From db67c87db3c9089ea8d2e14f617bf3d9e2af261f Mon Sep 17 00:00:00 2001
From: Rene Mayrhofer <rene@mayrhofer.eu.org>
Date: Wed, 9 Jul 2008 21:02:41 +0000
Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.2.4)

---
 testing/tests/ikev2/alg-aes-xcbc/description.txt   |  4 ++++
 testing/tests/ikev2/alg-aes-xcbc/evaltest.dat      |  9 +++++++
 .../ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf  | 25 +++++++++++++++++++
 .../alg-aes-xcbc/hosts/carol/etc/strongswan.conf   |  5 ++++
 .../ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf   | 24 +++++++++++++++++++
 .../alg-aes-xcbc/hosts/moon/etc/strongswan.conf    |  5 ++++
 testing/tests/ikev2/alg-aes-xcbc/posttest.dat      |  4 ++++
 testing/tests/ikev2/alg-aes-xcbc/pretest.dat       |  6 +++++
 testing/tests/ikev2/alg-aes-xcbc/test.conf         | 21 ++++++++++++++++
 testing/tests/ikev2/compress/description.txt       |  3 +++
 testing/tests/ikev2/compress/evaltest.dat          | 10 ++++++++
 .../ikev2/compress/hosts/carol/etc/ipsec.conf      | 23 ++++++++++++++++++
 .../ikev2/compress/hosts/carol/etc/strongswan.conf |  5 ++++
 .../tests/ikev2/compress/hosts/moon/etc/ipsec.conf | 23 ++++++++++++++++++
 .../ikev2/compress/hosts/moon/etc/strongswan.conf  |  5 ++++
 testing/tests/ikev2/compress/posttest.dat          |  2 ++
 testing/tests/ikev2/compress/pretest.dat           |  5 ++++
 testing/tests/ikev2/compress/test.conf             | 22 +++++++++++++++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/ipsec.conf                      |  1 -
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../config-payload/hosts/carol/etc/strongswan.conf |  5 ++++
 .../config-payload/hosts/dave/etc/strongswan.conf  |  5 ++++
 .../ikev2/config-payload/hosts/moon/etc/ipsec.conf |  1 -
 .../config-payload/hosts/moon/etc/strongswan.conf  |  5 ++++
 testing/tests/ikev2/crl-from-cache/evaltest.dat    | 14 ++++++-----
 .../crl-from-cache/hosts/carol/etc/strongswan.conf |  5 ++++
 .../crl-from-cache/hosts/moon/etc/strongswan.conf  |  5 ++++
 testing/tests/ikev2/crl-ldap/evaltest.dat          | 16 ++++++-------
 .../ikev2/crl-ldap/hosts/carol/etc/strongswan.conf |  5 ++++
 .../ikev2/crl-ldap/hosts/moon/etc/strongswan.conf  |  5 ++++
 testing/tests/ikev2/crl-revoked/evaltest.dat       |  5 ++--
 .../crl-revoked/hosts/carol/etc/strongswan.conf    |  5 ++++
 .../crl-revoked/hosts/moon/etc/strongswan.conf     |  5 ++++
 testing/tests/ikev2/crl-to-cache/evaltest.dat      |  4 ++--
 .../crl-to-cache/hosts/carol/etc/strongswan.conf   |  5 ++++
 .../crl-to-cache/hosts/moon/etc/strongswan.conf    |  5 ++++
 .../default-keys/hosts/carol/etc/strongswan.conf   |  5 ++++
 .../default-keys/hosts/moon/etc/strongswan.conf    |  5 ++++
 testing/tests/ikev2/default-keys/pretest.dat       |  2 +-
 .../double-nat-net/hosts/alice/etc/strongswan.conf |  5 ++++
 .../double-nat-net/hosts/bob/etc/strongswan.conf   |  5 ++++
 .../double-nat/hosts/alice/etc/strongswan.conf     |  5 ++++
 .../ikev2/double-nat/hosts/bob/etc/strongswan.conf |  5 ++++
 .../dpd-clear/hosts/carol/etc/strongswan.conf      |  5 ++++
 .../ikev2/dpd-clear/hosts/moon/etc/strongswan.conf |  5 ++++
 .../ikev2/dpd-hold/hosts/carol/etc/strongswan.conf |  5 ++++
 .../ikev2/dpd-hold/hosts/moon/etc/strongswan.conf  |  5 ++++
 .../dpd-restart/hosts/carol/etc/strongswan.conf    |  5 ++++
 .../dpd-restart/hosts/moon/etc/strongswan.conf     |  5 ++++
 .../tests/ikev2/esp-alg-aes-ccm/description.txt    |  4 ++++
 testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat   |  5 ++++
 .../esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf     | 25 +++++++++++++++++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf      | 24 +++++++++++++++++++
 .../esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf |  5 ++++
 testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat   |  4 ++++
 testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat    |  6 +++++
 testing/tests/ikev2/esp-alg-aes-ccm/test.conf      | 21 ++++++++++++++++
 .../tests/ikev2/esp-alg-aes-gcm/description.txt    |  4 ++++
 testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat   |  5 ++++
 .../esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf     | 25 +++++++++++++++++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf      | 24 +++++++++++++++++++
 .../esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf |  5 ++++
 testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat   |  4 ++++
 testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat    |  6 +++++
 testing/tests/ikev2/esp-alg-aes-gcm/test.conf      | 21 ++++++++++++++++
 .../tests/ikev2/esp-alg-aesxcbc/description.txt    |  4 ----
 testing/tests/ikev2/esp-alg-aesxcbc/evaltest.dat   |  5 ----
 .../esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf     | 25 -------------------
 .../esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf      | 24 -------------------
 testing/tests/ikev2/esp-alg-aesxcbc/posttest.dat   |  4 ----
 testing/tests/ikev2/esp-alg-aesxcbc/pretest.dat    |  6 -----
 testing/tests/ikev2/esp-alg-aesxcbc/test.conf      | 21 ----------------
 .../hosts/alice/etc/strongswan.conf                |  5 ++++
 .../force-udp-encaps/hosts/sun/etc/strongswan.conf |  5 ++++
 .../host2host-cert/hosts/moon/etc/strongswan.conf  |  5 ++++
 .../host2host-cert/hosts/sun/etc/strongswan.conf   |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../hosts/sun/etc/strongswan.conf                  |  5 ++++
 .../tests/ikev2/host2host-transport/evaltest.dat   |  2 +-
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../hosts/sun/etc/strongswan.conf                  |  5 ++++
 testing/tests/ikev2/ip-pool-db/description.txt     | 10 ++++++++
 testing/tests/ikev2/ip-pool-db/evaltest.dat        | 26 ++++++++++++++++++++
 .../ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf    | 24 +++++++++++++++++++
 .../ip-pool-db/hosts/carol/etc/strongswan.conf     |  5 ++++
 .../ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf     | 24 +++++++++++++++++++
 .../ip-pool-db/hosts/dave/etc/strongswan.conf      |  5 ++++
 .../ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf     | 23 ++++++++++++++++++
 .../ip-pool-db/hosts/moon/etc/strongswan.conf      | 10 ++++++++
 testing/tests/ikev2/ip-pool-db/posttest.dat        |  8 +++++++
 testing/tests/ikev2/ip-pool-db/pretest.dat         | 13 ++++++++++
 testing/tests/ikev2/ip-pool-db/test.conf           | 21 ++++++++++++++++
 testing/tests/ikev2/ip-pool-wish/description.txt   | 11 +++++++++
 testing/tests/ikev2/ip-pool-wish/evaltest.dat      | 23 ++++++++++++++++++
 .../ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf  | 24 +++++++++++++++++++
 .../ip-pool-wish/hosts/carol/etc/strongswan.conf   |  5 ++++
 .../ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf   | 24 +++++++++++++++++++
 .../ip-pool-wish/hosts/dave/etc/strongswan.conf    |  5 ++++
 .../ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf   | 23 ++++++++++++++++++
 .../ip-pool-wish/hosts/moon/etc/strongswan.conf    |  5 ++++
 testing/tests/ikev2/ip-pool-wish/posttest.dat      |  6 +++++
 testing/tests/ikev2/ip-pool-wish/pretest.dat       | 10 ++++++++
 testing/tests/ikev2/ip-pool-wish/test.conf         | 21 ++++++++++++++++
 testing/tests/ikev2/ip-pool/description.txt        | 10 ++++++++
 testing/tests/ikev2/ip-pool/evaltest.dat           | 23 ++++++++++++++++++
 .../tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf | 24 +++++++++++++++++++
 .../ikev2/ip-pool/hosts/carol/etc/strongswan.conf  |  5 ++++
 .../tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf  | 24 +++++++++++++++++++
 .../ikev2/ip-pool/hosts/dave/etc/strongswan.conf   |  5 ++++
 .../tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf  | 23 ++++++++++++++++++
 .../ikev2/ip-pool/hosts/moon/etc/strongswan.conf   |  5 ++++
 testing/tests/ikev2/ip-pool/posttest.dat           |  6 +++++
 testing/tests/ikev2/ip-pool/pretest.dat            | 10 ++++++++
 testing/tests/ikev2/ip-pool/test.conf              | 21 ++++++++++++++++
 testing/tests/ikev2/mobike-nat/evaltest.dat        |  6 +++--
 .../ikev2/mobike-nat/hosts/alice/etc/ipsec.conf    |  2 +-
 .../mobike-nat/hosts/alice/etc/strongswan.conf     |  5 ++++
 .../ikev2/mobike-nat/hosts/sun/etc/ipsec.conf      |  2 +-
 .../ikev2/mobike-nat/hosts/sun/etc/strongswan.conf |  5 ++++
 testing/tests/ikev2/mobike-nat/test.conf           |  2 +-
 testing/tests/ikev2/mobike-virtual-ip/evaltest.dat |  6 +++--
 .../mobike-virtual-ip/hosts/alice/etc/ipsec.conf   |  2 +-
 .../hosts/alice/etc/strongswan.conf                |  5 ++++
 .../mobike-virtual-ip/hosts/sun/etc/ipsec.conf     |  2 +-
 .../hosts/sun/etc/strongswan.conf                  |  5 ++++
 testing/tests/ikev2/mobike-virtual-ip/test.conf    |  2 +-
 testing/tests/ikev2/mobike/evaltest.dat            |  6 +++--
