diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-11-10 16:12:29 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-15 17:24:04 +0100 |
| commit | ce4aebe00abfeb0bcaa6c5bf04c0524ed5ee4743 (patch) | |
| tree | 6669ce5a4d559fdbc45d0bfc34f75d356da0f121 | |
| parent | d24d26c4bc9e9a1d0554f5a1b521bda75d9d2211 (diff) | |
| download | strongswan-ce4aebe00abfeb0bcaa6c5bf04c0524ed5ee4743.tar.bz2 strongswan-ce4aebe00abfeb0bcaa6c5bf04c0524ed5ee4743.tar.xz | |
testing: Configure logging via syslog in strongswan.conf
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
98 files changed, 269 insertions, 167 deletions
diff --git a/testing/hosts/default/etc/strongswan.conf.testing b/testing/hosts/default/etc/strongswan.conf.testing index 1960be169..604769a49 100644 --- a/testing/hosts/default/etc/strongswan.conf.testing +++ b/testing/hosts/default/etc/strongswan.conf.testing @@ -7,8 +7,6 @@ charon { xfrm_acq_expires = 60 } } -} -charon-systemd { syslog { daemon { } diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf index d6e251dba..0ddecec94 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 3" - conn %default keyexchange=ikev1 ike=aes128-sha256-modp3072! diff --git a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf index 02ae5affa..7e78d0431 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 3 + } + } } diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf index 7c0490d59..40327a9ec 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 3" - conn %default keyexchange=ikev1 ike=aes128-sha256-modp3072! diff --git a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf index 02ae5affa..7e78d0431 100644 --- a/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 3 + } + } } diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf index 4fcff4a89..6c4ad62fc 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf index 02ae5affa..ca7ff4f59 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 2 + } + } } diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf index 2e81bfd04..1bf040c21 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf index 02ae5affa..ca7ff4f59 100644 --- a/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 2 + } + } } diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf index 218c9f155..a725ea7da 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="ike 4, lib 4" - conn %default ikelifetime=60m keylife=20m @@ -13,7 +10,7 @@ conn %default esp=aes256-sha512! mobike=no -conn net-net +conn net-net left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 38df6a919..759b92285 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -6,6 +6,12 @@ charon { multiple_authentication = no send_vendor_id = yes + syslog { + daemon { + ike = 4 + lib = 4 + } + } plugins { ntru { parameter_set = optimum diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf index ce610b6a3..5cadaccc9 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/ipsec.conf @@ -1,19 +1,16 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="ike 4, lib 4" - conn %default ikelifetime=60m keylife=20m rekeymargin=3m - keyingtries=1 + keyingtries=1 keyexchange=ikev1 ike=aes256-sha512-ntru256! esp=aes256-sha512! mobike=no -conn net-net +conn net-net left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org diff --git a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index 7a578d242..04da33fd6 100644 --- a/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev1/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -5,4 +5,10 @@ charon { multiple_authentication = no send_vendor_id = yes + syslog { + daemon { + ike = 4 + lib = 4 + } + } } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf index 77ed2c0c9..afa1641c5 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="job 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf index af5fa19ef..cf4c1eba4 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf @@ -2,4 +2,9 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + syslog { + daemon { + job = 2 + } + } } diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf index 82a8f38c5..51a2e5758 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="job 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf index 93f434598..f09c27902 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf @@ -2,4 +2,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + syslog { + daemon { + job = 2 + } + } } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf index 89674b2a1..7456a9d8a 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf index d69a7b808..99d3c61d9 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -2,4 +2,9 @@ charon { load = random nonce aes blowfish md5 sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown + syslog { + daemon { + cfg = 2 + } + } } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf index 82804a0fe..3c0578d4b 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index a3c9999f7..99a0e8940 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -2,4 +2,9 @@ charon { load = random nonce blowfish sha1 sha2 pem pkcs1 gmp curl x509 revocation hmac stroke kernel-netlink socket-default updown + syslog { + daemon { + cfg = 2 + } + } } diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf index aac963e91..eee4e6edc 