diff options
| author | Martin Willi <martin@strongswan.org> | 2006-05-18 06:02:28 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-05-18 06:02:28 +0000 |
| commit | b5e1560659f9e7e74299077c1456c29065dbb4c9 (patch) | |
| tree | 40b8e86f26c2879166e6a05b86e682b0eafcd893 | |
| parent | 1e93135408e9810cc10b2b10395b508d687bc819 (diff) | |
| download | strongswan-b5e1560659f9e7e74299077c1456c29065dbb4c9.tar.bz2 strongswan-b5e1560659f9e7e74299077c1456c29065dbb4c9.tar.xz | |
- applied andreas's patch
- logger output improvements
- testin gupdates
- and a lot more
151 files changed, 356 insertions, 211 deletions
diff --git a/configure.in b/configure.in index 9a610f623..e9d6f19c0 100644 --- a/configure.in +++ b/configure.in @@ -16,7 +16,7 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.0.0) +AC_INIT(strongSwan,4.0.1) AM_INIT_AUTOMAKE AC_C_BIGENDIAN AC_SUBST(ipsecdir, '${libexecdir}/ipsec') diff --git a/src/charon/config/connections/local_connection_store.c b/src/charon/config/connections/local_connection_store.c index 0ae18e0a7..a7e4d18f1 100644 --- a/src/charon/config/connections/local_connection_store.c +++ b/src/charon/config/connections/local_connection_store.c @@ -57,69 +57,84 @@ struct private_local_connection_store_t { */ static connection_t *get_connection_by_hosts(private_local_connection_store_t *this, host_t *my_host, host_t *other_host) { + typedef enum { + PRIO_UNDEFINED= 0x00, + PRIO_ADDR_ANY= 0x01, + PRIO_ADDR_MATCH= 0x02 + } prio_t; + + prio_t best_prio = PRIO_UNDEFINED; + iterator_t *iterator; - connection_t *current, *found = NULL; + connection_t *candidate; + connection_t *found = NULL; - this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", + this->logger->log(this->logger, CONTROL|LEVEL1, "searching connection for host pair %s...%s", my_host->get_address(my_host), other_host->get_address(other_host)); - + iterator = this->connections->create_iterator(this->connections, TRUE); + + /* determine closest matching connection */ while (iterator->has_next(iterator)) { - host_t *config_my_host, *config_other_host; + host_t *candidate_my_host; + host_t *candidate_other_host; - iterator->current(iterator, (void**)¤t); + iterator->current(iterator, (void**)&candidate); - config_my_host = current->get_my_host(current); - config_other_host = current->get_other_host(current); + candidate_my_host = candidate->get_my_host(candidate); + candidate_other_host = candidate->get_other_host(candidate); - /* first check if ip is equal */ - if(config_other_host->ip_equals(config_other_host, other_host)) + /* my_host addresses must match*/ + if (my_host->ip_equals(my_host, candidate_my_host)) { - this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", - config_other_host->get_address(config_other_host)); - /* could be right one, check my_host for default route*/ - if (config_my_host->is_default_route(config_my_host)) + prio_t prio = PRIO_UNDEFINED; + + /* exact match of peer host address or wildcard address? */ + if (other_host->ip_equals(other_host, candidate_other_host)) { - found = current->clone(current); - break; + prio |= PRIO_ADDR_MATCH; } - /* check now if host informations are the same */ - else if (config_my_host->ip_equals(config_my_host,my_host)) + else if (candidate_other_host->is_anyaddr(candidate_other_host)) { - found = current->clone(current); - break; + prio |= PRIO_ADDR_ANY; } - - } - /* Then check for wildcard hosts! - * TODO - * actually its only checked if other host with default route can be found! */ - else if (config_other_host->is_default_route(config_other_host)) - { - /* could be right one, check my_host for default route*/ - if (config_my_host->is_default_route(config_my_host)) - { - found = current->clone(current); - break; - } - /* check now if host informations are the same */ - else if (config_my_host->ip_equals(config_my_host,my_host)) + + this->logger->log(this->logger, CONTROL|LEVEL2, + "candidate connection \"%s\": %s...