 .../ikev2/mobike/hosts/alice/etc/strongswan.conf   |  5 ++++
 .../ikev2/mobike/hosts/sun/etc/strongswan.conf     |  5 ++++
 testing/tests/ikev2/mobike/test.conf               |  2 +-
 .../tests/ikev2/multi-level-ca-ldap/evaltest.dat   | 15 +++++++++---
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../ikev2/multi-level-ca-revoked/evaltest.dat      |  2 --
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/moon/etc/ipsec.conf                      |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 testing/tests/ikev2/multi-level-ca/evaltest.dat    |  8 +++++++
 .../multi-level-ca/hosts/carol/etc/strongswan.conf |  5 ++++
 .../multi-level-ca/hosts/dave/etc/strongswan.conf  |  5 ++++
 .../ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf |  1 -
 .../multi-level-ca/hosts/moon/etc/strongswan.conf  |  5 ++++
 .../tests/ikev2/nat-double-snat/description.txt    |  6 -----
 testing/tests/ikev2/nat-double-snat/evaltest.dat   |  5 ----
 .../nat-double-snat/hosts/alice/etc/ipsec.conf     | 16 -------------
 .../hosts/alice/etc/ipsec.d/certs/bobCert.pem      | 25 -------------------
 .../ikev2/nat-double-snat/hosts/bob/etc/ipsec.conf | 20 ----------------
 .../hosts/bob/etc/ipsec.d/certs/aliceCert.pem      | 25 -------------------
 testing/tests/ikev2/nat-double-snat/posttest.dat   |  8 -------
 testing/tests/ikev2/nat-double-snat/pretest.dat    | 11 ---------
 testing/tests/ikev2/nat-double-snat/test.conf      | 21 ----------------
 .../nat-one-rw/hosts/alice/etc/strongswan.conf     |  5 ++++
 .../ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf |  5 ++++
 testing/tests/ikev2/nat-pf/description.txt         |  4 ----
 testing/tests/ikev2/nat-pf/evaltest.dat            |  5 ----
 .../tests/ikev2/nat-pf/hosts/alice/etc/ipsec.conf  | 19 ---------------
 .../hosts/alice/etc/ipsec.d/certs/carolCert.pem    | 25 -------------------
 .../tests/ikev2/nat-pf/hosts/carol/etc/ipsec.conf  | 17 -------------
 .../hosts/carol/etc/ipsec.d/certs/aliceCert.pem    | 25 -------------------
 testing/tests/ikev2/nat-pf/posttest.dat            |  5 ----
 testing/tests/ikev2/nat-pf/pretest.dat             |  7 ------
 testing/tests/ikev2/nat-pf/test.conf               | 21 ----------------
 .../nat-two-rw-psk/hosts/alice/etc/strongswan.conf |  5 ++++
 .../nat-two-rw-psk/hosts/sun/etc/strongswan.conf   |  5 ++++
 .../nat-two-rw-psk/hosts/venus/etc/strongswan.conf |  5 ++++
 .../nat-two-rw/hosts/alice/etc/strongswan.conf     |  5 ++++
 .../ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf |  5 ++++
 .../nat-two-rw/hosts/venus/etc/strongswan.conf     |  5 ++++
 .../net2net-cert/hosts/moon/etc/strongswan.conf    |  5 ++++
 .../net2net-cert/hosts/sun/etc/strongswan.conf     |  5 ++++
 .../net2net-psk/hosts/moon/etc/strongswan.conf     |  5 ++++
 .../net2net-psk/hosts/sun/etc/strongswan.conf      |  5 ++++
 .../net2net-route/hosts/moon/etc/strongswan.conf   |  5 ++++
 .../net2net-route/hosts/sun/etc/strongswan.conf    |  5 ++++
 .../net2net-start/hosts/moon/etc/strongswan.conf   |  5 ++++
 .../net2net-start/hosts/sun/etc/strongswan.conf    |  5 ++++
 testing/tests/ikev2/ocsp-local-cert/evaltest.dat   | 12 ++++++----
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../ocsp-local-cert/hosts/moon/etc/strongswan.conf |  5 ++++
 testing/tests/ikev2/ocsp-multi-level/evaltest.dat  |  6 ++---
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../tests/ikev2/ocsp-no-signer-cert/evaltest.dat   |  7 +++---
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../tests/ikev2/ocsp-no-signer-cert/posttest.dat   |  1 +
 .../tests/ikev2/ocsp-no-signer-cert/pretest.dat    |  1 +
 testing/tests/ikev2/ocsp-revoked/evaltest.dat      |  7 +++---
 .../ocsp-revoked/hosts/carol/etc/strongswan.conf   |  5 ++++
 .../ocsp-revoked/hosts/moon/etc/strongswan.conf    |  5 ++++
 testing/tests/ikev2/ocsp-root-cert/evaltest.dat    | 12 ++++++----
 .../ocsp-root-cert/hosts/carol/etc/strongswan.conf |  5 ++++
 .../ocsp-root-cert/hosts/moon/etc/strongswan.conf  |  5 ++++
 .../tests/ikev2/ocsp-signer-cert/description.txt   |  2 +-
 testing/tests/ikev2/ocsp-signer-cert/evaltest.dat  | 17 +++++++------
 .../ocsp-signer-cert/hosts/carol/etc/ipsec.conf    |  5 ++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat |  5 ++--
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../tests/ikev2/ocsp-timeouts-good/evaltest.dat    | 16 ++++++++-----
 .../ocsp-timeouts-good/hosts/carol/etc/ipsec.conf  |  3 ++-
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../tests/ikev2/ocsp-timeouts-unknown/evaltest.dat |  5 ++--
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../tests/ikev2/ocsp-untrusted-cert/evaltest.dat   |  8 ++++---
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../tests/ikev2/ocsp-untrusted-cert/posttest.dat   |  1 +
 .../tests/ikev2/ocsp-untrusted-cert/pretest.dat    |  1 +
 .../protoport-dual/hosts/carol/etc/strongswan.conf |  5 ++++
 .../protoport-dual/hosts/moon/etc/strongswan.conf  |  5 ++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../protoport-route/hosts/moon/etc/strongswan.conf |  5 ++++
 .../reauth-early/hosts/carol/etc/strongswan.conf   |  5 ++++
 .../reauth-early/hosts/moon/etc/strongswan.conf    |  5 ++++
 .../reauth-late/hosts/carol/etc/strongswan.conf    |  5 ++++
 .../reauth-late/hosts/moon/etc/strongswan.conf     |  5 ++++
 .../ikev2/rw-cert/hosts/carol/etc/strongswan.conf  |  5 ++++
 .../ikev2/rw-cert/hosts/dave/etc/strongswan.conf   |  5 ++++
 .../ikev2/rw-cert/hosts/moon/etc/strongswan.conf   |  5 ++++
 .../rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf      |  1 -
 .../rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf |  5 ++++
 .../ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf |  1 +
 .../rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf  |  5 ++++
 testing/tests/ikev2/rw-eap-md5-rsa/description.txt |  7 ++++++
 testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat    | 10 ++++++++
 .../rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf      | 22 +++++++++++++++++
 .../rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets   |  3 +++
 .../rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf |  5 ++++
 .../ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf | 25 +++++++++++++++++++
 .../rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets    |  5 ++++
 .../rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf  |  5 ++++
 testing/tests/ikev2/rw-eap-md5-rsa/posttest.dat    |  4 ++++
 testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat     |  7 ++++++
 testing/tests/ikev2/rw-eap-md5-rsa/test.conf       | 21 ++++++++++++++++
 .../rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf      |  1 -
 .../rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf |  5 ++++
 .../ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf |  1 +
 .../rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf  |  5 ++++
 .../tests/ikev2/rw-hash-and-url/description.txt    | 10 ++++++++
 testing/tests/ikev2/rw-hash-and-url/evaltest.dat   | 14 +++++++++++
 .../rw-hash-and-url/hosts/carol/etc/ipsec.conf     | 28 ++++++++++++++++++++++
 .../hosts/carol/etc/strongswan.conf                |  6 +++++
 .../rw-hash-and-url/hosts/dave/etc/ipsec.conf      | 28 ++++++++++++++++++++++
 .../rw-hash-and-url/hosts/dave/etc/strongswan.conf |  6 +++++
 .../rw-hash-and-url/hosts/moon/etc/ipsec.conf      | 27 +++++++++++++++++++++
 .../rw-hash-and-url/hosts/moon/etc/strongswan.conf |  6 +++++
 testing/tests/ikev2/rw-hash-and-url/posttest.dat   |  6 +++++
 testing/tests/ikev2/rw-hash-and-url/pretest.dat    |  9 +++++++
 testing/tests/ikev2/rw-hash-and-url/test.conf      | 21 ++++++++++++++++
 .../rw-psk-fqdn/hosts/carol/etc/strongswan.conf    |  5 ++++
 .../rw-psk-fqdn/hosts/dave/etc/strongswan.conf     |  5 ++++
 .../rw-psk-fqdn/hosts/moon/etc/strongswan.conf     |  5 ++++
 .../rw-psk-ipv4/hosts/carol/etc/strongswan.conf    |  5 ++++
 .../rw-psk-ipv4/hosts/dave/etc/strongswan.conf     |  5 ++++
 .../rw-psk-ipv4/hosts/moon/etc/strongswan.conf     |  5 ++++
 .../rw-psk-no-idr/hosts/carol/etc/strongswan.conf  |  5 ++++
 .../rw-psk-no-idr/hosts/dave/etc/strongswan.conf   |  5 ++++
 .../rw-psk-no-idr/hosts/moon/etc/strongswan.conf   |  5 ++++
 testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat  |  2 +-
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat  |  2 +-
 .../rw-psk-rsa-split/hosts/carol/etc/ipsec.conf    |  1 +
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../rw-psk-rsa-split/hosts/dave/etc/ipsec.conf     |  1 +
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../rw-psk-rsa-split/hosts/moon/etc/ipsec.conf     |  1 +
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 testing/tests/ikev2/two-certs/evaltest.dat         |  7 +++---
 .../two-certs/hosts/carol/etc/strongswan.conf      |  5 ++++
