From 518dd33c94e041db0444c7d1f33da363bb8e3faf Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Thu, 24 Mar 2016 11:59:32 +0100 Subject: Imported Upstream version 5.4.0 --- testing/tests/sql/net2net-cert/evaltest.dat | 6 ++---- .../tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql | 2 +- testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf | 2 +- .../sql/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf | 1 + testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql | 2 +- testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf | 2 +- .../tests/sql/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf | 1 + testing/tests/sql/net2net-cert/posttest.dat | 4 ++-- testing/tests/sql/net2net-cert/pretest.dat | 11 +++++------ testing/tests/sql/net2net-cert/test.conf | 4 ++++ 10 files changed, 19 insertions(+), 16 deletions(-) create mode 100644 testing/tests/sql/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf create mode 100644 testing/tests/sql/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf (limited to 'testing/tests/sql/net2net-cert') diff --git a/testing/tests/sql/net2net-cert/evaltest.dat b/testing/tests/sql/net2net-cert/evaltest.dat index f003f822f..5180ab31d 100644 --- a/testing/tests/sql/net2net-cert/evaltest.dat +++ b/testing/tests/sql/net2net-cert/evaltest.dat @@ -1,7 +1,5 @@ -moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES -sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES -moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +moon::swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES +sun:: swanctl --list-sas --raw 2> /dev/null::net-net.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_12.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql index d49fe4975..31641518d 100644 --- a/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/ipsec.d/data.sql @@ -117,7 +117,7 @@ INSERT INTO peer_configs ( INSERT INTO child_configs ( name, updown ) VALUES ( - 'net-net', 'ipsec _updown iptables' + 'net-net', '/usr/local/libexec/ipsec/_updown iptables' ); INSERT INTO peer_config_child_config ( diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf index 8b25be7aa..f5b531db9 100644 --- a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/db.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..6b5617317 --- /dev/null +++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# configuration is read from SQLite database diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql index 938e50753..47eabf2a8 100644 --- a/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/ipsec.d/data.sql @@ -117,7 +117,7 @@ INSERT INTO peer_configs ( INSERT INTO child_configs ( name, updown ) VALUES ( - 'net-net', 'ipsec _updown iptables' + 'net-net', '/usr/local/libexec/ipsec/_updown iptables' ); INSERT INTO peer_config_child_config ( diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf index 8b25be7aa..f5b531db9 100644 --- a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/db.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default updown sqlite sql + load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..6b5617317 --- /dev/null +++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# configuration is read from SQLite database diff --git a/testing/tests/sql/net2net-cert/posttest.dat b/testing/tests/sql/net2net-cert/posttest.dat index 1f7aa73a1..59badb867 100644 --- a/testing/tests/sql/net2net-cert/posttest.dat +++ b/testing/tests/sql/net2net-cert/posttest.dat @@ -1,4 +1,4 @@ -moon::ipsec stop -sun::ipsec stop +moon::service charon stop 2> /dev/null +sun::service charon stop 2> /dev/null moon::iptables-restore < /etc/iptables.flush sun::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/sql/net2net-cert/pretest.dat b/testing/tests/sql/net2net-cert/pretest.dat index 05fe277ce..6580e7604 100644 --- a/testing/tests/sql/net2net-cert/pretest.dat +++ b/testing/tests/sql/net2net-cert/pretest.dat @@ -1,12 +1,11 @@ -moon::rm /etc/ipsec.d/cacerts/* -sun::rm /etc/ipsec.d/cacerts/* moon::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql sun::cat /usr/local/share/strongswan/templates/database/sql/sqlite.sql /etc/ipsec.d/data.sql > /etc/db.d/ipsec.sql moon::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db sun::cat /etc/db.d/ipsec.sql | sqlite3 /etc/db.d/ipsec.db moon::iptables-restore < /etc/iptables.rules sun::iptables-restore < /etc/iptables.rules -moon::ipsec start -sun::ipsec start -moon::expect-connection net-net -moon::ipsec up net-net +moon::service charon start 2> /dev/null +sun::service charon start 2> /dev/null +moon::expect-connection net-net +sun::expect-connection net-net +moon::swanctl --initiate --child net-net 2> /dev/null diff --git a/testing/tests/sql/net2net-cert/test.conf b/testing/tests/sql/net2net-cert/test.conf index 1b7e280e8..a553c6a7e 100644 --- a/testing/tests/sql/net2net-cert/test.conf +++ b/testing/tests/sql/net2net-cert/test.conf @@ -23,3 +23,7 @@ IPSECHOSTS="moon sun" # Guest instances on which databases are used # DBHOSTS="$IPSECHOSTS" + +# charon controlled by swanctl +# +SWANCTL=1 -- cgit v1.2.3