING -m dscp --dscp-class EF -j MARK --set-mar bob::iptables -t mangle -A OUTPUT -d PH_IP_ALICE -p icmp -j DSCP --set-dscp-class BE bob::iptables -t mangle -A OUTPUT -d PH_IP_VENUS -p icmp -j DSCP --set-dscp-class EF sun::iptables -t mangle -A PREROUTING -m dscp --dscp-class BE -j MARK --set-mark 10 -sun::iptables -t mangle -A PREROUTING -m dscp --dscp-class EF -j MARK --set-mark 20 +sun::iptables -t mangle -A PREROUTING -m dscp --dscp-class EF -j MARK --set-mark 20 moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection dscp-be +moon::expect-connection dscp-ef moon::ipsec up dscp-be moon::ipsec up dscp-ef diff --git a/testing/tests/ikev2/net2net-psk-fail/pretest.dat b/testing/tests/ikev2/net2net-psk-fail/pretest.dat index cb9282595..f2cbf6a0c 100644 --- a/testing/tests/ikev2/net2net-psk-fail/pretest.dat +++ b/testing/tests/ikev2/net2net-psk-fail/pretest.dat @@ -4,5 +4,5 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-psk/pretest.dat b/testing/tests/ikev2/net2net-psk/pretest.dat index cb9282595..f2cbf6a0c 100644 --- a/testing/tests/ikev2/net2net-psk/pretest.dat +++ b/testing/tests/ikev2/net2net-psk/pretest.dat @@ -4,5 +4,5 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-rfc3779/pretest.dat b/testing/tests/ikev2/net2net-rfc3779/pretest.dat index 9fe2860b9..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-rfc3779/pretest.dat +++ b/testing/tests/ikev2/net2net-rfc3779/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net -moon::sleep 1 diff --git a/testing/tests/ikev2/net2net-route/pretest.dat b/testing/tests/ikev2/net2net-route/pretest.dat index e4ee3fac2..a1c567079 100644 --- a/testing/tests/ikev2/net2net-route/pretest.dat +++ b/testing/tests/ikev2/net2net-route/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 2 -alice::ping -c 10 PH_IP_BOB +moon::expect-connection net-net +alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB diff --git a/testing/tests/ikev2/net2net-rsa/pretest.dat b/testing/tests/ikev2/net2net-rsa/pretest.dat index 0f4ae0f4f..f2cbf6a0c 100644 --- a/testing/tests/ikev2/net2net-rsa/pretest.dat +++ b/testing/tests/ikev2/net2net-rsa/pretest.dat @@ -4,5 +4,5 @@ moon::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* moon::ipsec start sun::ipsec start -moon::sleep 2 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-same-nets/pretest.dat b/testing/tests/ikev2/net2net-same-nets/pretest.dat index c724e5df8..1732d6efa 100644 --- a/testing/tests/ikev2/net2net-same-nets/pretest.dat +++ b/testing/tests/ikev2/net2net-same-nets/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules moon::ipsec start sun::ipsec start -moon::sleep 1 +moon::expect-connection net-net moon::ipsec up net-net diff --git a/testing/tests/ikev2/net2net-start/pretest.dat b/testing/tests/ikev2/net2net-start/pretest.dat index 9d23c553e..b3f371041 100644 --- a/testing/tests/ikev2/net2net-start/pretest.dat +++ b/testing/tests/ikev2/net2net-start/pretest.dat @@ -1,6 +1,5 @@ moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules sun::ipsec start -sun::sleep 2 moon::ipsec start -moon::sleep 3 +moon::sleep 1 diff --git a/testing/tests/ikev2/ocsp-local-cert/pretest.dat b/testing/tests/ikev2/ocsp-local-cert/pretest.dat index d92333d86..3a1982f8a 100644 --- a/testing/tests/ikev2/ocsp-local-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-local-cert/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-multi-level/pretest.dat b/testing/tests/ikev2/ocsp-multi-level/pretest.dat index 86dd31e83..be0051e0b 100644 --- a/testing/tests/ikev2/ocsp-multi-level/pretest.dat +++ b/testing/tests/ikev2/ocsp-multi-level/pretest.dat @@ -1,6 +1,7 @@ carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection alice carol::ipsec up alice +dave::expect-connection venus dave::ipsec up venus diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat index afb64c3ed..6296b4e06 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat @@ -1,5 +1,5 @@ -moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP +moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-revoked/pretest.dat b/testing/tests/ikev2/ocsp-revoked/pretest.dat index d92333d86..3a1982f8a 100644 --- a/testing/tests/ikev2/ocsp-revoked/pretest.dat +++ b/testing/tests/ikev2/ocsp-revoked/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-root-cert/pretest.dat b/testing/tests/ikev2/ocsp-root-cert/pretest.dat index d92333d86..3a1982f8a 100644 --- a/testing/tests/ikev2/ocsp-root-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-root-cert/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-signer-cert/pretest.dat index d92333d86..3a1982f8a 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-signer-cert/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat index c31e05ef5..934df4e5b 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat +++ b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat @@ -1,5 +1,5 @@ moon:: cat /var/log/daemon.log::authentication of.