 .../ikev2/two-certs/hosts/dave/etc/strongswan.conf |  5 ++++
 .../ikev2/two-certs/hosts/moon/etc/ipsec.conf      |  1 -
 .../ikev2/two-certs/hosts/moon/etc/strongswan.conf |  5 ++++
 .../hosts/carol/etc/strongswan.conf                |  5 ++++
 .../hosts/dave/etc/strongswan.conf                 |  5 ++++
 .../hosts/moon/etc/strongswan.conf                 |  5 ++++
 .../virtual-ip/hosts/carol/etc/strongswan.conf     |  5 ++++
 .../virtual-ip/hosts/dave/etc/strongswan.conf      |  5 ++++
 .../virtual-ip/hosts/moon/etc/strongswan.conf      |  5 ++++
 .../wildcards/hosts/carol/etc/strongswan.conf      |  5 ++++
 .../ikev2/wildcards/hosts/dave/etc/strongswan.conf |  5 ++++
 .../ikev2/wildcards/hosts/moon/etc/strongswan.conf |  5 ++++
 303 files changed, 1981 insertions(+), 445 deletions(-)
 create mode 100644 testing/tests/ikev2/alg-aes-xcbc/description.txt
 create mode 100644 testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
 create mode 100755 testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/alg-aes-xcbc/posttest.dat
 create mode 100644 testing/tests/ikev2/alg-aes-xcbc/pretest.dat
 create mode 100644 testing/tests/ikev2/alg-aes-xcbc/test.conf
 create mode 100644 testing/tests/ikev2/compress/description.txt
 create mode 100644 testing/tests/ikev2/compress/evaltest.dat
 create mode 100755 testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/compress/posttest.dat
 create mode 100644 testing/tests/ikev2/compress/pretest.dat
 create mode 100644 testing/tests/ikev2/compress/test.conf
 create mode 100644 testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/description.txt
 create mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat
 create mode 100755 testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat
 create mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat
 create mode 100644 testing/tests/ikev2/esp-alg-aes-ccm/test.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/description.txt
 create mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat
 create mode 100755 testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat
 create mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat
 create mode 100644 testing/tests/ikev2/esp-alg-aes-gcm/test.conf
 delete mode 100644 testing/tests/ikev2/esp-alg-aesxcbc/description.txt
 delete mode 100644 testing/tests/ikev2/esp-alg-aesxcbc/evaltest.dat
 delete mode 100755 testing/tests/ikev2/esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf
 delete mode 100755 testing/tests/ikev2/esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf
 delete mode 100644 testing/tests/ikev2/esp-alg-aesxcbc/posttest.dat
 delete mode 100644 testing/tests/ikev2/esp-alg-aesxcbc/pretest.dat
 delete mode 100644 testing/tests/ikev2/esp-alg-aesxcbc/test.conf
 create mode 100644 testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ip-pool-db/description.txt
 create mode 100644 testing/tests/ikev2/ip-pool-db/evaltest.dat
 create mode 100755 testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ip-pool-db/posttest.dat
 create mode 100644 testing/tests/ikev2/ip-pool-db/pretest.dat
 create mode 100644 testing/tests/ikev2/ip-pool-db/test.conf
 create mode 100644 testing/tests/ikev2/ip-pool-wish/description.txt
 create mode 100644 testing/tests/ikev2/ip-pool-wish/evaltest.dat
 create mode 100755 testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ip-pool-wish/posttest.dat
 create mode 100644 testing/tests/ikev2/ip-pool-wish/pretest.dat
 create mode 100644 testing/tests/ikev2/ip-pool-wish/test.conf
 create mode 100644 testing/tests/ikev2/ip-pool/description.txt
 create mode 100644 testing/tests/ikev2/ip-pool/evaltest.dat
 create mode 100755 testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ip-pool/posttest.dat
 create mode 100644 testing/tests/ikev2/ip-pool/pretest.dat
 create mode 100644 testing/tests/ikev2/ip-pool/test.conf
 create mode 100644 testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
 delete mode 100644 testing/tests/ikev2/nat-double-snat/description.txt
 delete mode 100644 testing/tests/ikev2/nat-double-snat/evaltest.dat
 delete mode 100644 testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.conf
 delete mode 100644 testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.d/certs/bobCert.pem
 delete mode 100644 testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.conf
 delete mode 100644 testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.d/certs/aliceCert.pem
 delete mode 100644 testing/tests/ikev2/nat-double-snat/posttest.dat
 delete mode 100644 testing/tests/ikev2/nat-double-snat/pretest.dat
 delete mode 100644 testing/tests/ikev2/nat-double-snat/test.conf
 create mode 100644 testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
 delete mode 100644 testing/tests/ikev2/nat-pf/description.txt
 delete mode 100644 testing/tests/ikev2/nat-pf/evaltest.dat
 delete mode 100644 testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.conf
 delete mode 100644 testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.d/certs/carolCert.pem
 delete mode 100644 testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.conf
 delete mode 100644 testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.d/certs/aliceCert.pem
 delete mode 100644 testing/tests/ikev2/nat-pf/posttest.dat
 delete mode 100644 testing/tests/ikev2/nat-pf/pretest.dat
 delete mode 100644 testing/tests/ikev2/nat-pf/test.conf
 create mode 100644 testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/description.txt
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
 create mode 100755 testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/posttest.dat
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat
 create mode 100644 testing/tests/ikev2/rw-eap-md5-rsa/test.conf
 create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/description.txt
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/evaltest.dat
 create mode 100755 testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
 create mode 100755 testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/posttest.dat
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/pretest.dat
 create mode 100644 testing/tests/ikev2/rw-hash-and-url/test.conf
 create mode 100644 testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/two-certs/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
 create mode 100644 testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf

(limited to 'testing/tests/ikev2')

diff --git a/testing/tests/ikev2/alg-aes-xcbc/description.txt b/testing/tests/ikev2/alg-aes-xcbc/description.txt
new file mode 100644
index 000000000..24a4afe57
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CBC-256/AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
+in ipsec.conf. The same cipher suite is used for IKE: <b>ike=aes256-aesxcbc-modp2048</b>.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
new file mode 100644
index 000000000..853746cd4
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
@@ -0,0 +1,9 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+moon::ipsec statusall::rw.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048_BIT::YES
+carol::ipsec statusall::home.*IKE proposal.*AES_CBC-256/AES_XCBC_96/PRF_AES128_CBC/MODP_2048_BIT::YES
+moon::ipsec statusall::rw.*AES_CBC-256/AES_XCBC_96,::YES
+carol::ipsec statusall::home.*AES_CBC-256/AES_XCBC_96,::YES
+moon::ip xfrm state::auth xcbc(aes)::YES
+carol::ip xfrm state::auth xcbc(aes)::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..edd0aaaf8
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-aesxcbc-modp2048!
+	esp=aes256-aesxcbc-modp2048!
+
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..18618929f
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-aesxcbc-modp2048!
+	esp=aes256-aesxcbc-modp2048!
+
+conn rw
+	left=PH_IP_MOON
+	leftfirewall=yes
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/alg-aes-xcbc/posttest.dat b/testing/tests/ikev2/alg-aes-xcbc/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/alg-aes-xcbc/pretest.dat b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
diff --git a/testing/tests/ikev2/alg-aes-xcbc/test.conf b/testing/tests/ikev2/alg-aes-xcbc/test.conf
new file mode 100644
index 000000000..2b240d895
--- /dev/null
+++ b/testing/tests/ikev2/alg-aes-xcbc/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS=""
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/compress/description.txt b/testing/tests/ikev2/compress/description.txt
new file mode 100644
index 000000000..47829839d
--- /dev/null
+++ b/testing/tests/ikev2/compress/description.txt
@@ -0,0 +1,3 @@
+This scenario enables IPCOMP compression between roadwarrior <b>carol</b> and
+gateway <b>moon</b>. Two pings from <b>carol</b> to <b>alice</b> checks
+the established tunnel with compression.