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m @@ -10,7 +7,7 @@ conn %default keyingtries=1 keyexchange=ikev2 -conn alice +conn alice rightid=alice@strongswan.org mark=10/0xffffffff also=sun diff --git a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf index 93f434598..9691dd22f 100644 --- a/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf @@ -2,4 +2,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf index 7af65a55d..e8eaa4887 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 2" - conn %default keyexchange=ikev2 ike=aes128-sha256-modp3072! diff --git a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf index 02ae5affa..ca7ff4f59 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf index 82da6cb7a..95e90fd09 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 2" - conn %default keyexchange=ikev2 ike=aes128-sha256-modp3072! diff --git a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf index 02ae5affa..ca7ff4f59 100644 --- a/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf index 8cce0c957..71f5442c0 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 2" - conn %default ikelifetime=60m keylife=20m @@ -13,7 +10,7 @@ conn %default esp=aes128-sha256-esn-noesn! mobike=no -conn net-net +conn net-net left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf index 02ae5affa..ca7ff4f59 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf index 1fd5ddb03..9e0df8111 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf @@ -1,19 +1,16 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2, knl 2" - conn %default ikelifetime=60m keylife=20m rekeymargin=3m - keyingtries=1 + keyingtries=1 keyexchange=ikev2 ike=aes128-sha256-modp3072! esp=aes128-sha256-esn! mobike=no -conn net-net +conn net-net left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf index 02ae5affa..ca7ff4f59 100644 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf @@ -3,4 +3,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf index 01d114dd9..4251ecd68 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="ike 4, lib 4" - conn %default ikelifetime=60m keylife=20m @@ -13,7 +10,7 @@ conn %default esp=aes128-sha256! mobike=no -conn net-net +conn net-net left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf index 49077484a..2dd0446ce 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf @@ -6,9 +6,15 @@ charon { multiple_authentication = no send_vendor_id = yes + syslog { + daemon { + ike = 4 + lib = 4 + } + } plugins { ntru { - parameter_set = x9_98_bandwidth + parameter_set = x9_98_bandwidth } } } diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf index e57bec965..449ee7989 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/ipsec.conf @@ -1,19 +1,16 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="ike 4, lib 4" - conn %default ikelifetime=60m keylife=20m rekeymargin=3m - keyingtries=1 + keyingtries=1 keyexchange=ikev2 ike=aes128-sha256-ntru128! esp=aes128-sha256! mobike=no -conn net-net +conn net-net left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org diff --git a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf index 1dcbd6c27..2dd0446ce 100644 --- a/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf @@ -6,6 +6,12 @@ charon { multiple_authentication = no send_vendor_id = yes + syslog { + daemon { + ike = 4 + lib = 4 + } + } plugins { ntru { parameter_set = x9_98_bandwidth diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf index 9da45bcba..f29a8b2a2 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="ike 4, lib 4" - conn %default ikelifetime=60m keylife=20m @@ -13,7 +10,7 @@ conn %default esp=aes256-sha512! mobike=no -conn net-net +conn net-net left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf index 38df6a919..759b92285 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/moon/etc/strongswan.conf @@ -6,6 +6,12 @@ charon { multiple_authentication = no send_vendor_id = yes + syslog { + daemon { + ike = 4 + lib = 4 + } + } plugins { ntru { parameter_set = optimum diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf index 50be98057..76fbc8024 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/ipsec.conf @@ -1,19 +1,16 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="ike 4, lib 4" - conn %default ikelifetime=60m keylife=20m rekeymargin=3m - keyingtries=1 + keyingtries=1 keyexchange=ikev2 ike=aes256-sha512-ntru256! esp=aes256-sha512! mobike=no -conn net-net +conn net-net left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org diff --git a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf index 0b31f738c..d461bda50 100644 --- a/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-ntru-cert/hosts/sun/etc/strongswan.conf @@ -4,4 +4,10 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no send_vendor_id = yes + syslog { + daemon { + ike = 4 + lib = 4 + } + } } diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf index aeaebe1f4..8c7918b80 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m @@ -25,7 +22,7 @@ conn dscp-ef also=net-net auto=add -conn net-net +conn net-net left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftfirewall=yes diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf index 3cf8c8807..a0be3ce18 