*carol.*successful::YES -moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::libcurl request failed::YES moon:: cat /var/log/daemon.log::certificate status is not available::YES moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat index 86dd31e83..be0051e0b 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat +++ b/testing/tests/ikev2/ocsp-strict-ifuri/pretest.dat @@ -1,6 +1,7 @@ carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection alice carol::ipsec up alice +dave::expect-connection venus dave::ipsec up venus diff --git a/testing/tests/ikev2/ocsp-timeouts-good/description.txt b/testing/tests/ikev2/ocsp-timeouts-good/description.txt index 9ee5db95b..ad7de9ecc 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/description.txt +++ b/testing/tests/ikev2/ocsp-timeouts-good/description.txt @@ -6,5 +6,5 @@ OCSP server is listening. Thanks to timeouts the connection can nevertheless be established successfully by contacting a valid OCSP URI contained in carol's certificate.

-As an additional test the OCSP response is delayed by 5 seconds in order to check +As an additional test the OCSP response is delayed by a few seconds in order to check the correct handling of retransmitted IKE_AUTH messages. diff --git a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat index f50d5e88c..d4e41dbb8 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat @@ -1,9 +1,9 @@ -moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::libcurl request failed::YES moon:: cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES moon:: cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES moon:: cat /var/log/daemon.log::ocsp response is valid::YES moon:: cat /var/log/daemon.log::certificate status is good::YES -carol::cat /var/log/daemon.log::libcurl http request failed::YES +carol::cat /var/log/daemon.log::libcurl request failed::YES carol::cat /var/log/daemon.log::ocsp request to.*bob.strongswan.org:8800.*failed::YES carol::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi index aa70321d5..46a716f83 100755 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi @@ -6,7 +6,7 @@ echo "Content-type: application/ocsp-response" echo "" # simulate a delayed response -sleep 5 +sleep 2 cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ -rkey ocspKey.pem -rsigner ocspCert.pem \ diff --git a/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat index d92333d86..3a1982f8a 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-good/pretest.dat @@ -1,4 +1,4 @@ moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat index 7c0a9a5a4..cb7997f72 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat @@ -1,4 +1,4 @@ -moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::libcurl request failed::YES moon:: cat /var/log/daemon.log::certificate status is not available::YES moon:: cat /var/log/daemon.log::constraint check failed::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED::YES diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat index 7d9d600ff..a43ba3550 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat @@ -1,6 +1,6 @@ -moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP -carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP +moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset +carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat index afb64c3ed..6296b4e06 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat +++ b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat @@ -1,5 +1,5 @@ -moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP +moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/protoport-dual/pretest.dat b/testing/tests/ikev2/protoport-dual/pretest.dat index efb2e5712..4759fdb7b 100644 --- a/testing/tests/ikev2/protoport-dual/pretest.dat +++ b/testing/tests/ikev2/protoport-dual/pretest.dat @@ -2,6 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 2 +carol::expect-connection home-icmp +carol::expect-connection home-ssh carol::ipsec up home-icmp carol::ipsec up home-ssh diff --git a/testing/tests/ikev2/protoport-route/pretest.dat