diff --git a/testing/tests/ikev2/compress/evaltest.dat b/testing/tests/ikev2/compress/evaltest.dat
new file mode 100644
index 000000000..279033f2b
--- /dev/null
+++ b/testing/tests/ikev2/compress/evaltest.dat
@@ -0,0 +1,10 @@
+moon::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUPP)::YES
+moon::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUPP)::YES
+carol::ipsec status::home.*INSTALLED::YES
+moon::ipsec status::rw.*INSTALLED::YES
+moon::ip xfrm state::proto comp spi::YES
+carol::ip xfrm state::proto comp spi::YES
+carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES
+moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::moon.strongswan.org >  carol.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..670a50c00
--- /dev/null
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	compress=yes
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..91abfd4da
--- /dev/null
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	compress=yes
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	rightid=carol@strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/compress/posttest.dat b/testing/tests/ikev2/compress/posttest.dat
new file mode 100644
index 000000000..c6d6235f9
--- /dev/null
+++ b/testing/tests/ikev2/compress/posttest.dat
@@ -0,0 +1,2 @@
+moon::ipsec stop
+carol::ipsec stop
diff --git a/testing/tests/ikev2/compress/pretest.dat b/testing/tests/ikev2/compress/pretest.dat
new file mode 100644
index 000000000..7d077c126
--- /dev/null
+++ b/testing/tests/ikev2/compress/pretest.dat
@@ -0,0 +1,5 @@
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+carol::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
diff --git a/testing/tests/ikev2/compress/test.conf b/testing/tests/ikev2/compress/test.conf
new file mode 100644
index 000000000..fd33cfb57
--- /dev/null
+++ b/testing/tests/ikev2/compress/test.conf
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
+
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf
index 8458724c6..222673704 100755
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf
@@ -13,7 +13,6 @@ conn %default
 	keyexchange=ikev2
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
-	rightsourceip=PH_IP_MOON1
 	rightcert=moonCert.pem
 	rightid=@moon.strongswan.org
 	rightfirewall=yes
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf
index bafd1b155..bb558fe25 100755
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf
@@ -13,7 +13,6 @@ conn %default
 	keyexchange=ikev2
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftfirewall=yes
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-from-cache/evaltest.dat b/testing/tests/ikev2/crl-from-cache/evaltest.dat
index 9aa53fb64..f15196024 100644
--- a/testing/tests/ikev2/crl-from-cache/evaltest.dat
+++ b/testing/tests/ikev2/crl-from-cache/evaltest.dat
@@ -1,8 +1,10 @@
-moon::cat /var/log/daemon.log::loading crl file::YES
-carol::cat /var/log/daemon.log::loading crl file::YES
-moon::ipsec status::rw.*ESTABLISHED::YES
-carol::ipsec status::home.*ESTABLISHED::YES
-moon::cat /var/log/auth.log::written crl file::NO
-carol::cat /var/log/auth.log::written crl file::NO
+moon::cat /var/log/daemon.log::loaded crl file::YES
+moon::cat /var/log/daemon.log::crl is valid::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec listcrls:: ok::YES
+carol::cat /var/log/daemon.log::loaded crl file::YES
+carol::cat /var/log/daemon.log::crl is valid::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
 carol::ipsec listcrls:: ok::YES
+moon::ipsec status::rw.*ESTABLISHED::YES
+carol::ipsec status::home.*ESTABLISHED::YES
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-ldap/evaltest.dat b/testing/tests/ikev2/crl-ldap/evaltest.dat
index 05e818e21..d98df8c7c 100644
--- a/testing/tests/ikev2/crl-ldap/evaltest.dat
+++ b/testing/tests/ikev2/crl-ldap/evaltest.dat
@@ -1,12 +1,12 @@
-moon::cat /var/log/daemon.log::loading crl file::YES
-carol::cat /var/log/daemon.log::loading crl file::YES
+moon::cat /var/log/daemon.log::loaded crl file::YES
 moon::cat /var/log/daemon.log::crl is stale::YES
+moon::cat /var/log/daemon.log::fetching crl from.*ldap::YES
+moon::cat /var/log/daemon.log::crl is valid::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
+carol::cat /var/log/daemon.log::loaded crl file::YES
 carol::cat /var/log/daemon.log::crl is stale::YES
-moon::cat /var/log/daemon.log::sending ldap request::YES
-carol::cat /var/log/daemon.log::sending ldap request::YES
+carol::cat /var/log/daemon.log::fetching crl from.*ldap::YES
+carol::cat /var/log/daemon.log::crl is valid::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES
 carol::ipsec status::home.*ESTABLISHED::YES
-moon::cat /var/log/daemon.log::written crl file::YES
-carol::cat /var/log/daemon.log::written crl file::YES
-moon::ipsec listcrls:: ok::YES
-carol::ipsec listcrls:: ok::YES
diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..1949d3abc
--- /dev/null
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..1949d3abc
--- /dev/null
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-revoked/evaltest.dat b/testing/tests/ikev2/crl-revoked/evaltest.dat
index 3d6cf72bb..2242746db 100644
--- a/testing/tests/ikev2/crl-revoked/evaltest.dat
+++ b/testing/tests/ikev2/crl-revoked/evaltest.dat
@@ -1,6 +1,5 @@
 moon::cat /var/log/daemon.log::certificate was revoked::YES
-moon::cat /var/log/daemon.log::end entity certificate is not trusted::YES
-carol::cat /var/log/daemon.log::AUTHENTICATION_FAILED::YES
-moon::ipsec listcrls:: ok::YES
+moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*failed::YES
+carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-to-cache/evaltest.dat b/testing/tests/ikev2/crl-to-cache/evaltest.dat
index 14edd946f..00489436e 100644
--- a/testing/tests/ikev2/crl-to-cache/evaltest.dat
+++ b/testing/tests/ikev2/crl-to-cache/evaltest.dat
@@ -1,4 +1,4 @@
 moon::ipsec status::rw.*ESTABLISHED::YES
 carol::ipsec status::home.*ESTABLISHED::YES
-moon::cat /var/log/daemon.log::written crl file.*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
-carol::cat /var/log/daemon.log::written crl file.*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
+moon::cat /var/log/daemon.log::written crl to.*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
+carol::cat /var/log/daemon.log::written crl to.*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat
index fe68be4b5..88f9a2ca9 100644
--- a/testing/tests/ikev2/default-keys/pretest.dat
+++ b/testing/tests/ikev2/default-keys/pretest.dat
@@ -10,7 +10,7 @@ moon::rm /etc/ipsec.d/private/*
 moon::rm /etc/ipsec.d/certs/*
 moon::rm /etc/ipsec.d/cacerts/*
 moon::ipsec start
-moon::sleep 3 
+moon::sleep 5 
 moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der
 moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der
 moon::ipsec reload 
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/description.txt b/testing/tests/ikev2/esp-alg-aes-ccm/description.txt
new file mode 100644
index 000000000..cb08a9312
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CCM_12-128</b> by defining <b>esp=aes128gcm12-modp2048</b> or alternatively
+<b>esp=aes128gcm96-modp2048</b> in ipsec.conf.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat
new file mode 100644
index 000000000..dc5032133
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/evaltest.dat
@@ -0,0 +1,5 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+moon::ipsec statusall::AES_CCM_12-128::YES
+carol::ipsec statusall::AES_CCM_12-128::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..85c825002
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes128-aesxcbc-modp2048!
+	esp=aes128ccm96-modp2048!
+
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..8f8404516
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes128-aesxcbc-modp2048!
+	esp=aes128ccm12-modp2048!
+
+conn rw
+	left=PH_IP_MOON
+	leftfirewall=yes
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat b/testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat b/testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/test.conf b/testing/tests/ikev2/esp-alg-aes-ccm/test.conf
new file mode 100644
index 000000000..2b240d895
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS=""
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/description.txt b/testing/tests/ikev2/esp-alg-aes-gcm/description.txt
new file mode 100644
index 000000000..721f3c64b
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_GCM_16-256</b> by defining <b>esp=aes256gcm16-modp2048</b> or alternatively
+<b>esp=aes256gcm128-modp2048</b> in ipsec.conf.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat
new file mode 100644
index 000000000..8f007b900
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/evaltest.dat
@@ -0,0 +1,5 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+moon::ipsec statusall::AES_GCM_16-256::YES
+carol::ipsec statusall::AES_GCM_16-256::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..df2b7437d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-aesxcbc-modp2048!
+	esp=aes256gcm128-modp2048!
+
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..661681105
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-aesxcbc-modp2048!
+	esp=aes256gcm16-modp2048!
+
+conn rw
+	left=PH_IP_MOON
+	leftfirewall=yes
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat b/testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/test.conf b/testing/tests/ikev2/esp-alg-aes-gcm/test.conf
new file mode 100644
index 000000000..2b240d895
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS=""
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/esp-alg-aesxcbc/description.txt b/testing/tests/ikev2/esp-alg-aesxcbc/description.txt
deleted file mode 100644
index 0ea28a716..000000000
--- a/testing/tests/ikev2/esp-alg-aesxcbc/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC-256/AES_XCBC_96</b> by defining <b>esp=aes256-aesxcbc-modp2048</b>
-in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
-the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-aesxcbc/evaltest.dat b/testing/tests/ikev2/esp-alg-aesxcbc/evaltest.dat
deleted file mode 100644
index 19b0b4378..000000000
--- a/testing/tests/ikev2/esp-alg-aesxcbc/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::AES_CBC-256/AES_XCBC_96::YES
-carol::ipsec statusall::AES_CBC-256/AES_XCBC_96::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 25f8ce8b2..000000000
--- a/testing/tests/ikev2/esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-	strictcrlpolicy=yes
-	plutostart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-	ike=aes256-sha256-modp2048!
-	esp=aes256-aesxcbc-modp2048!
-
-conn home
-	left=PH_IP_CAROL
-	leftfirewall=yes
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add 
diff --git a/testing/tests/ikev2/esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 303a49152..000000000
--- a/testing/tests/ikev2/esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-	strictcrlpolicy=yes
-	plutostart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-	ike=aes256-sha256-modp2048!
-	esp=aes256-aesxcbc-modp2048!
-
-conn rw
-	left=PH_IP_MOON
-	leftfirewall=yes
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev2/esp-alg-aesxcbc/posttest.dat b/testing/tests/ikev2/esp-alg-aesxcbc/posttest.dat
deleted file mode 100644
index 94a400606..000000000
--- a/testing/tests/ikev2/esp-alg-aesxcbc/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-aesxcbc/pretest.dat b/testing/tests/ikev2/esp-alg-aesxcbc/pretest.dat
deleted file mode 100644
index f360351e1..000000000
--- a/testing/tests/ikev2/esp-alg-aesxcbc/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-carol::sleep 1 
-carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-aesxcbc/test.conf b/testing/tests/ikev2/esp-alg-aesxcbc/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev2/esp-alg-aesxcbc/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat
index 2dd58c9d7..b3cade48c 100644
--- a/testing/tests/ikev2/host2host-transport/evaltest.dat
+++ b/testing/tests/ikev2/host2host-transport/evaltest.dat
@@ -1,4 +1,4 @@
-moon::cat /var/log/daemon.log::received USE_TRANSPORT_MODE notify::YES
+moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
 moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
 sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
 moon::ip xfrm state::mode transport::YES
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool-db/description.txt b/testing/tests/ikev2/ip-pool-db/description.txt
new file mode 100644
index 000000000..5cc500c98
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual IP
+addresses from a pool named <b>bigpool</b> that was created in an SQL database by the command
+<b>ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.255.254 --timeout 0</b>.
