From 518dd33c94e041db0444c7d1f33da363bb8e3faf Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 24 Mar 2016 11:59:32 +0100
Subject: Imported Upstream version 5.4.0
---
.../hosts/carol/etc/ipsec.conf | 23 --------
.../hosts/carol/etc/ipsec.secrets | 3 -
.../hosts/carol/etc/strongswan.conf | 20 ++++++-
.../hosts/carol/etc/swanctl/swanctl.conf | 35 ++++++++++++
.../hosts/dave/etc/ipsec.conf | 23 --------
.../hosts/dave/etc/ipsec.secrets | 3 -
.../hosts/dave/etc/strongswan.conf | 19 ++++++-
.../hosts/dave/etc/swanctl/swanctl.conf | 35 ++++++++++++
.../hosts/moon/etc/ipsec.conf | 34 ------------
.../hosts/moon/etc/ipsec.secrets | 6 --
.../hosts/moon/etc/strongswan.conf | 19 ++++++-
.../hosts/moon/etc/swanctl/swanctl.conf | 64 ++++++++++++++++++++++
12 files changed, 189 insertions(+), 95 deletions(-)
delete mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.conf
delete mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.secrets
create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/swanctl/swanctl.conf
delete mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.conf
delete mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.secrets
create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/swanctl/swanctl.conf
delete mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.conf
delete mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.secrets
create mode 100644 testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/swanctl/swanctl.conf
(limited to 'testing/tests/tnc/tnccs-20-server-retry/hosts')
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index a483d6df8..000000000
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- charondebug="tnc 3, imc 2"
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn home
- left=PH_IP_CAROL
- leftid=carol@strongswan.org
- leftauth=eap
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightauth=any
- rightsendcert=never
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 74942afda..000000000
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
index 85287fb51..7e51900a1 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
@@ -1,9 +1,27 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ tnc = 3
+ imc = 2
+ }
+ }
+}
+
+libtls {
+ suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
}
libimcv {
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..0f266dd93
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = eap-ttls
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = eap-ttls
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-modp3072
+ }
+ }
+ version = 2
+ send_certreq = no
+ proposals = aes128-sha256-modp3072
+ }
+}
+
+secrets {
+
+ eap {
+ id = carol@strongswan.org
+ secret = "Ar3etTnp"
+ }
+}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 11378131a..000000000
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- charondebug="tnc 3, imc 2"
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn home
- left=PH_IP_DAVE
- leftid=dave@strongswan.org
- leftauth=eap
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightauth=any
- rightsendcert=never
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index 5496df7ad..000000000
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
index f068d121e..4aeda6674 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
@@ -1,10 +1,23 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ tnc = 3
+ imc = 2
+ }
+ }
plugins {
tnc-imc {
preferred_language = ru , de, en
@@ -12,6 +25,10 @@ charon {
}
}
+libtls {
+ suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+}
+
libimcv {
plugins {
imc-test {
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..989ab88c7
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = eap-ttls
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = eap-ttls
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-modp3072
+ }
+ }
+ version = 2
+ send_certreq = no
+ proposals = aes128-sha256-modp3072
+ }
+}
+
+secrets {
+
+ eap {
+ id = dave@strongswan.org
+ secret = "W7R0g3do"
+ }
+}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index b1093d46d..000000000
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- charondebug="tnc 3, imv 2"
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn rw-allow
- rightgroups=allow
- leftsubnet=10.1.0.0/28
- also=rw-eap
- auto=add
-
-conn rw-isolate
- rightgroups=isolate
- leftsubnet=10.1.0.16/28
- also=rw-eap
- auto=add
-
-conn rw-eap
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftauth=eap-ttls
- leftfirewall=yes
- rightauth=eap-ttls
- rightid=*@strongswan.org
- rightsendcert=never
- right=%any
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2e277ccb0..000000000
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
index 009e2ef13..902e837f5 100644
--- a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,23 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ tnc = 3
+ imv = 2
+ }
+ }
plugins {
eap-ttls {
phase2_method = md5
@@ -14,6 +27,10 @@ charon {
}
}
+libtls {
+ suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+}
+
libimcv {
plugins {
imv-test {
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1238c1a91
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,64 @@
+connections {
+
+ rw-allow {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = eap-ttls
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = eap-ttls
+ id = *@strongswan.org
+ groups = allow
+ }
+ children {
+ rw-allow {
+ local_ts = 10.1.0.0/28
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-modp3072
+ }
+ }
+ version = 2
+ send_certreq = no
+ proposals = aes128-sha256-modp3072
+ }
+
+ rw-isolate {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = eap-ttls
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = eap-ttls
+ id = *@strongswan.org
+ groups = isolate
+ }
+ children {
+ rw-isolate {
+ local_ts = 10.1.0.16/28
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-modp3072
+ }
+ }
+ version = 2
+ send_certreq = no
+ proposals = aes128-sha256-modp3072
+ }
+}
+
+secrets {
+
+ eap-carol {
+ id = carol@strongswan.org
+ secret = "Ar3etTnp"
+ }
+ eap-dave {
+ id = dave@strongswan.org
+ secret = "W7R0g3do"
+ }
+}
--
cgit v1.2.3