%s (prio=%d)", + candidate->get_name(candidate), + candidate_my_host->get_address(candidate_my_host), + candidate_other_host->get_address(candidate_other_host), + prio); + + if (prio > best_prio) { - found = current->clone(current); - break; - } + found = candidate; + best_prio = prio; + } } } iterator->destroy(iterator); - /* apply hosts as they are supplied since my_host may be %defaultroute, and other_host may be %any. */ if (found) { - found->update_my_host(found, my_host->clone(my_host)); - found->update_other_host(found, other_host->clone(other_host)); + host_t *found_my_host = found->get_my_host(found); + host_t *found_other_host = found->get_other_host(found); + + this->logger->log(this->logger, CONTROL|LEVEL1, + "found matching connection \"%s\": %s...%s (prio=%d)", + found->get_name(found), + found_my_host->get_address(found_my_host), + found_other_host->get_address(found_other_host), + best_prio); + + found = found->clone(found); + if (best_prio & PRIO_ADDR_ANY) + { + /* replace %any by the peer's address */ + found->update_other_host(found, other_host->clone(other_host)); + } } - return found; } diff --git a/src/charon/network/socket.c b/src/charon/network/socket.c index 4193e6fd8..89f67c964 100644 --- a/src/charon/network/socket.c +++ b/src/charon/network/socket.c @@ -390,11 +390,9 @@ static bool is_listening_on(private_socket_t *this, host_t *host) { iterator_t *iterator; - /* listening on 0.0.0.0 is always TRUE */ - if (host->is_default_route(host)) - { - return TRUE; - } + /* listening on wildcard 0.0.0.0 is always FALSE */ + if (host->is_anyaddr(host)) + return FALSE; /* compare host with all interfaces */ iterator = this->interfaces->create_iterator(this->interfaces, TRUE); diff --git a/src/charon/sa/ike_sa_manager.c b/src/charon/sa/ike_sa_manager.c index a65f41042..e6c8e4982 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/charon/sa/ike_sa_manager.c @@ -507,9 +507,9 @@ static status_t checkout_by_hosts(private_ike_sa_manager_t *this, host_t *me, ho sa_other = current->ike_sa->get_other_host(current->ike_sa); /* one end may be default/any, but not both */ - if (me->is_default_route(me)) + if (me->is_anyaddr(me)) { - if (other->is_default_route(other)) + if (other->is_anyaddr(other)) { break; } @@ -519,7 +519,7 @@ static status_t checkout_by_hosts(private_ike_sa_manager_t *this, host_t *me, ho ike_sa_id = current->ike_sa_id; } } - else if (other->is_default_route(other)) + else if (other->is_anyaddr(other)) { if (me->equals(me, sa_me)) { diff --git a/src/charon/threads/receiver.c b/src/charon/threads/receiver.c index 0cf8b7bde..598657724 100644 --- a/src/charon/threads/receiver.c +++ b/src/charon/threads/receiver.c @@ -74,7 +74,7 @@ static void receive_packets(private_receiver_t * this) /* cancellation disabled by default */ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); - this->logger->log(this->logger, CONTROL, "Receiver thread running, thread_id %u", (int)pthread_self()); + this->logger->log(this->logger, CONTROL, "receiver thread running, thread_ID: %06d", (int)pthread_self()); while (1) { diff --git a/src/charon/threads/scheduler.c b/src/charon/threads/scheduler.c index 47c5d6fb9..9bbe5c9b9 100644 --- a/src/charon/threads/scheduler.c +++ b/src/charon/threads/scheduler.c @@ -72,7 +72,7 @@ static void get_events(private_scheduler_t * this) /* cancellation disabled by default */ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); - this->logger->log(this->logger, CONTROL, "Scheduler thread running, thread_id %u", (int)pthread_self()); + this->logger->log(this->logger, CONTROL, "scheduler thread running, thread_ID: %06d", (int)pthread_self()); for (;;) { diff --git a/src/charon/threads/sender.c b/src/charon/threads/sender.c index 42d11beb9..4f5f7e117 100644 --- a/src/charon/threads/sender.c +++ b/src/charon/threads/sender.c @@ -73,7 +73,7 @@ static void send_packets(private_sender_t * this) /* cancellation disabled by default */ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); - this->logger->log(this->logger, CONTROL, "Sender thread running, thread_id %u", (int)pthread_self()); + this->logger->log(this->logger, CONTROL, "sender thread running, thread_ID: %06d", (int)pthread_self()); while (1) { diff --git a/src/charon/threads/stroke_interface.c b/src/charon/threads/stroke_interface.c index a9c55673b..f8db7ad8e 100755 --- a/src/charon/threads/stroke_interface.c +++ b/src/charon/threads/stroke_interface.c @@ -240,9 +240,6 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) my_id = cert->get_subject(cert); my_id = my_id->clone(my_id); cert->destroy(cert); - this->logger->log(this->logger, CONTROL, - "valid