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the
+tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping the client
+<b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two pings will be the
+virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat
new file mode 100644
index 000000000..07d17b338
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat
@@ -0,0 +1,26 @@
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::ipsec status::home.*INSTALLED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave::ip addr list dev eth0::PH_IP_DAVE1::YES
+dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave::ipsec status::home.*INSTALLED::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES
+moon::cat /var/log/daemon.log::assigning lease with new address from pool.*bigpool::YES
+moon::cat /var/log/daemon.log::assigning virtual IP::YES
+moon::ipsec pool --status::bigpool.*10.3.0.1.*10.3.255.254.*static.*2::YES
+moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org::online::YES
+moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org::online::YES
+moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
+moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..b3413830f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=%any
+	rightsourceip=%bigpool
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..5a35561ba
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  plugins {
+    sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db 
+    }
+  }
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke sqlite sql
+}
diff --git a/testing/tests/ikev2/ip-pool-db/posttest.dat b/testing/tests/ikev2/ip-pool-db/posttest.dat
new file mode 100644
index 000000000..5d26cbbbc
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::ipsec pool --del bigpool
+moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev2/ip-pool-db/pretest.dat b/testing/tests/ikev2/ip-pool-db/pretest.dat
new file mode 100644
index 000000000..78ba3f581
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/pretest.dat
@@ -0,0 +1,13 @@
+moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.255.254 --timeout 0
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/ip-pool-db/test.conf b/testing/tests/ikev2/ip-pool-db/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-db/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/ip-pool-wish/description.txt b/testing/tests/ikev2/ip-pool-wish/description.txt
new file mode 100644
index 000000000..a5487169a
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request the same <b>virtual IP</b> via the IKEv2
+configuration payload by using the <b>leftsourceip=PH_IP_DAVE1</b> parameter. On a first-come,
+first-served basis, <b>dave</b> gets <b>PH_IP_DAVE1</b> from the simple address pool managed
+by gateway <b>moon</b> and <b>carol</b> gets the first free address <b>PH_IP_CAROL1</b>
+from the pool. 
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev2/ip-pool-wish/evaltest.dat b/testing/tests/ikev2/ip-pool-wish/evaltest.dat
new file mode 100644
index 000000000..19e6783af
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/evaltest.dat
@@ -0,0 +1,23 @@
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::ipsec status::home.*INSTALLED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave::ip addr list dev eth0::PH_IP_DAVE1::YES
+dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave::ipsec status::home.*INSTALLED::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
+moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES
+moon::cat /var/log/daemon.log::assigning virtual IP::YES
+moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
+moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..5f93b3987
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=PH_IP_DAVE1
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..b58ba5460
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=PH_IP_DAVE1
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..0b4cded6c
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=%any
+	rightsourceip=10.3.0.0/28
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool-wish/posttest.dat b/testing/tests/ikev2/ip-pool-wish/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/ip-pool-wish/pretest.dat b/testing/tests/ikev2/ip-pool-wish/pretest.dat
new file mode 100644
index 000000000..519c81a31
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+dave::ipsec start
+carol::ipsec start
+moon::ipsec start
+dave::sleep 2 
+dave::ipsec up home
+carol::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/ikev2/ip-pool-wish/test.conf b/testing/tests/ikev2/ip-pool-wish/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool-wish/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/ip-pool/description.txt b/testing/tests/ikev2/ip-pool/description.txt
new file mode 100644
index 000000000..fc3f8c63a
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
+IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
+increasing order. 
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev2/ip-pool/evaltest.dat b/testing/tests/ikev2/ip-pool/evaltest.dat
new file mode 100644
index 000000000..15ca7426f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/evaltest.dat
@@ -0,0 +1,23 @@
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::ipsec status::home.*INSTALLED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave::ip addr list dev eth0::PH_IP_DAVE1::YES
+dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave::ipsec status::home.*INSTALLED::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
+moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES
+moon::cat /var/log/daemon.log::assigning virtual IP::YES
+moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
+moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..0b4cded6c
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=%any
+	rightsourceip=10.3.0.0/28
+	auto=add
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ip-pool/posttest.dat b/testing/tests/ikev2/ip-pool/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/ip-pool/pretest.dat b/testing/tests/ikev2/ip-pool/pretest.dat
new file mode 100644
index 000000000..014e80517
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/ip-pool/test.conf b/testing/tests/ikev2/ip-pool/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/ip-pool/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat
index 541b218d0..f2758eb35 100644
--- a/testing/tests/ikev2/mobike-nat/evaltest.dat
+++ b/testing/tests/ikev2/mobike-nat/evaltest.dat
@@ -10,7 +10,9 @@ sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
 alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
 sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP::YES
-moon::tcpdump::sun.strongswan.org.*moon.strongswan.org.*: UDP-encap: ESP::YES
+sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
+sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
+moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP.*seq=0x2::YES
+moon::tcpdump::sun.strongswan.org.*moon.strongswan.org.*: UDP-encap: ESP.*seq=0x2::YES
 bob::tcpdump::10.3.0.3.*bob.strongswan.org.*ICMP echo request::YES
 bob::tcpdump::bob.strongswan.org.*10.3.0.3.*ICMP echo reply::YES
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
index e9abfdac8..5c93d1462 100755
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
@@ -14,7 +14,7 @@ conn %default
 
 conn mobike
 	left=PH_IP_ALICE1
-	leftsourceip=10.3.0.3
+	leftsourceip=%config
 	leftcert=aliceCert.pem
 	leftid=alice@strongswan.org
 	leftfirewall=yes
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf
index 6944749be..d6121511e 100755
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf
@@ -19,6 +19,6 @@ conn mobike
 	leftfirewall=yes
 	leftsubnet=10.2.0.0/16
 	right=%any
-	rightsourceip=%config
+	rightsourceip=10.3.0.3
 	rightid=alice@strongswan.org
 	auto=add
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/mobike-nat/test.conf b/testing/tests/ikev2/mobike-nat/test.conf
index 6467631e5..24a0cf3a4 100644
--- a/testing/tests/ikev2/mobike-nat/test.conf
+++ b/testing/tests/ikev2/mobike-nat/test.conf
@@ -13,7 +13,7 @@ DIAGRAM="a-m-w-s-b.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS="bob moon"
+TCPDUMPHOSTS="bob moon sun"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
index 5be507d2e..94dea0b14 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
+++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
@@ -10,7 +10,9 @@ sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
 alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES
 sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP::YES
-moon::tcpdump::sun.strongswan.org.*alice.strongswan.org.*: ESP::YES
+sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
+sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
+moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP.*seq=0x2::YES
+moon::tcpdump::sun.strongswan.org.*alice.strongswan.org.*: ESP.*seq=0x2::YES
 bob::tcpdump::10.3.0.3.*bob.strongswan.org.*ICMP echo request::YES
 bob::tcpdump::bob.strongswan.org.*10.3.0.3.*ICMP echo reply::YES
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
index e9abfdac8..5c93d1462 100755
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
@@ -14,7 +14,7 @@ conn %default
 
 conn mobike
 	left=PH_IP_ALICE1
-	leftsourceip=10.3.0.3
+	leftsourceip=%config
 	leftcert=aliceCert.pem
 	leftid=alice@strongswan.org
 	leftfirewall=yes
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
index 64a659f4f..18a67cde0 100755
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
@@ -19,6 +19,6 @@ conn mobike
 	leftfirewall=yes
 	leftsubnet=10.2.0.0/16
 	right=PH_IP_ALICE1
-	rightsourceip=%config
+	rightsourceip=10.3.0.3
 	rightid=alice@strongswan.org
 	auto=add
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/mobike-virtual-ip/test.conf b/testing/tests/ikev2/mobike-virtual-ip/test.conf
index 6467631e5..24a0cf3a4 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/test.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/test.conf
@@ -13,7 +13,7 @@ DIAGRAM="a-m-w-s-b.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS="bob moon"
+TCPDUMPHOSTS="bob moon sun"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
diff --git a/testing/tests/ikev2/mobike/evaltest.dat b/testing/tests/ikev2/mobike/evaltest.dat
index 10bb37e42..6c49c0425 100644
--- a/testing/tests/ikev2/mobike/evaltest.dat
+++ b/testing/tests/ikev2/mobike/evaltest.dat
@@ -10,8 +10,10 @@ sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
 alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES
 sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP::YES
-moon::tcpdump::sun.strongswan.org.*alice.strongswan.org.*: ESP::YES
+sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
+sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
+moon::tcpdump::alice.strongswan.org.*sun.strongswan.org: ESP.*seq=0x2::YES
+moon::tcpdump::sun.strongswan.org.*alice.strongswan.org: ESP.*seq=0x2::YES
 bob::tcpdump::alice1.strongswan.org.*bob.strongswan.org.*ICMP echo request::YES
 bob::tcpdump::bob.strongswan.org.*alice1.strongswan.org.*ICMP echo reply::YES
 bob::tcpdump::alice.strongswan.org.*bob.strongswan.org.*ICMP echo request::YES
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/mobike/test.conf b/testing/tests/ikev2/mobike/test.conf
index 6467631e5..24a0cf3a4 100644
--- a/testing/tests/ikev2/mobike/test.conf
+++ b/testing/tests/ikev2/mobike/test.conf
@@ -13,7 +13,7 @@ DIAGRAM="a-m-w-s-b.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS="bob moon"
+TCPDUMPHOSTS="bob moon sun"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
index 00cafc130..ca0bdba44 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
@@ -1,11 +1,20 @@
-moon::cat /var/log/daemon.log::sending ldap request to::YES
-moon::cat /var/log/daemon.log::received valid ldap response::YES
+moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon::cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
 carol::ipsec status::alice.*INSTALLED::YES
 moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
+carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
 carol::ipsec status::venus.*INSTALLED::NO
+moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Sales CA::YES
+moon::cat /var/log/daemon.log::traffic selectors PH_IP_VENUS/32 === PH_IP_CAROL/32.*inacceptable::YES
 moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO
 dave::ipsec status::venus.*INSTALLED::YES
 moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
+dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
 dave::ipsec status::alice.*INSTALLED::NO
+moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon::cat /var/log/daemon.log::traffic selectors PH_IP_ALICE/32 === PH_IP_DAVE/32.*inacceptable::YES
 moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO
-
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..1949d3abc
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..1949d3abc
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..1949d3abc
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = ldap aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat
index 1e52d2273..3ac0adbb5 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat
@@ -1,6 +1,4 @@
-moon::ipsec listcacerts --utc::status revoked on::YES
 moon::cat /var/log/daemon.log::certificate was revoked::YES
-moon::cat /var/log/daemon.log::received end entity certificate is not trusted::YES
 moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*failed::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
 moon::ipsec status::alice.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
index 9b331f0a9..ef1beae7e 100755
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
@@ -5,6 +5,11 @@ config setup
 	strictcrlpolicy=yes
 	plutostart=no
 
+ca strongswan
+	cacert=strongswanCert.pem
+	crluri=http://crl.strongswan.org/strongswan.crl
+	auto=add
+
 conn %default
 	ikelifetime=60m
 	keylife=20m
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca/evaltest.dat b/testing/tests/ikev2/multi-level-ca/evaltest.dat
index 6cb0bd8ae..e4eafe966 100644
--- a/testing/tests/ikev2/multi-level-ca/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca/evaltest.dat
@@ -1,12 +1,20 @@
+moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
 carol::ipsec status::alice.*INSTALLED::YES
 moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES
 carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
 carol::ipsec status::venus.*INSTALLED::NO
+moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Sales CA::YES
 moon::cat /var/log/daemon.log::traffic selectors PH_IP_VENUS/32 === PH_IP_CAROL/32.*inacceptable::YES
 moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO
 dave::ipsec status::venus.*INSTALLED::YES
 moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES
 dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
 dave::ipsec status::alice.*INSTALLED::NO
+moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
 moon::cat /var/log/daemon.log::traffic selectors PH_IP_ALICE/32 === PH_IP_DAVE/32.*inacceptable::YES
 moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
index e1ee6e8d6..d0240a333 100755
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	charondebug="cfg 2"
 	crlcheckinterval=180
 	strictcrlpolicy=no
 	plutostart=no
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-double-snat/description.txt b/testing/tests/ikev2/nat-double-snat/description.txt
deleted file mode 100644
index e0708898b..000000000
--- a/testing/tests/ikev2/nat-double-snat/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-The roadwarrior <b>alice</b> sets up a connection to host <b>bob</b> using IKEv2. The hosts
-sit behind NAT router <b>moon</b> (SNAT) and <b>sun</b> (SNAT) respectively.