b/testing/tests/ikev2/protoport-route/pretest.dat index 5a15574d6..433d0cf98 100644 --- a/testing/tests/ikev2/protoport-route/pretest.dat +++ b/testing/tests/ikev2/protoport-route/pretest.dat @@ -2,7 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home-icmp +carol::expect-connection home-ssh carol::ssh PH_IP_ALICE hostname -carol::ping -c 1 PH_IP_ALICE > /dev/null -carol::sleep 2 +carol::ping -W 1 -c 1 PH_IP_ALICE > /dev/null diff --git a/testing/tests/ikev2/reauth-early/pretest.dat b/testing/tests/ikev2/reauth-early/pretest.dat index 153ea7c43..d3ce70e80 100644 --- a/testing/tests/ikev2/reauth-early/pretest.dat +++ b/testing/tests/ikev2/reauth-early/pretest.dat @@ -2,6 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home carol::sleep 30 diff --git a/testing/tests/ikev2/reauth-late/pretest.dat b/testing/tests/ikev2/reauth-late/pretest.dat index 153ea7c43..d3ce70e80 100644 --- a/testing/tests/ikev2/reauth-late/pretest.dat +++ b/testing/tests/ikev2/reauth-late/pretest.dat @@ -2,6 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home carol::sleep 30 diff --git a/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat b/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat index baacc1605..de4acbbf0 100644 --- a/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat +++ b/testing/tests/ikev2/reauth-mbb-virtual-ip/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/reauth-mbb/pretest.dat b/testing/tests/ikev2/reauth-mbb/pretest.dat index baacc1605..de4acbbf0 100644 --- a/testing/tests/ikev2/reauth-mbb/pretest.dat +++ b/testing/tests/ikev2/reauth-mbb/pretest.dat @@ -2,5 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index d1eb77041..646bcee1a 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index d1eb77041..646bcee1a 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index d1eb77041..646bcee1a 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = test-vectors aes des sha1 sha2 sha3 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown integrity_test = yes crypto_test { diff --git a/testing/tests/ikev2/rw-cert/pretest.dat b/testing/tests/ikev2/rw-cert/pretest.dat index c582e030d..e87a8ee47 100644 --- a/testing/tests/ikev2/rw-cert/pretest.dat +++ b/testing/tests/ikev2/rw-cert/pretest.dat @@ -4,6 +4,8 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 3 +moon::expect-connection rw +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-dnssec/pretest.dat b/testing/tests/ikev2/rw-dnssec/pretest.dat index 40eaede87..e827687f8 100644 --- a/testing/tests/ikev2/rw-dnssec/pretest.dat +++ b/testing/tests/ikev2/rw-dnssec/pretest.dat @@ -7,7 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat index 388339fb8..de4acbbf0 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat index 388339fb8..de4acbbf0 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-aka-rsa/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-dynamic/pretest.dat b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat index 17f1b5f2b..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/pretest.dat +++ b/testing/tests/ikev2/rw-eap-dynamic/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat b/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat index 698a719f7..98bf0b15a 100644 --- a/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-framed-ip-radius/pretest.dat @@ -5,7 +5,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 -carol::ipsec up home -dave::ipsec up home -dave::sleep 1 +carol::expect-connection home +carol::ipsec up home +dave::expect-connection home +dave::ipsec up home diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat index a2704e833..8893e0169 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat @@ -5,9 +5,11 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection alice +carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus +dave::expect-connection alice +dave::expect-connection venus dave::ipsec up alice dave::ipsec up venus -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat index 180537f5f..d44910db8 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/pretest.dat @@ -2,7 +2,6 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec stroke user-creds home carol "Ar3etTnp" carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat index 9adc43d3e..c65fbda83 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat @@ -3,6 +3,5 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat index 9adc43d3e..c65fbda83 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat @@ -3,6 +3,5 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat index 388339fb8..de4acbbf0 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat index 388339fb8..de4acbbf0 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat b/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat index 17f1b5f2b..