certificate with ID \"%s\"", - my_id->get_string(my_id)); } } if (msg->add_conn.other.cert) @@ -256,9 +253,6 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) other_id = cert->get_subject(cert); other_id = other_id->clone(other_id); cert->destroy(cert); - this->logger->log(this->logger, CONTROL, - "valid certificate with ID \"%s\"", - other_id->get_string(other_id)); } } @@ -278,8 +272,15 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0); proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0); connection->add_proposal(connection, proposal); + /* add to global connection list */ charon->connections->add_connection(charon->connections, connection); + this->logger->log(this->logger, CONTROL, "added connection \"%s\": %s[%s]...%s[%s]", + msg->add_conn.name, + my_host->get_address(my_host), + my_id->get_string(my_id), + other_host->get_address(other_host), + other_id->get_string(other_id)); policy = policy_create(my_id, other_id); proposal = proposal_create(1); @@ -289,10 +290,10 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg) policy->add_proposal(policy, proposal); policy->add_my_traffic_selector(policy, my_ts); policy->add_other_traffic_selector(policy, other_ts); + /* add to global policy list */ charon->policies->add_policy(charon->policies, policy); - this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, "connection \"%s\" added", msg->add_conn.name); } /** diff --git a/src/charon/threads/thread_pool.c b/src/charon/threads/thread_pool.c index 4482e795f..0a39c2e9e 100644 --- a/src/charon/threads/thread_pool.c +++ b/src/charon/threads/thread_pool.c @@ -144,7 +144,7 @@ static void process_jobs(private_thread_pool_t *this) /* cancellation disabled by default */ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); - this->worker_logger->log(this->worker_logger, CONTROL, "Worker thread running, thread_id: %u", (int)pthread_self()); + this->worker_logger->log(this->worker_logger, CONTROL, "worker thread running, thread_ID: %06d", (int)pthread_self()); for (;;) { @@ -600,7 +600,7 @@ thread_pool_t *thread_pool_create(size_t pool_size) { if (pthread_create(&(this->threads[current]), NULL, (void*(*)(void*))this->process_jobs, this) == 0) { - this->pool_logger->log(this->pool_logger, CONTROL, "Created worker thread #%d", current+1); + this->pool_logger->log(this->pool_logger, CONTROL, "created worker thread #%d", current+1); } else { diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index e9827a860..85e6e97b6 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -65,7 +65,7 @@ library.c \ types.c \ library.h -LDADD = -lgmp -lpthread +libstrongswan_la_LIBADD = -lgmp -lpthread INCLUDES = -I$(top_srcdir)/src/libstrongswan EXTRA_DIST = asn1/oid.txt asn1/oid.pl diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index b85dc07a5..53b69328a 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -77,21 +77,17 @@ static socklen_t *get_sockaddr_len(private_host_t *this) } /** - * Implementation of host_t.is_default_route. + * Implementation of host_t.is_anyaddr. */ -static bool is_default_route (private_host_t *this) +static bool is_anyaddr(private_host_t *this) { switch (this->family) { case AF_INET: { - static u_int8_t default_route[4] = {0x00,0x00,0x00,0x00}; + static u_int8_t default_route[4] = {0x00, 0x00, 0x00, 0x00}; - if (memcmp(default_route,&(this->address4.sin_addr.s_addr),4) == 0) - { - return TRUE; - } - return FALSE; + return !memcmp(default_route, &(this->address4.sin_addr.s_addr), 4); } default: { @@ -114,10 +110,12 @@ static char *get_address(private_host_t *this) /* we need to clone it, since inet_ntoa overwrites * internal buffer on subsequent calls */ - free(this->string); - string = inet_ntoa(this->address4.sin_addr); - this->string = malloc(strlen(string)+1); - strcpy(this->string, string); + if (this->string == NULL) + { + string = is_anyaddr(this)? "%any" : inet_ntoa(this->address4.sin_addr); + this->string = malloc(strlen(string)+1); + strcpy(this->string, string); + } return this->string; } default: @@ -275,7 +273,7 @@ static private_host_t *host_create_empty(void) this->public.get_port = (u_int16_t (*) (host_t *))get_port; this->public.ip_equals = (bool (*) (host_t *,host_t *)) ip_equals; this->public.equals = (bool (*) (host_t *,host_t *)) equals; - this->public.is_default_route = (bool (*) (host_t *)) is_default_route; + this->public.is_anyaddr = (bool (*) (host_t *)) is_anyaddr; this->public.destroy = (void (*) (host_t*))destroy; this->string = NULL; diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h index d81efffa6..0ca7d5738 100644 --- a/src/libstrongswan/utils/host.h +++ b/src/libstrongswan/utils/host.h @@ -126,7 +126,7 @@ struct host_t { * - TRUE if host has IP 0.0.0.0 for default route * - FALSE otherwise */ - bool (*is_default_route) (host_t *this); + bool (*is_anyaddr) (host_t *this); /** * @brief get the address of this host as chunk_t diff --git a/src/libstrongswan/utils/logger.c b/src/libstrongswan/utils/logger.c index 151fbfd50..728892b17 100644 --- a/src/libstrongswan/utils/logger.c +++ b/src/libstrongswan/utils/logger.c @@ -122,9 +122,9 @@ static void prepend_prefix(private_logger_t *this, log_level_t loglevel, const c if (this->log_thread_id) { - snprintf(thread_id, sizeof(thread_id), " @%d", (int)pthread_self()); + snprintf(thread_id, sizeof(thread_id), "%06d", (int)pthread_self()); } - snprintf(buffer, MAX_LOG, "[%c%c:%s]%s %s", log_type, log_details, this->name, thread_id, string); + snprintf(buffer, MAX_LOG, "%s[%c%c:%s] %s", thread_id, log_type, log_details, this->name, string); } /** @@ -200,7 +200,7 @@ static void log_bytes(private_logger_t *this, log_level_t loglevel, const char * if (this->log_thread_id) { - snprintf(thread_id, sizeof(thread_id), " @%d", (int)pthread_self()); + snprintf(thread_id, sizeof(thread_id), "%06d", (int)pthread_self()); } /* since me can't do multi-line output to syslog, @@ -244,11 +244,11 @@ static void log_bytes(private_logger_t *this, log_level_t loglevel, const char * if (this->output == NULL) { - syslog(get_priority(loglevel), "[ :%5d]%s %s %s", line_start, thread_id, buffer, ascii_buffer); + syslog(get_priority(loglevel), "%s[ :%5d] %s %s", thread_id, line_start, buffer, ascii_buffer); } else { - fprintf(this->output, "[ :%5d]%s %s %s\n", line_start, thread_id, buffer, ascii_buffer); + fprintf(this->output, "%s[ :%5d] %s %s\n", thread_id, line_start, buffer, ascii_buffer); } buffer_pos = buffer; line_start += MAX_BYTES; diff --git a/src/libstrongswan/utils/logger_manager.c b/src/libstrongswan/utils/logger_manager.c index 62956c7cd..bc093e7a7 100644 --- a/src/libstrongswan/utils/logger_manager.c +++ b/src/libstrongswan/utils/logger_manager.c @@ -66,14 +66,14 @@ struct { { "SAMGR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* IKE_SA_MANAGER */ { "CHDSA", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* CHILD_SA */ { "MESSG", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* MESSAGE */ - { "TPOOL", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* THREAD_POOL */ + { "TPOOL", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* THREAD_POOL */ { "WORKR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* WORKER */ - { "SCHED", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* SCHEDULER */ - { "SENDR", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* SENDER */ - { "RECVR", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* RECEIVER */ - { "SOCKT", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* SOCKET */ - { "TESTR", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* TESTER */ - { "DAEMN", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* DAEMON */ + { "SCHED", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* SCHEDULER */ + { "SENDR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* SENDER */ + { "RECVR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* RECEIVER */ + { "SOCKT", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* SOCKET */ + { "TESTR", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* TESTER */ + { "DAEMN", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* DAEMON */ { "CONFG", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* CONFIG */ { "ENCPL", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* ENCRYPTION_PAYLOAD */ { "PAYLD", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* PAYLOAD */ @@ -81,7 +81,7 @@ struct { { "DEREC", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* DER_ENCODER */ { "ASN_1", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* ASN1 */ { "XFRM ", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* XFRM */ - { "LEAKD", ERROR|CONTROL|AUDIT|LEVEL0, FALSE}, /* LEAK_DETECT */ + { "LEAKD", ERROR|CONTROL|AUDIT|LEVEL0, TRUE }, /* LEAK_DETECT */ }; diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index 075b88fd2..4bfb6031b 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * RCSID $Id: fetch.c,v 1.11 2005/11/25 10:08:00 as Exp $ + * RCSID $Id: fetch.c,v 1.12 2006/05/16 14:19:27 as Exp $ */ #include <stdlib.h> @@ -339,7 +339,7 @@ fetch_curl(char *url, chunk_t *blob) } curl_easy_cleanup(curl); /* not using freeanychunk because of realloc (no leak detective) */ - free(response.ptr); + curl_free(response.ptr); } return strlen(errorbuffer) > 0 ? "libcurl error" : NULL; #else /* !LIBCURL */ @@ -728,7 +728,7 @@ fetch_ocsp_status(ocsp_location_t* location) curl_easy_cleanup(curl); pfree(uri); /* not using freeanychunk because of realloc (no leak detective) */ - free(response.ptr); + curl_free(response.ptr); } freeanychunk(location->nonce); freeanychunk(request); diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index 1616fed28..fe19cc467 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -198,7 +198,10 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 4.0.0") + DEC_MD5_VID(STRONGSWAN, "strongSwan 4.0.1") + DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0") + + DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1") DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0") DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4") DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3") diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index 7c2030d76..c512560df 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -77,6 +77,9 @@ enum known_vendorid { VID_STRONGSWAN_2_6_3 = 56, VID_STRONGSWAN_2_6_4 = 57, VID_STRONGSWAN_2_7_0 = 58, + VID_STRONGSWAN_2_7_1 = 59, + + VID_STRONGSWAN_4_0_0 = 70, /* 101 - 200 : NAT-Traversal */ VID_NATT_STENBERG_01 =101, diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 9ef4b7577..67a0995a3 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -38,135 +38,136 @@ static char* push_string(stroke_msg_t **strm, char *string) { - stroke_msg_t *stroke_msg; - size_t string_length; - - if (string == NULL) - { - return NULL; - } - stroke_msg = *strm; - string_length = strlen(string) + 1; - stroke_msg->length += string_length; - - stroke_msg = realloc(stroke_msg, stroke_msg->length); - strcpy((char*)stroke_msg + stroke_msg->length - string_length, string); - - *strm = stroke_msg; - return (char*)(u_int)stroke_msg->length - string_length; + stroke_msg_t *stroke_msg; + size_t string_length; + + if (string == NULL) + { + return NULL; + } + stroke_msg = *strm; + string_length = strlen(string) + 1; + stroke_msg->length += string_length; + + stroke_msg = realloc(stroke_msg, stroke_msg->length); + strcpy((char*)stroke_msg + stroke_msg->length - string_length, string); + + *strm = stroke_msg; + return (char*)(u_int)stroke_msg->length - string_length; } static int send_stroke_msg (stroke_msg_t *msg) { - struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; - int sock; - int byte_count; - char buffer[64]; - - sock = socket(AF_UNIX, SOCK_STREAM, 0); - if (sock < 0) - { - plog("socket() failed: %s", strerror(errno)); - return -1; - } - if (connect(sock, (struct sockaddr *)&ctl_addr, - offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) - { - plog("connect(charon_ctl) failed: %s", strerror(errno)); - close(sock); - return -1; - } - - /* send message */ + struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE }; + int sock; + int byte_count; + char buffer[64]; + + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) + { + plog("socket() failed: %s", strerror(errno)); + return -1; + } + if (connect(sock, (struct sockaddr *)&ctl_addr, + offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0) + { + plog("connect(charon_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } + + /* send message */ if (write(sock, msg, msg->length) != msg->length) - { - plog("write(charon_ctl) failed: %s", strerror(errno)); + { + plog("write(charon_ctl) failed: %s", strerror(errno)); + close(sock); + return -1; + } + while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) + { + buffer[byte_count] = '\0'; + plog("%s", buffer); + } + if (byte_count < 0) + { + plog("read() failed: %s", strerror(errno)); + } + close(sock); - return -1; - } - while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) - { - buffer[byte_count] = '\0'; - plog("%s", buffer); - } - if (byte_count < 0) - { - plog("read() failed: %s", strerror(errno)); - } - - close(sock); - return 0; + return 0; } static char * connection_name(starter_conn_t *conn) { - /* if connection name is '%auto', create a new name like conn_xxxxx */ - static char buf[32]; - - if (streq(conn->name, "%auto")) - { - sprintf(buf, "conn_%ld", conn->id); - return buf; - } - return conn->name; + /* if connection name is '%auto', create a new name like conn_xxxxx */ + static char buf[32]; + + if (streq(conn->name, "%auto")) + { + sprintf(buf, "conn_%ld", conn->id); + return buf; + } + return conn->name; } int starter_stroke_add_conn(starter_conn_t *conn) { - stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); - int res; + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; - msg->length = sizeof(stroke_msg_t); - msg->type = STR_ADD_CONN; + msg->length = sizeof(stroke_msg_t); + msg->type = STR_ADD_CONN; - msg->add_conn.name = push_string(&msg, connection_name(conn)); + msg->add_conn.name = push_string(&msg, connection_name(conn)); - msg->add_conn.me.id = push_string(&msg, conn->left.id); - msg->add_conn.me.cert = push_string(&msg, conn->left.cert); - msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr)); - msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr)); - msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits; + msg->add_conn.me.id = push_string(&msg, conn->left.id); + msg->add_conn.me.cert = push_string(&msg, conn->left.cert); + msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr)); + msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr)); + msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits; - msg->add_conn.other.id = push_string(&msg, conn->right.id); - msg->add_conn.other.cert = push_string(&msg, conn->right.cert); - msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr)); - msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr)); - msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits; + msg->add_conn.other.id = push_string(&msg, conn->right.id); + msg->add_conn.other.cert = push_string(&msg, conn->right.cert); + msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr)); + msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr)); + msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits; - res = send_stroke_msg(msg); - free(msg); - return res; + res = send_stroke_msg(msg); + free(msg); + return res; } int starter_stroke_del_conn(starter_conn_t *conn) { - return 0; + return 0; } + int starter_stroke_route_conn(starter_conn_t *conn) { - stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); - int res; - - msg->length = sizeof(stroke_msg_t); - msg->type = STR_INSTALL; - msg->install.name = push_string(&msg, connection_name(conn)); - res = send_stroke_msg(msg); - free(msg); - return res; + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; + + msg->length = sizeof(stroke_msg_t); + msg->type = STR_INSTALL; + msg->install.name = push_string(&msg, connection_name(conn)); + res = send_stroke_msg(msg); + free(msg); + return res; } int starter_stroke_initiate_conn(starter_conn_t *conn) { - stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); - int res; - - msg->length = sizeof(stroke_msg_t); - msg->type = STR_INITIATE; - msg->initiate.name = push_string(&msg, connection_name(conn)); - res = send_stroke_msg(msg); - free(msg); - return res; + stroke_msg_t *msg = malloc(sizeof(stroke_msg_t)); + int res; + + msg->length = sizeof(stroke_msg_t); + msg->type = STR_INITIATE; + msg->initiate.name = push_string(&msg, connection_name(conn)); + res = send_stroke_msg(msg); + free(msg); + return res; } diff --git a/src/stroke/Makefile.am b/src/stroke/Makefile.am index 611f2a808..2f183495d 100644 --- a/src/stroke/Makefile.am +++ b/src/stroke/Makefile.am @@ -1,4 +1,3 @@ ipsec_PROGRAMS = stroke stroke_SOURCES = stroke.c stroke.h -stroke_INCLUDES = -I$(top_srcdir)/src/libstrongswan diff --git a/src/whack/Makefile.am b/src/whack/Makefile.am