-UDP encapsulation is used to traverse the NAT router.
-The authentication is based on locally loaded <b>X.509 certificates</b>.
-In order to test the tunnel the NAT-ed host <b>alice</b> pings the host
-<b>bob</b>.
diff --git a/testing/tests/ikev2/nat-double-snat/evaltest.dat b/testing/tests/ikev2/nat-double-snat/evaltest.dat
deleted file mode 100644
index 7a3dede42..000000000
--- a/testing/tests/ikev2/nat-double-snat/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-bob::ipsec statusall::rw-alice.*ESTABLISHED::YES
-alice::ipsec statusall::home.*ESTABLISHED::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdumpcount::IP moon.strongswan.org.* > bob.strongswan.org.ipsec-nat-t: UDP::2
-moon::tcpdumpcount::IP bob.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::2
diff --git a/testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.conf
deleted file mode 100644
index 30a067bc9..000000000
--- a/testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-version	2.0	# conforms to second version of ipsec.conf specification
-
-config setup
-	plutostart=no
-
-conn home
-	left=PH_IP_ALICE
-	leftcert=aliceCert.pem
-	leftid=alice@strongswan.org
-	right=PH_IP_BOB
-	rightcert=bobCert.pem
-	rightid=bob@strongswan.org
-	keyexchange=ikev2
-	auto=add
diff --git a/testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.d/certs/bobCert.pem b/testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.d/certs/bobCert.pem
deleted file mode 100644
index 199d3eee2..000000000
--- a/testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.d/certs/bobCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIBBjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMjUzNFoXDTA5MDkwOTExMjUzNFowWDELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMRswGQYDVQQDFBJib2JAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDAJaejS3/lJfQHgw0nzvotgSQS8ey/6tvbx7s5RsWY
-27x9K5xd44aPrvP2Qpyq34IXRY6uPlIqeUTQN7EKpLrWCxMOT36x5N0Co9J5UWRB
-fJC141D+8+1RwJ9/baEIecpCvb0GfDOX0GXN5ltcJk82hZjE4y1yHC1FN7V3zdRg
-xmloupPuon+X3bTmyMQ93NKkg48CQGtqtfwQ0MqPiOWu8MBhdztfOyu6aW3EgviF
-ithLc02SeNzlpqB3M8GDfX+mr3OVDhhhC2OI+VRlZzz7KxJ13DUR2KkvLZR8Ak4E
-5lRjkUnTYd/f3OQYxfjC8idUmj5ojR6Fb0x1tsV/glzXAgMBAAGjggEEMIIBADAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUaLN5EPOkOkVU3J1Ud0sl
-+27OOHswbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
-BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
-dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHQYDVR0RBBYwFIESYm9iQHN0cm9uZ3N3YW4u
-b3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcv
-c3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEEBQADggEBAIyQLLxdeO8clplzRW9z
-TRR3J0zSedvi2XlIZ/XCsv0ZVfoBLLWcDp3QrxNiVZXvXXtzjPsDs+DAveZF9LGq
-0tIw1uT3JorbgNNrmWvxBvJoQTtSw4LQBuV7vF27jrposx3Hi5qtUXUDS6wVnDUI
-5iORqsrddnoDuMN+Jt7oRcvKfYSNwTV+m0ZAHdB5a/ARWO5UILOrxEA/N72NcDYN
-NdAd+bLaB38SbkSbh1xj/AGnrHxdJBF4h4mx4btc9gtBSh+dwBHOsn4TheqJ6bbw
-7FlXBowQDCJIswKNhWfnIepQlM1KEzmq5YX43uZO2b7amRaIKqy2vNE7+UNFYBpE
-Mto=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.conf
deleted file mode 100644
index eaec3d642..000000000
--- a/testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-version	2.0	# conforms to second version of ipsec.conf specification
-
-config setup
-	plutostart=no
-
-conn %default
-	left=PH_IP_BOB
-	leftcert=bobCert.pem
-	leftid=bob@strongswan.org
-	leftsubnet=10.2.0.10/32
-	keyexchange=ikev2
-	
-conn rw-alice
-	right=%any
-	rightcert=aliceCert.pem
-	rightid=alice@strongswan.org
-	rightsubnet=10.1.0.0/16
-	auto=add
diff --git a/testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.d/certs/aliceCert.pem
deleted file mode 100644
index e99ae8ec7..000000000
--- a/testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.d/certs/aliceCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
-MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer
-GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4
-FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W
-6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH
-v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc
-KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG
-A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa
-60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
-A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0
-cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu
-Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo
-2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ
-AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5
-D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S
-CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi
-6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re
-JGhV
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-double-snat/posttest.dat b/testing/tests/ikev2/nat-double-snat/posttest.dat
deleted file mode 100644
index 8ad7df96c..000000000
--- a/testing/tests/ikev2/nat-double-snat/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-alice::ipsec stop
-bob::ipsec stop
-alice::rm /etc/ipsec.d/certs/*
-bob::rm /etc/ipsec.d/certs/*
-moon::route del -net 10.2.0.0/16
-sun::route del -net 10.1.0.0/16
-moon::iptables -t nat -F
-sun::iptables -t nat -F
diff --git a/testing/tests/ikev2/nat-double-snat/pretest.dat b/testing/tests/ikev2/nat-double-snat/pretest.dat
deleted file mode 100644
index da1d43c4e..000000000
--- a/testing/tests/ikev2/nat-double-snat/pretest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-sun::echo 1 > /proc/sys/net/ipv4/ip_forward
-sun::route add -net 10.1.0.0/16 gw PH_IP_MOON
-sun::iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -p udp -j SNAT --to-source PH_IP_SUN1:4024-4100
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::route add -net 10.2.0.0/16 gw PH_IP_SUN
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
-bob::ipsec start
-alice::ipsec start
-alice::sleep 1
-alice::ipsec up home
-alice::sleep 1 
diff --git a/testing/tests/ikev2/nat-double-snat/test.conf b/testing/tests/ikev2/nat-double-snat/test.conf
deleted file mode 100644
index 1ca2ffe5a..000000000
--- a/testing/tests/ikev2/nat-double-snat/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice bob"
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-pf/description.txt b/testing/tests/ikev2/nat-pf/description.txt
deleted file mode 100644
index bb38af458..000000000
--- a/testing/tests/ikev2/nat-pf/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-The roadwarrior <b>carol</b> sets up a connection to host <b>alice</b> sitting behind the NAT router <b>moon</b>
-using IKEv2. Port Forwarding is used to publish host <b>alice</b>. UDP encapsulation is used to traverse the NAT router.
-The authentication is based on locally loaded <b>X.509 certificates</b>.