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf index 8b54476fd..3c4d0a07f 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf @@ -1,13 +1,10 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m rekeymargin=3m - keyingtries=1 + keyingtries=1 keyexchange=ikev2 mobike=no @@ -25,7 +22,7 @@ conn dscp-ef also=net-net auto=add -conn net-net +conn net-net left=PH_IP_SUN leftsubnet=10.2.0.0/16 leftfirewall=yes diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf index 3cf8c8807..a0be3ce18 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 curve25519 hmac curl stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf index dcd98b4de..ec3daa00a 100644 --- a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m lifetime=10s diff --git a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf index 3dcbf76ea..8d26c1381 100644 --- a/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf @@ -4,4 +4,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown # remove rekeyed inbound SA a bit quicker for the test scenario delete_rekeyed_delay = 2 + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf index 9ba918893..ec7d9a79a 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2" - conn %default ikelifetime=60m keylife=20m @@ -11,7 +8,7 @@ conn %default keyexchange=ikev2 mobike=no -conn net-net +conn net-net left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf index 18ed6a4c4..c9a56d748 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + } + } } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf index d41e43a5c..cc86ebc0a 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf @@ -1,17 +1,14 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="cfg 2" - conn %default ikelifetime=60m keylife=20m rekeymargin=3m - keyingtries=1 + keyingtries=1 keyexchange=ikev2 mobike=no -conn net-net +conn net-net left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf index 18ed6a4c4..c9a56d748 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + cfg = 2 + } + } } diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf index a5c2cc5fc..cdcf4e6f2 100644 --- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf @@ -1,7 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf index af5fa19ef..6bc136a9b 100644 --- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf @@ -2,4 +2,9 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf index b7b27b720..10d92873d 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf index 6b0ab0dcc..58a2f2243 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf @@ -4,6 +4,11 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } plugins { eap-tls { max_message_count = 40 diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf index ee4bfd27d..0ab0c4772 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf index 6b0ab0dcc..58a2f2243 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf @@ -4,6 +4,11 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } plugins { eap-tls { max_message_count = 40 diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf index 5e06976d1..756e3835c 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf index 2261fc3e1..74881b5cf 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf @@ -4,4 +4,9 @@ charon { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf index 37fa2b435..4a645d741 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf index 8865bd52c..797d27cc2 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf @@ -4,6 +4,11 @@ charon { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } libtls { diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf index fc6f1e633..6aaeb160f 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf index 84d571482..ef5666914 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf @@ -3,6 +3,11 @@ charon { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } libtls { diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf index 8ff3c2ab6..576d2cb99 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf index 951002690..fa1febe0f 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf index 367c0b527..ba52ec31e 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf index 951002690..fa1febe0f 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf index cd93a48e7..738481257 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf index 242329b3b..02899fdb7 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf @@ -4,6 +4,11 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } plugins { eap-ttls { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf index 8ff3c2ab6..576d2cb99 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf index 951002690..fa1febe0f 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf index 367c0b527..ba52ec31e 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf index 951002690..fa1febe0f 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf index cd93a48e7..738481257 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf index 20afebf81..0ff7725ca 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/strongswan.conf @@ -4,6 +4,11 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } plugins { eap-ttls { phase2_method = md5 diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf index 5b1ac90a3..c18df1c73 