index 7eabef588..5583defc8 100644 --- a/src/whack/Makefile.am +++ b/src/whack/Makefile.am @@ -2,4 +2,4 @@ ipsec_PROGRAMS = whack whack_SOURCES = whack.c whack.h INCLUDES = -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto -LDADD = $(top_builddir)/src/libfreeswan/libfreeswan.a +whack_LDADD = $(top_builddir)/src/libfreeswan/libfreeswan.a diff --git a/testing/hosts/alice/etc/ipsec.conf b/testing/hosts/alice/etc/ipsec.conf index d6cdbba7b..da909d8ac 100755 --- a/testing/hosts/alice/etc/ipsec.conf +++ b/testing/hosts/alice/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/hosts/bob/etc/ipsec.conf b/testing/hosts/bob/etc/ipsec.conf index cdef4e042..0bbd405f6 100755 --- a/testing/hosts/bob/etc/ipsec.conf +++ b/testing/hosts/bob/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/hosts/carol/etc/ipsec.conf b/testing/hosts/carol/etc/ipsec.conf index 3228f4e16..656ef7012 100755 --- a/testing/hosts/carol/etc/ipsec.conf +++ b/testing/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/hosts/dave/etc/ipsec.conf b/testing/hosts/dave/etc/ipsec.conf index 76623491c..781322761 100755 --- a/testing/hosts/dave/etc/ipsec.conf +++ b/testing/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/hosts/moon/etc/ipsec.conf b/testing/hosts/moon/etc/ipsec.conf index a0e97e057..a230d3cbb 100755 --- a/testing/hosts/moon/etc/ipsec.conf +++ b/testing/hosts/moon/etc/ipsec.conf @@ -6,13 +6,14 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 - left=192.168.0.1 + left=PH_IP_MOON leftnexthop=%direct leftcert=moonCert.pem leftid=@moon.strongswan.org @@ -20,13 +21,13 @@ conn %default conn net-net leftsubnet=10.1.0.0/16 - right=192.168.0.2 + right=PH_IP_SUN rightsubnet=10.2.0.0/16 rightid=@sun.strongswan.org auto=add conn host-host - right=192.168.0.2 + right=PH_IP_SUN rightid=@sun.strongswan.org auto=add diff --git a/testing/hosts/sun/etc/ipsec.conf b/testing/hosts/sun/etc/ipsec.conf index 4d0299a08..f09aa76cf 100755 --- a/testing/hosts/sun/etc/ipsec.conf +++ b/testing/hosts/sun/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/hosts/venus/etc/ipsec.conf b/testing/hosts/venus/etc/ipsec.conf index 35f264f82..f5be61bb2 100755 --- a/testing/hosts/venus/etc/ipsec.conf +++ b/testing/hosts/venus/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/testing.conf b/testing/testing.conf index 92a138288..d3ed1129a 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -21,7 +21,7 @@ UMLTESTDIR=~/strongswan-testing # Bzipped kernel sources # (file extension .tar.bz2 required) -KERNEL=$UMLTESTDIR/linux-2.6.16.9.tar.bz2 +KERNEL=$UMLTESTDIR/linux-2.6.16.16.tar.bz2 # Extract kernel version KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'` @@ -34,7 +34,7 @@ KERNELCONFIG=$UMLTESTDIR/.config-2.6.16 UMLPATCH= # Bzipped source of strongSwan -STRONGSWAN=$UMLTESTDIR/strongswan-2.7.0.tar.bz2 +STRONGSWAN=$UMLTESTDIR/strongswan-4.0.1.tar.bz2 # strongSwan compile options (use "yes" or "no") USE_LIBCURL="yes" diff --git a/testing/tests/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/alg-blowfish/hosts/carol/etc/ipsec.conf index fa68c9d3d..82b466a0b 100755 --- a/testing/tests/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/alg-blowfish/hosts/moon/etc/ipsec.conf index 39916a7ba..77a72f200 100755 --- a/testing/tests/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/alg-serpent/hosts/carol/etc/ipsec.conf b/testing/tests/alg-serpent/hosts/carol/etc/ipsec.conf index 5d2369924..e814499cb 100755 --- a/testing/tests/alg-serpent/hosts/carol/etc/ipsec.conf +++ b/testing/tests/alg-serpent/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/alg-serpent/hosts/moon/etc/ipsec.conf b/testing/tests/alg-serpent/hosts/moon/etc/ipsec.conf index 7bdddf008..f53cdf21a 100755 --- a/testing/tests/alg-serpent/hosts/moon/etc/ipsec.conf +++ b/testing/tests/alg-serpent/hosts/moon/etc/ipsec.conf @@ -6,7 +6,8 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no - + charonstart=no + conn %default ikelifetime=60m keylife=20m diff --git a/testing/tests/alg-sha2_256/hosts/carol/etc/ipsec.conf b/testing/tests/alg-sha2_256/hosts/carol/etc/ipsec.conf index c55ae8ab1..a90e07444 100755 --- a/testing/tests/alg-sha2_256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/alg-sha2_256/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/alg-sha2_256/hosts/moon/etc/ipsec.conf