-In order to test the tunnel the roadwarrior <b>carol</b> pings the host <b>alice</b>.
diff --git a/testing/tests/ikev2/nat-pf/evaltest.dat b/testing/tests/ikev2/nat-pf/evaltest.dat
deleted file mode 100644
index 4d2950521..000000000
--- a/testing/tests/ikev2/nat-pf/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-alice::ipsec statusall::rw-carol.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdumpcount::IP carol.strongswan.org.* > moon.strongswan.org.ipsec-nat-t: UDP::2
-moon::tcpdumpcount::IP moon.strongswan.org.ipsec-nat-t > carol.strongswan.org.*: UDP::2
diff --git a/testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.conf
deleted file mode 100644
index 836379494..000000000
--- a/testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-version	2.0	# conforms to second version of ipsec.conf specification
-
-config setup
-	plutostart=no
-
-conn %default
-	left=PH_IP_ALICE
-	leftcert=aliceCert.pem
-	leftid=alice@strongswan.org
-	leftsubnet=10.1.0.10/32
-	keyexchange=ikev2
-	
-conn rw-carol
-	right=%any
-	rightcert=carolCert.pem
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 8492fbd45..000000000
--- a/testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBCjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDEwMTIxNDMxOFoXDTA5MTIzMTIxNDMxOFowWjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALgbhJIECOCGyNJ4060un/wBuJ6MQjthK5CAEPgX
-T/lvZynoSxhfuW5geDCCxQes6dZPeb6wJS4F5fH3qJoLM+Z4n13rZlCEyyMBkcFl
-vK0aNFY+ARs0m7arUX8B7Pfi9N6WHTYgO4XpeBHLJrZQz9AU0V3S0rce/WVuVjii
-S/cJhrgSi7rl87Qo1jYOA9P06BZQLj0dFNcWWrGpKp/hXvBF1OSP9b15jsgMlCCW
-LJqXmLVKDtKgDPLJZR19mILhgcHvaxxD7craL9GR4QmWLb0m84oAIIwaw+0npZJM
-YDMMeYeOtcepCWCmRy+XmsqcWu4rtNCu05W1RsXjYZEKBjcCAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRVNeym66J5uu+IfxhD
-j9InsWdG0TBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
-d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCxMEp+Zdclc0aI
-U+jO3TmL81gcwea0BUucjZfDyvCSkDXcXidOez+l/vUueGC7Bqq1ukDF8cpVgGtM
-2HPxM97ZSLPInMgWIeLq3uX8iTtIo05EYqRasJxBIAkY9o6ja6v6z0CZqjSbi2WE
-HrHkFrkOTrRi7deGzbAAhWVjOnAfzSxBaujkdUxb6jGBc2F5qpAeVSbE+sAxzmSd
-hRyF3tUUwl4yabBzmoedJzlQ4anqg0G14QScBxgXkq032gKuzNVVxWRp6OFannKG
-C1INvsBWYtN62wjXlXXhM/M4sBFhmPpftVb+Amgr1jSspTX2dQsNqhI/WtNvLmfK
-omBYfxqp
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index 52345af7c..000000000
--- a/testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-version	2.0	# conforms to second version of ipsec.conf specification
-
-config setup
-	plutostart=no
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightcert=aliceCert.pem
-	rightid=alice@strongswan.org
-	rightsubnet=10.1.0.0/24
-	keyexchange=ikev2
-	auto=add
diff --git a/testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.d/certs/aliceCert.pem
deleted file mode 100644
index e99ae8ec7..000000000
--- a/testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.d/certs/aliceCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
-MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer
-GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4
-FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W
-6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH
-v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc
-KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG
-A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa
-60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG
-A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0
-cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu
-Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo
-2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ
-AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5
-D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S
-CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi
-6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re
-JGhV
------END CERTIFICATE-----
diff --git a/testing/tests/ikev2/nat-pf/posttest.dat b/testing/tests/ikev2/nat-pf/posttest.dat
deleted file mode 100644
index bed4ae1b7..000000000
--- a/testing/tests/ikev2/nat-pf/posttest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec stop
-alice::ipsec stop
-carol::rm /etc/ipsec.d/certs/*
-alice::rm /etc/ipsec.d/certs/*
-moon::iptables -t nat -F
diff --git a/testing/tests/ikev2/nat-pf/pretest.dat b/testing/tests/ikev2/nat-pf/pretest.dat
deleted file mode 100644
index fdb3de711..000000000
--- a/testing/tests/ikev2/nat-pf/pretest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -m multiport -t nat -A PREROUTING -i eth0 -p udp --dports 500,4500 -j DNAT --to 10.1.0.10
-alice::ipsec start
-carol::ipsec start
-carol::sleep 1
-carol::ipsec up home
-carol::sleep 1 
diff --git a/testing/tests/ikev2/nat-pf/test.conf b/testing/tests/ikev2/nat-pf/test.conf
deleted file mode 100644
index 21bece8e6..000000000
--- a/testing/tests/ikev2/nat-pf/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice carol"
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat
index 6b849b811..c08a17943 100644
--- a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat
@@ -1,8 +1,12 @@
-moon::cat /var/log/daemon.log::received valid http response::YES
-carol::cat /var/log/daemon.log::received valid http response::YES
 moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
+moon::cat /var/log/daemon.log::requesting ocsp status from::YES
+moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon::cat /var/log/daemon.log::ocsp response is valid::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
 carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::certificate is good::YES
-carol::cat /var/log/daemon.log::certificate is good::YES
+carol::cat /var/log/daemon.log::requesting ocsp status from::YES
+carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+carol::cat /var/log/daemon.log::ocsp response is valid::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES
 carol::ipsec status::home.*ESTABLISHED::YES
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat
index 93d152f6b..768de938b 100644
--- a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat
@@ -1,9 +1,9 @@
 moon::ipsec listocspcerts::altNames.*ocsp.*strongswan.org::YES
 carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
 dave::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::certificate is good::YES
-carol::cat /var/log/daemon.log::certificate is good::YES
-dave::cat /var/log/daemon.log::certificate is good::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
+dave::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec status::ESTABLISHED.*carol::YES
 moon::ipsec status::ESTABLISHED.*dave::YES
 carol::ipsec status::ESTABLISHED::YES
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
index f185536a6..939817d58 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat
@@ -1,5 +1,6 @@
-moon::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::received certificate is no ocsp signer - rejected::YES
-moon::cat /var/log/daemon.log::certificate status unknown::YES
+moon::cat /var/log/daemon.log::requesting ocsp status from::YES
+moon::cat /var/log/daemon.log::ocsp response verification failed::YES
+moon::cat /var/log/daemon.log::certificate status is not available::YES
+moon::cat /var/log/daemon.log::constraint check failed.*VALIDATION_FAILED.*VALIDATION_GOOD::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/posttest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/posttest.dat
index c6d6235f9..1af117cf0 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/posttest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/posttest.dat
@@ -1,2 +1,3 @@
 moon::ipsec stop
 carol::ipsec stop
+moon::iptables -F
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
index d92333d86..afb64c3ed 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
@@ -1,3 +1,4 @@
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
 moon::ipsec start
 carol::ipsec start
 carol::sleep 2
diff --git a/testing/tests/ikev2/ocsp-revoked/evaltest.dat b/testing/tests/ikev2/ocsp-revoked/evaltest.dat
index eacb70c40..2c3196103 100644
--- a/testing/tests/ikev2/ocsp-revoked/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-revoked/evaltest.dat
@@ -1,6 +1,7 @@
-moon::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
+moon::cat /var/log/daemon.log::requesting ocsp status from::YES
+moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon::cat /var/log/daemon.log::certificate was revoked on::YES
+moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature failed
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat
index a3a1df194..5bb322acc 100644
--- a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat
@@ -1,6 +1,10 @@
-moon::cat /var/log/daemon.log::received valid http response::YES
-carol::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::certificate is good::YES
-carol::cat /var/log/daemon.log::certificate is good::YES
+moon::cat /var/log/daemon.log::requesting ocsp status::YES
+moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon::cat /var/log/daemon.log::ocsp response is valid::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
+carol::cat /var/log/daemon.log::requesting ocsp status::YES
+carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+carol::cat /var/log/daemon.log::ocsp response is valid::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES
 carol::ipsec status::home.*ESTABLISHED::YES
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/description.txt b/testing/tests/ikev2/ocsp-signer-cert/description.txt
index 492a9882b..7c7efb68e 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/description.txt
+++ b/testing/tests/ikev2/ocsp-signer-cert/description.txt
@@ -4,7 +4,7 @@ is checked via the OCSP server <b>winnetou</b> which possesses an OCSP signer ce
 issued by the strongSwan CA. This certificate contains an <b>OCSPSigning</b>
 extended key usage flag. <b>carol</b>'s certificate includes an <b>OCSP URI</b>
 in an authority information access extension pointing to <b>winnetou</b>. 
-Therefore no special ca section information is needed in ipsec.conf.
+Therefore no special ca section information is needed in moon's ipsec.conf.
 <p>
 <b>carol</b> can successfully initiate an IPsec connection to <b>moon</b> since
 the status of both certificates is <b>good</b>.
