From 1c088a8b6237ec67f63c23f97a0f2dc4e99af869 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Sun, 30 Mar 2008 08:31:24 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.1.11) --- testing/INSTALL | 8 ++++---- testing/Makefile.in | 2 ++ testing/scripts/build-umlrootfs | 7 ++++++- testing/scripts/kstart-umls | 8 +++++++- testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat | 1 + testing/tests/ikev2/rw-eap-sim-rsa/description.txt | 7 +++++++ testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat | 10 +++++++++ .../rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf | 23 +++++++++++++++++++++ .../hosts/carol/etc/ipsec.d/triplets.dat | 3 +++ .../ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf | 24 ++++++++++++++++++++++ .../hosts/moon/etc/ipsec.d/triplets.dat | 3 +++ testing/tests/ikev2/rw-eap-sim-rsa/posttest.dat | 4 ++++ testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat | 9 ++++++++ testing/tests/ikev2/rw-eap-sim-rsa/test.conf | 21 +++++++++++++++++++ 14 files changed, 124 insertions(+), 6 deletions(-) create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/description.txt create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat create mode 100755 testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat create mode 100755 testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/posttest.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat create mode 100644 testing/tests/ikev2/rw-eap-sim-rsa/test.conf (limited to 'testing') diff --git a/testing/INSTALL b/testing/INSTALL index 079bf7f41..39338b6bd 100644 --- a/testing/INSTALL +++ b/testing/INSTALL @@ -53,7 +53,7 @@ are required for the strongSwan testing environment: * A vanilla Linux kernel on which the UML kernel will be based on. We recommend the use of - http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.23.11.tar.bz2 + http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.2.tar.bz2 * Starting with Linux kernel 2.6.9 no patch must be applied any more in order to make the vanilla kernel UML-capable. For older kernels you'll find @@ -63,7 +63,7 @@ are required for the strongSwan testing environment: * The matching .config file required to compile the UML kernel: - http://download.strongswan.org/uml/.config-2.6.23 + http://download.strongswan.org/uml/.config-2.6.24 * A gentoo-based UML file system (compressed size 130 MBytes) found at @@ -71,7 +71,7 @@ are required for the strongSwan testing environment: * The latest strongSwan distribution - http://download.strongswan.org/strongswan-4.1.10.tar.gz + http://download.strongswan.org/strongswan-4.1.11.tar.gz 3. Creating the environment @@ -146,5 +146,5 @@ README document. ----------------------------------------------------------------------------- -This file is RCSID $Id: INSTALL 3410 2007-12-19 21:01:19Z andreas $ +This file is RCSID $Id: INSTALL 3472 2008-02-14 21:26:21Z andreas $ diff --git a/testing/Makefile.in b/testing/Makefile.in index 234607599..d132220fb 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -163,11 +163,13 @@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ +plugindir = @plugindir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ +simreader = @simreader@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index b205f62a6..48d74950f 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: build-umlrootfs 3404 2007-12-19 00:47:56Z andreas $ +# RCSID $Id: build-umlrootfs 3471 2008-02-14 21:25:38Z andreas $ DIR=`dirname $0` @@ -146,6 +146,11 @@ then echo -n " --enable-eap-aka" >> $INSTALLSHELL fi +if [ "$USE_EAP_SIM" = "yes" ] +then + echo -n " --enable-eap-sim" >> $INSTALLSHELL + fi + if [ "$USE_P2P" = "yes" ] then echo -n " --enable-p2p" >> $INSTALLSHELL diff --git a/testing/scripts/kstart-umls b/testing/scripts/kstart-umls index 91ec00b60..b953ddeac 100755 --- a/testing/scripts/kstart-umls +++ b/testing/scripts/kstart-umls @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: kstart-umls 3273 2007-10-08 20:18:34Z andreas $ +# RCSID $Id: kstart-umls 3470 2008-02-14 21:24:54Z andreas $ DIR=`dirname $0` @@ -116,6 +116,12 @@ do else cgecho "up" fi + + if [ "$host" = "alice" ] + then + eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`" + ssh $ipv4_alice /etc/init.d/net.eth1 stop + fi done cecho " * All uml instances are up now" diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat b/testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat index f5aa989fe..89e487ad3 100644 --- a/testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat +++ b/testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat @@ -2,3 +2,4 @@ carol::ipsec start moon::ipsec start carol::sleep 2 carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/description.txt b/testing/tests/ikev2/rw-eap-sim-rsa/description.txt new file mode 100644 index 000000000..5fc75e1b1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/description.txt @@ -0,0 +1,7 @@ +The roadwarrior carol sets up a connection to gateway moon. +carol uses the Extensible Authentication Protocol +in association with a GSM Subscriber Identity Module (EAP-SIM) +to authenticate against the gateway. In this scenario triplets from the file +/etc/ipsec.d/triplets.dat are used instead of a physical SIM card. +Gateway moon additionaly uses an RSA signature to authenticate +itself against carol. diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat new file mode 100644 index 000000000..194434a1e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat @@ -0,0 +1,10 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-eapsim.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES + + diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..c2fe02639 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + authby=eap + +conn home + left=PH_IP_CAROL + leftnexthop=%direct + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + rightsendcert=never + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat new file mode 100644 index 000000000..759585439 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/ipsec.d/triplets.dat @@ -0,0 +1,3 @@ +moon.strongswan.org,100,210,310 +moon.strongswan.org,200,220,320 +moon.strongswan.org,300,230,330 diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..3f88b2ade --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eapsim + authby=rsasig + eap=sim + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftcert=moonCert.pem + leftfirewall=yes + rightid=*@strongswan.org + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat new file mode 100644 index 000000000..b15a1dd72 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.d/triplets.dat @@ -0,0 +1,3 @@ +carol@strongswan.org,100,210,310 +carol@strongswan.org,200,220,320 +carol@strongswan.org,300,230,330 diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/posttest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat new file mode 100644 index 000000000..23c7a62b2 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/pretest.dat @@ -0,0 +1,9 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::cat /etc/ipsec.d/triplets.dat +carol::cat /etc/ipsec.d/triplets.dat +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/test.conf b/testing/tests/ikev2/rw-eap-sim-rsa/test.conf new file mode 100644 index 000000000..2bd21499b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-rsa/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice carol moon" + +# Corresponding block diagram +# +DIAGRAM="a-m-c.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" -- cgit v1.2.3