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf index 1d380c409..443332acc 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf index 8aa168745..2b58fbfca 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf index 1d380c409..443332acc 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf index 4b549cbd5..f0094e4d7 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m @@ -10,7 +7,7 @@ conn %default keyingtries=1 keyexchange=ikev2 -conn alice +conn alice rightid=alice@strongswan.org mark_in=10/0xffffffff mark_out=11/0xffffffff diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf index 93f434598..9691dd22f 100644 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf @@ -2,4 +2,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf index a2d62296f..0e4eaa1ea 100644 --- a/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf index dbcd7d844..709e0c5e4 100644 --- a/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf index 3c7adfbf9..47792af99 100644 --- a/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf index 8d89cd0bb..5e900fd1b 100644 --- a/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf index 409bee2cb..650ebddd9 100644 --- a/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf index 8d89cd0bb..5e900fd1b 100644 --- a/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf index 71edc4c14..ef99cc768 100644 --- a/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf index 8d89cd0bb..5e900fd1b 100644 --- a/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf index c8f63bced..ee8cbcdef 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf index f2c60511b..f5b116b3b 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf @@ -3,4 +3,9 @@ charon { load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf index 28a5cad31..2236a5f71 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tls 2" - conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf index 7af4b4e37..4aa2068f4 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf @@ -3,6 +3,11 @@ charon { load = pem pkcs1 random nonce openssl curl revocation stroke kernel-netlink socket-default eap-tls updown multiple_authentication=no + syslog { + daemon { + tls = 2 + } + } } libtls { diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf index dcd98b4de..ec3daa00a 100644 --- a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/ipsec.conf @@ -1,8 +1,5 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="knl 2" - conn %default ikelifetime=60m lifetime=10s diff --git a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf index 4234eb134..855ba919d 100644 --- a/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf @@ -4,4 +4,9 @@ charon { load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown # remove rekeyed inbound SA a bit quicker for the test scenario delete_rekeyed_delay = 2 + syslog { + daemon { + knl = 2 + } + } } diff --git a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf index aa4934fb1..8fc1c8729 100644 --- a/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf @@ -4,7 +4,6 @@ charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown multiple_authentication = no - syslog { daemon { tnc = 3 diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf index 8e430843a..883f154b8 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf @@ -57,7 +57,7 @@ libimcv { } fw-2 { name = Firmware UVW for ARMv6 32 bit strongPrint OS 1.0 - patches = "security patch CVE-2014-1288 2014-01-01\r\nsecurity patch CVE-2014-1492 2014-02-01\r\nsecurity patch CVE-2014-1622 2014-05-01\r\nsecurity patch CVE-2014-2775 2014-07-01\r\n\security patch CVE-2014-4453 2014-08-01\r\nsecurity patch CVE-2014-6108 2014-11-01\r\nsecurity patch CVE-2015-0555 2015-01-01\r\nsecurity patch CVE-2015-4319 2015-07-01\r\n" + patches = "security patch CVE-2014-1288 2014-01-01\r\nsecurity patch CVE-2014-1492 2014-02-01\r\nsecurity patch CVE-2014-1622 2014-05-01\r\nsecurity patch CVE-2014-2775 2014-07-01\r\n\security patch CVE-2014-4453 2014-08-01\r\nsecurity patch CVE-2014-6108 2014-11-01\r\nsecurity patch CVE-2015-0555 2015-01-01\r\nsecurity patch CVE-2015-4319 2015-07-01\r\n" string_version = 13.8.5 version = 0000000D000000080000000500000000 } diff --git a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf index c2e722f10..7e049dc02 100644 --- a/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-mutual-eap-fail/hosts/sun/etc/strongswan.conf @@ -3,8 +3,7 @@ charon-systemd { load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown - multiple_authentication = no - + multiple_authentication = no syslog { daemon { tnc = 2 diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf index 33aa8e1d9..879a3cdac 100644 --- a/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf @@ -3,8 +3,7 @@ charon-systemd { load = random nonce x509 openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown - multiple_authentication = no - + multiple_authentication = no syslog { daemon { tnc = 2 diff --git a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf index 70ff6323f..a683ba77c 100644 --- a/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-os-pts/hosts/moon/etc/strongswan.conf @@ -5,7 +5,7 @@ charon-systemd { multiple_authentication = no - syslog { + syslog { daemon { tnc = 2 imv = 3 |