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat +++ b/testing/tests/ikev2/rw-eap-peap-md5/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat index 17f1b5f2b..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat index 3e7fc0bb1..98bf0b15a 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat @@ -5,7 +5,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat index f8a9cc852..fa1164713 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat @@ -5,6 +5,5 @@ carol::cat /etc/ipsec.d/triplets.dat alice::radiusd moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat index f434ddfc6..4f8f7285b 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat @@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongsw moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat index 0e9e46bfd..a204f88a1 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat @@ -11,7 +11,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat index a514f48b7..01aed2492 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat @@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongsw moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat index 57c9f11a8..fdb50fcfb 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat @@ -11,7 +11,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat index ae464b51c..3e05e4ed7 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat @@ -4,6 +4,5 @@ moon::cat /etc/ipsec.d/triplets.dat carol::cat /etc/ipsec.d/triplets.dat moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat index 3d680ab78..7ed202116 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat +++ b/testing/tests/ikev2/rw-eap-tls-fragments/pretest.dat @@ -4,6 +4,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tls-only/pretest.dat b/testing/tests/ikev2/rw-eap-tls-only/pretest.dat index 388339fb8..de4acbbf0 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/pretest.dat +++ b/testing/tests/ikev2/rw-eap-tls-only/pretest.dat @@ -2,6 +2,5 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat index 9adc43d3e..c65fbda83 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat @@ -3,6 +3,5 @@ carol::iptables-restore < /etc/iptables.rules alice::radiusd moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat index 589d478e7..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 2 diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat index 17f1b5f2b..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat index 3e7fc0bb1..98bf0b15a 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat @@ -5,7 +5,7 @@ alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-hash-and-url/pretest.dat b/testing/tests/ikev2/rw-hash-and-url/pretest.dat index 8bbea1412..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-hash-and-url/pretest.dat +++ b/testing/tests/ikev2/rw-hash-and-url/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf index 2b80853c6..094e0effa 100644 --- a/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf @@ -2,8 +2,4 @@ charon { load = test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown - - retransmit_timeout = 2 - retransmit_base = 1.5 - retransmit_tries = 3 } diff --git a/testing/tests/ikev2/rw-initiator-only/pretest.dat b/testing/tests/ikev2/rw-initiator-only/pretest.dat index fc7173430..4660c29d6 100644 --- a/testing/tests/ikev2/rw-initiator-only/pretest.dat +++ b/testing/tests/ikev2/rw-initiator-only/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection peer dave::ipsec up peer +carol::expect-connection home carol::ipsec up home diff --git a/testing/tests/ikev2/rw-mark-in-out/pretest.dat b/testing/tests/ikev2/rw-mark-in-out/pretest.dat index 8e9dd2f51..728831472 100644 --- a/testing/tests/ikev2/rw-mark-in-out/pretest.dat +++ b/testing/tests/ikev2/rw-mark-in-out/pretest.dat @@ -1,8 +1,8 @@ alice::iptables-restore < /etc/iptables.rules venus::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON -sun::ip route add 10.1.0.0/16 via PH_IP_MOON +moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON +sun::ip route add 10.1.0.0/16 via PH_IP_MOON sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to PH_IP_CAROL10 sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to