diff --git a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
index 4a8ffd412..f8bf0326a 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat
@@ -1,13 +1,12 @@
-moon::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
 carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::received valid http response::YES
-carol::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
-carol::cat /var/log/daemon.log::received ocsp signer certificate is trusted::YES
-moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES
-moon::cat /var/log/daemon.log::certificate is good::YES
-carol::cat /var/log/daemon.log::certificate is good::YES
+moon::cat /var/log/daemon.log::requesting ocsp status::YES
+moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+moon::cat /var/log/daemon.log::ocsp response is valid::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
+carol::cat /var/log/daemon.log::requesting ocsp status::YES
+carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES
+carol::cat /var/log/daemon.log::ocsp response is valid::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES
 carol::ipsec status::home.*ESTABLISHED::YES
 
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
index f8abd6b59..4011a6c17 100755
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf
@@ -5,6 +5,11 @@ config setup
 	strictcrlpolicy=yes
 	plutostart=no
 
+ca strongswan
+	cacert=strongswanCert.pem
+	ocspuri=http://ocsp.strongswan.org:8880
+	auto=add
+
 conn %default
 	keyexchange=ikev2
 	ikelifetime=60m
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
index 48f24aa8f..9f20ee81c 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat
@@ -1,6 +1,7 @@
 moon::cat /var/log/daemon.log::authentication of.*carol.*successful::YES
-moon::cat /var/log/daemon.log::http post request using libcurl failed::YES
-moon::cat /var/log/daemon.log::authentication of.*dave.*failed::YES
+moon::cat /var/log/daemon.log::libcurl http request failed::YES
+moon::cat /var/log/daemon.log::certificate status is not available::YES
+moon::cat /var/log/daemon.log::constraint check failed.*VALIDATION_FAILED.*VALIDATION_SKIPPED::YES
 moon::ipsec status::ESTABLISHED.*carol::YES
 moon::ipsec status::ESTABLISHED.*dave::NO
 carol::ipsec status::ESTABLISHED::YES
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat
index 4c4059810..777c32699 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat
@@ -1,9 +1,13 @@
-moon::cat /var/log/daemon.log::http post request using libcurl failed::YES
-carol::cat /var/log/daemon.log::http post request using libcurl failed::YES
-moon::cat /var/log/daemon.log::received valid http response::YES
-carol::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::certificate is good::YES
-carol::cat /var/log/daemon.log::certificate is good::YES
+moon::cat /var/log/daemon.log::libcurl http request failed::YES
+moon::cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES
+moon::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES
+moon::cat /var/log/daemon.log::ocsp response is valid::YES
+moon::cat /var/log/daemon.log::certificate status is good::YES
+carol::cat /var/log/daemon.log::libcurl http request failed::YES
+carol::cat /var/log/daemon.log::ocsp request to.*bob.strongswan.org:8800.*failed::YES
+carol::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES
+carol::cat /var/log/daemon.log::ocsp response is valid::YES
+carol::cat /var/log/daemon.log::certificate status is good::YES
 moon::ipsec status::rw.*ESTABLISHED::YES
 carol::ipsec status::home.*ESTABLISHED::YES
 
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
index d95a322bd..ff312cc6b 100755
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf
@@ -7,7 +7,8 @@ config setup
 
 ca strongswan-ca
 	cacert=strongswanCert.pem
-        ocspuri2=http://bob.strongswan.org:8800
+        ocspuri1=http://bob.strongswan.org:8800
+	ocspuri2=http://ocsp.strongswan.org:8880
 	auto=add
 			
 conn %default
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat
index c9c09a72f..1b281507b 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat
@@ -1,5 +1,6 @@
-moon::cat /var/log/daemon.log::http post request using libcurl failed::YES
-moon::cat /var/log/daemon.log::certificate status unknown::YES
+moon::cat /var/log/daemon.log::libcurl http request failed::YES
+moon::cat /var/log/daemon.log::certificate status is not available::YES
+moon::cat /var/log/daemon.log::constraint check failed::YES
 carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
index a0b6d681f..b47403756 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat
@@ -1,5 +1,7 @@
-moon::cat /var/log/daemon.log::received valid http response::YES
-moon::cat /var/log/daemon.log::received ocsp signer certificate is not trusted - rejected::YES
-moon::cat /var/log/daemon.log::certificate status unknown::YES
+moon::cat /var/log/daemon.log::requesting ocsp status from::YES
+moon::cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES
+moon::cat /var/log/daemon.log::ocsp response verification failed::YES
+moon::cat /var/log/daemon.log::certificate status is not available::YES
+moon::cat /var/log/daemon.log::constraint check failed.*VALIDATION_FAILED.*VALIDATION_GOOD::YES
 moon::ipsec status::rw.*ESTABLISHED::NO
 carol::ipsec status::home.*ESTABLISHED::NO
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat
index c6d6235f9..1af117cf0 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat
@@ -1,2 +1,3 @@
 moon::ipsec stop
 carol::ipsec stop
+moon::iptables -F
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
index d92333d86..afb64c3ed 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
@@ -1,3 +1,4 @@
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
 moon::ipsec start
 carol::ipsec start
 carol::sleep 2
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf
index c2fe02639..2af93a313 100755
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/ipsec.conf
@@ -19,5 +19,4 @@ conn home
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
-	rightsendcert=never
 	auto=add
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f699d5e27
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke fips-prf eapaka
+}
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf
index dbf38160f..140e88912 100755
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf
@@ -20,5 +20,6 @@ conn rw-eapaka
 	leftcert=moonCert.pem
 	leftfirewall=yes
 	rightid=*@strongswan.org
+	rightsendcert=never
 	right=%any
 	auto=add
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f699d5e27
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke fips-prf eapaka
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/description.txt b/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
new file mode 100644
index 000000000..a2ac00d80
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
@@ -0,0 +1,7 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+<b>carol</b> uses the <i>Extensible Authentication Protocol</i>
+in association with an  <i>MD5</i> challenge and response protocol
+(<b>EAP-MD5</b>) to authenticate against the gateway. The user password
+is kept in <b>ipsec.secrets</b> on both gateway and client 
+Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate itself
+against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
new file mode 100644
index 000000000..5de841c03
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
@@ -0,0 +1,10 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+
+
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..2af93a313
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	authby=eap
+
+conn home
+	left=PH_IP_CAROL
+	leftnexthop=%direct
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..e03e89a0f
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp01qlpOgb"
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..3a359eff2
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke fips-prf eapmd5
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..78bc23b4c
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn rw-eapaka
+	authby=rsasig
+	eap=md5
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftcert=moonCert.pem
+	leftfirewall=yes
+	rightid=*@strongswan.org
+	rightsendcert=never
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..aa3838385
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : EAP "Ar3etTnp01qlpOgb"
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3a359eff2
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke fips-prf eapmd5
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/posttest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat
new file mode 100644
index 000000000..ed5498bfe
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/pretest.dat
@@ -0,0 +1,7 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1
+carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/test.conf b/testing/tests/ikev2/rw-eap-md5-rsa/test.conf
new file mode 100644
index 000000000..2bd21499b
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice carol moon"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf
index c2fe02639..2af93a313 100755
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf
@@ -19,5 +19,4 @@ conn home
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
-	rightsendcert=never
 	auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..8812814d6
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke fips-prf eapsim
+}
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
index 3f88b2ade..509deb945 100755
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf
@@ -21,4 +21,5 @@ conn rw-eapsim
 	leftfirewall=yes
 	rightid=*@strongswan.org
 	right=%any
+	rightsendcert=never
 	auto=add
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..8812814d6
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke fips-prf eapsim
+}
diff --git a/testing/tests/ikev2/rw-hash-and-url/description.txt b/testing/tests/ikev2/rw-hash-and-url/description.txt
new file mode 100644
index 000000000..5e748d75e
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Instead of the certificates themselves, "Hash and URL" certificate payloads
+are transferred and the certificates are fetched via http from web server <b>winnetou</b>.
+<p>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+</p>
diff --git a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
new file mode 100644
index 000000000..fe2a8d063
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat
@@ -0,0 +1,14 @@
+moon::cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES
+moon::cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES
+carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
+dave::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..77046eb7d
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+ca strongswan
+	cacert=strongswanCert.pem
+	certuribase=http://winnetou.strongswan.org/certs/
+	auto=add
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	keyexchange=ikev2
+	auto=add
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..af0f9953b
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  hash_and_url = yes
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..febaf9be2
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+ca strongswan
+	cacert=strongswanCert.pem
+	certuribase=http://winnetou.strongswan.org/certs/
+	auto=add
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	keyexchange=ikev2
+	auto=add
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..af0f9953b
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  hash_and_url = yes
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..cbc60000a
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+ca strongswan
+	cacert=strongswanCert.pem
+	certuribase=http://winnetou.strongswan.org/certs/
+	auto=add
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	keyexchange=ikev2
+	auto=add
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..af0f9953b
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  hash_and_url = yes
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-hash-and-url/posttest.dat b/testing/tests/ikev2/rw-hash-and-url/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-hash-and-url/pretest.dat b/testing/tests/ikev2/rw-hash-and-url/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev2/rw-hash-and-url/test.conf b/testing/tests/ikev2/rw-hash-and-url/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev2/rw-hash-and-url/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..c252ebde6
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
index 1ce38fc6a..236684c57 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
@@ -3,7 +3,7 @@ moon::cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-
 moon::ipsec statusall::rw-psk.*INSTALLED::YES
 carol::ipsec statusall::home.*ESTABLISHED::YES
 moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES
-moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature::YES
+moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES
 moon::ipsec statusall::rw-rsasig.*INSTALLED::YES
 dave::ipsec statusall::home.*ESTABLISHED::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
index 8c7d2e9ea..0e5bd03db 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
+++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
@@ -1,6 +1,6 @@
 moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES
 moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES
-moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature::YES
+moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES
 moon::ipsec statusall::rw.*INSTALLED::YES
 carol::ipsec statusall::home.*ESTABLISHED::YES
 dave::ipsec statusall::home.*ESTABLISHED::YES
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf
index dc6f82923..da59dfdae 100755
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf
@@ -15,6 +15,7 @@ conn %default
 
 conn home
 	left=PH_IP_CAROL
+	leftsourceip=%config
 	leftid=carol@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf
index b09427d4c..f09d46c5b 100755
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf
@@ -15,6 +15,7 @@ conn %default
 
 conn home
 	left=PH_IP_DAVE
+	leftsourceip=%config
 	leftid=dave@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf
index a3bf042d4..fb4b9ed3a 100755
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf
@@ -17,5 +17,6 @@ conn rw
 	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
 	right=%any
+	rightsourceip=10.3.0.0/28
 	rightsendcert=never
 	auto=add
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat
index 3421c6e0f..0598e1fb2 100644
--- a/testing/tests/ikev2/two-certs/evaltest.dat
+++ b/testing/tests/ikev2/two-certs/evaltest.dat
@@ -1,6 +1,7 @@
-moon::cat /var/log/daemon.log::candidate peer certificate was not successfully verified::YES
-moon::cat /var/log/daemon.log::candidate peer certificate has a non-matching RSA public key::YES
-moon::cat /var/log/daemon.log::candidate peer certificate has a matching RSA public key::YES
+moon::cat /var/log/daemon.log::certificate was revoked::YES
+moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature successful::YES
+moon::cat /var/log/daemon.log::signature validation failed, looking for another key::YES
+moon::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with RSA signature successful::YES
 moon::ipsec statusall::carol.*ESTABLISHED::YES
 moon::ipsec statusall::dave.*ESTABLISHED::YES
 carol::ipsec statusall::home.*ESTABLISHED::YES
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/two-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/two-certs/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
index eb6feb6e2..8800c7ad5 100755
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	charondebug="cfg 2"
         crlcheckinterval=180
 	strictcrlpolicy=yes
 	plutostart=no
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ca22de61f
--- /dev/null
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}
-- 
cgit v1.2.3