diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-06-18 14:35:36 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-06-18 14:35:36 +0200 |
| commit | 4402bae77d78f0fa4e36f73134e9f332b9ae324a (patch) | |
| tree | 5a5166a964b0dcf20df8284258fa2dfcba9a1d4d | |
| parent | 927dff236615007a773ddcd7df8e17256467b1f3 (diff) | |
| download | strongswan-4402bae77d78f0fa4e36f73134e9f332b9ae324a.tar.bz2 strongswan-4402bae77d78f0fa4e36f73134e9f332b9ae324a.tar.xz | |
Minor changes in swanctl scenarios
7 files changed, 8 insertions, 5 deletions
diff --git a/testing/tests/swanctl/ip-pool-db/description.txt b/testing/tests/swanctl/ip-pool-db/description.txt index 7bc4ef3ab..9774e573b 100755 --- a/testing/tests/swanctl/ip-pool-db/description.txt +++ b/testing/tests/swanctl/ip-pool-db/description.txt @@ -4,7 +4,7 @@ by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assi addresses from a pool named <b>bigpool</b> that was created in an SQL database by the command <b>ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0</b>. <p> -<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the +The updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively. diff --git a/testing/tests/swanctl/ip-pool/description.txt b/testing/tests/swanctl/ip-pool/description.txt index fc3f8c63a..23cab8e8f 100755 --- a/testing/tests/swanctl/ip-pool/description.txt +++ b/testing/tests/swanctl/ip-pool/description.txt @@ -4,7 +4,7 @@ by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assi IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously increasing order. <p> -<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass +<b>The updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively. diff --git a/testing/tests/swanctl/net2net-cert/description.txt b/testing/tests/swanctl/net2net-cert/description.txt index 6ab45c065..345769a5f 100755 --- a/testing/tests/swanctl/net2net-cert/description.txt +++ b/testing/tests/swanctl/net2net-cert/description.txt @@ -1,6 +1,6 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up. The authentication is based on <b>X.509 certificates</b>. Upon the successful -establishment of the IPsec tunnel, the updown scripts automatically +establishment of the IPsec tunnel, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf index 5dc5db5a3..2f0fd9da1 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf @@ -26,6 +26,7 @@ connections { } version = 2 + mobike = no reauth_time = 60m rekey_time = 20m proposals = aes128-sha256-modp2048 diff --git a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf index 66e4e29c7..e4c855621 100755 --- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf @@ -26,6 +26,7 @@ connections { } version = 2 + mobike = no reauth_time = 60m rekey_time = 20m proposals = aes128-sha256-modp2048 diff --git a/testing/tests/swanctl/rw-cert/description.txt b/testing/tests/swanctl/rw-cert/description.txt index 15b3822b5..6af7a39ae 100755 --- a/testing/tests/swanctl/rw-cert/description.txt +++ b/testing/tests/swanctl/rw-cert/description.txt @@ -1,6 +1,6 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>. -Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> +Upon the successful establishment of the IPsec tunnels, the updown script automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf index 782b81b49..c113620b3 100755 --- a/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf +++ b/testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf @@ -34,7 +34,8 @@ secrets { ike-moon { id = moon.strongswan.org - secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx + # hex value equal to base64 0sFpZAZqEN6Ti9sqt4ZP5EWcqx + secret = 0x16964066a10de938bdb2ab7864fe4459cab1 } } |