PH_IP_DAVE10 sun::iptables -t mangle -A PREROUTING -d PH_IP_CAROL10 -j MARK --set-mark 11 @@ -10,8 +10,7 @@ sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 21 alice::ipsec start venus::ipsec start sun::ipsec start -alice::sleep 2 -alice::ipsec up home -venus::sleep 2 +alice::expect-connection home +alice::ipsec up home +venus::expect-connection home venus::ipsec up home -venus::sleep 2 diff --git a/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat index 5a88b6641..72f3a0e69 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat +++ b/testing/tests/ikev2/rw-ntru-bliss/evaltest.dat @@ -1,15 +1,15 @@ -carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA512 successful::YES +carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA512 successful::YES +dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with BLISS_WITH_SHA2_512 successful::YES dave:: ipsec statusall 2> /dev/null::home.*IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES -moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS_WITH_SHA256 successful::YES -moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS_WITH_SHA384 successful::YES +moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with BLISS_WITH_SHA2_256 successful::YES +moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with BLISS_WITH_SHA2_384 successful::YES moon:: ipsec statusall 2> /dev/null::rw\[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/NTRU_128::YES moon:: ipsec statusall 2> /dev/null::rw\[2]: IKE proposal: AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/NTRU_192::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf index f13e47a71..647a47f2f 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf @@ -1,6 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup + strictcrlpolicy=yes conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf index ab824c993..c47ca8027 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf index 5f605a43d..e7786040c 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf @@ -1,6 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup + strictcrlpolicy=yes conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf index ab824c993..c47ca8027 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf index 2a9b33aae..e5c2bf8b6 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf @@ -1,6 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup + strictcrlpolicy=yes conn %default ikelifetime=60m diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf index ab824c993..c47ca8027 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown + load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown send_vendor_id = yes fragment_size = 1500 } diff --git a/testing/tests/ikev2/rw-ntru-bliss/pretest.dat b/testing/tests/ikev2/rw-ntru-bliss/pretest.dat index 24249435e..c0f963d4c 100644 --- a/testing/tests/ikev2/rw-ntru-bliss/pretest.dat +++ b/testing/tests/ikev2/rw-ntru-bliss/pretest.dat @@ -7,7 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/strongswanCert.pem carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-ntru-psk/pretest.dat b/testing/tests/ikev2/rw-ntru-psk/pretest.dat index 40eaede87..e827687f8 100644 --- a/testing/tests/ikev2/rw-ntru-psk/pretest.dat +++ b/testing/tests/ikev2/rw-ntru-psk/pretest.dat @@ -7,7 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-pkcs8/pretest.dat b/testing/tests/ikev2/rw-pkcs8/pretest.dat index 8bbea1412..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-pkcs8/pretest.dat +++ b/testing/tests/ikev2/rw-pkcs8/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat index 64ce593fb..ab5e18da2 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/pretest.dat +++ b/testing/tests/ikev2/rw-psk-fqdn/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-psk-ipv4/pretest.dat b/testing/tests/ikev2/rw-psk-ipv4/pretest.dat index 64ce593fb..ab5e18da2 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/pretest.dat +++ b/testing/tests/ikev2/rw-psk-ipv4/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-psk-no-idr/pretest.dat b/testing/tests/ikev2/rw-psk-no-idr/pretest.dat index 64ce593fb..ab5e18da2 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/pretest.dat +++ b/testing/tests/ikev2/rw-psk-no-idr/pretest.dat @@ -7,6 +7,7 @@ dave::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat index 446f81426..08b891aa5 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat @@ -5,6 +5,7 @@ carol::rm /etc/ipsec.d/cacerts/* moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat b/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat index 8bbea1412..a55cf37b2 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/rw-radius-accounting/pretest.dat b/testing/tests/ikev2/rw-radius-accounting/pretest.dat index 9f437fe85..d26229602 100644 --- a/testing/tests/ikev2/rw-radius-accounting/pretest.dat +++ b/testing/tests/ikev2/rw-radius-accounting/pretest.dat @@ -4,6 +4,5 @@ alice::rm /var/log/freeradius/radacct/PH_IP_MOON1/* alice::radiusd moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/rw-sig-auth/pretest.dat b/testing/tests/ikev2/rw-sig-auth/pretest.dat index bec31cc68..9c26ea122 100644 --- a/testing/tests/ikev2/rw-sig-auth/pretest.dat +++ b/testing/tests/ikev2/rw-sig-auth/pretest.dat @@ -4,9 +4,11 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection alice +carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus +dave::expect-connection alice +dave::expect-connection venus dave::ipsec up alice dave::ipsec up venus -dave::sleep 1 diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat index 3522c3d79..a9917bcf1 100644 --- a/testing/tests/ikev2/rw-whitelist/evaltest.dat +++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat @@ -6,7 +6,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/strong-keys-certs/pretest.dat b/testing/tests/ikev2/strong-keys-certs/pretest.dat index dea5fc162..a55cf37b2 100644 --- a/testing/tests/ikev2/strong-keys-certs/pretest.dat +++ b/testing/tests/ikev2/strong-keys-certs/pretest.dat @@ -4,7 +4,7 @@ dave::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home -carol::sleep 1 diff --git a/testing/tests/ikev2/trap-any/evaltest.dat b/testing/tests/ikev2/trap-any/evaltest.dat index bcba9ef08..b62e890c0 100644 --- a/testing/tests/ikev2/trap-any/evaltest.dat +++ b/testing/tests/ikev2/trap-any/evaltest.dat @@ -1,8 +1,8 @@ -moon::ping -c 2 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES -moon::ping -c 2 -W 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES -sun::ping -c 2 -W 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES -dave::ping -c 2 -W 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=2::YES -dave::ping -c 2 -W 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES +moon::ping -c 2 -W 1 -i 0.2 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES +moon::ping -c 2 -W 1 -i 0.2 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES +sun::ping -c 2 -W 1 -i 0.2 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=2::YES +dave::ping -c 2 -W 1 -i 0.2 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=2::YES +dave::ping -c 2 -W 1 -i 0.2 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=2::YES dave::ping -c 1 PH_IP_CAROL::64 bytes from PH_IP_CAROL: icmp_req=1::YES moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_SUN::YES moon::ipsec status 2> /dev/null::trap-any.*ESTABLISHED.*PH_IP_MOON.*PH_IP_CAROL::YES diff --git a/testing/tests/ikev2/two-certs/pretest.dat b/testing/tests/ikev2/two-certs/pretest.dat index fe2aaec19..5936eda68 100644 --- a/testing/tests/ikev2/two-certs/pretest.dat +++ b/testing/tests/ikev2/two-certs/pretest.dat @@ -2,7 +2,7 @@ moon::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::expect-connection alice +carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus -carol::sleep 1 diff --git a/testing/tests/ikev2/virtual-ip-override/pretest.dat b/testing/tests/ikev2/virtual-ip-override/pretest.dat index 1765a83cd..2d09e88ce 100644 --- a/testing/tests/ikev2/virtual-ip-override/pretest.dat +++ b/testing/tests/ikev2/virtual-ip-override/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/virtual-ip/pretest.dat b/testing/tests/ikev2/virtual-ip/pretest.dat index 1765a83cd..2d09e88ce 100644 --- a/testing/tests/ikev2/virtual-ip/pretest.dat +++ b/testing/tests/ikev2/virtual-ip/pretest.dat @@ -4,6 +4,7 @@ dave::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 1 +carol::expect-connection home carol::ipsec up home +dave::expect-connection home dave::ipsec up home diff --git a/testing/tests/ikev2/wildcards/pretest.dat b/testing/tests/ikev2/wildcards/pretest.dat index 3c4832e5e..2134d6bea 100644 --- a/testing/tests/ikev2/wildcards/pretest.dat +++ b/testing/tests/ikev2/wildcards/pretest.dat @@ -1,8 +1,11 @@ carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 1 +carol::expect-connection alice +carol::expect-connection venus carol::ipsec up alice carol::ipsec up venus +dave::expect-connection alice +dave::expect-connection venus dave::ipsec up venus dave::ipsec up alice -- cgit v1.2.3