b/testing/tests/alg-sha2_256/hosts/moon/etc/ipsec.conf index 748b1b85c..7cff7b3f3 100755 --- a/testing/tests/alg-sha2_256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/alg-sha2_256/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/alg-twofish/hosts/carol/etc/ipsec.conf b/testing/tests/alg-twofish/hosts/carol/etc/ipsec.conf index 8e3037a3b..1d6d3b29c 100755 --- a/testing/tests/alg-twofish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/alg-twofish/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/alg-twofish/hosts/moon/etc/ipsec.conf b/testing/tests/alg-twofish/hosts/moon/etc/ipsec.conf index 01004e94e..3467c495d 100755 --- a/testing/tests/alg-twofish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/alg-twofish/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/attr-cert/hosts/carol/etc/ipsec.conf b/testing/tests/attr-cert/hosts/carol/etc/ipsec.conf index 62fc49868..8f92ef45e 100755 --- a/testing/tests/attr-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/attr-cert/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/attr-cert/hosts/dave/etc/ipsec.conf b/testing/tests/attr-cert/hosts/dave/etc/ipsec.conf index 9d932dc54..b0d770016 100755 --- a/testing/tests/attr-cert/hosts/dave/etc/ipsec.conf +++ b/testing/tests/attr-cert/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/attr-cert/hosts/moon/etc/ipsec.conf b/testing/tests/attr-cert/hosts/moon/etc/ipsec.conf index bd72715ff..4a526f5f7 100755 --- a/testing/tests/attr-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/attr-cert/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/compress/hosts/carol/etc/ipsec.conf b/testing/tests/compress/hosts/carol/etc/ipsec.conf index 9462ba5e6..1c6cdbe82 100755 --- a/testing/tests/compress/hosts/carol/etc/ipsec.conf +++ b/testing/tests/compress/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/compress/hosts/moon/etc/ipsec.conf b/testing/tests/compress/hosts/moon/etc/ipsec.conf index b8dfae646..25d789a6d 100755 --- a/testing/tests/compress/hosts/moon/etc/ipsec.conf +++ b/testing/tests/compress/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-from-cache/hosts/carol/etc/ipsec.conf b/testing/tests/crl-from-cache/hosts/carol/etc/ipsec.conf index 93c4d7956..44930d30b 100755 --- a/testing/tests/crl-from-cache/hosts/carol/etc/ipsec.conf +++ b/testing/tests/crl-from-cache/hosts/carol/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-from-cache/hosts/moon/etc/ipsec.conf b/testing/tests/crl-from-cache/hosts/moon/etc/ipsec.conf index ef9237518..6b1d4c1e9 100755 --- a/testing/tests/crl-from-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/crl-from-cache/hosts/moon/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/crl-ldap/hosts/carol/etc/ipsec.conf index 669a47d06..f867d3c14 100755 --- a/testing/tests/crl-ldap/hosts/carol/etc/ipsec.conf +++ b/testing/tests/crl-ldap/hosts/carol/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/crl-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/crl-ldap/hosts/moon/etc/ipsec.conf index d5c0dd163..323500801 100755 --- a/testing/tests/crl-ldap/hosts/moon/etc/ipsec.conf +++ b/testing/tests/crl-ldap/hosts/moon/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/crl-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/crl-revoked/hosts/carol/etc/ipsec.conf index 5a1d246a6..b81adef9b 100755 --- a/testing/tests/crl-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/crl-revoked/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/crl-revoked/hosts/moon/etc/ipsec.conf index a8953f557..ac302a5a4 100755 --- a/testing/tests/crl-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/crl-revoked/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-strict/hosts/carol/etc/ipsec.conf b/testing/tests/crl-strict/hosts/carol/etc/ipsec.conf index 6d0aee86a..156ea9bb3 100755 --- a/testing/tests/crl-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/crl-strict/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-strict/hosts/moon/etc/ipsec.conf b/testing/tests/crl-strict/hosts/moon/etc/ipsec.conf index a8953f557..ac302a5a4 100755 --- a/testing/tests/crl-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/crl-strict/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-to-cache/hosts/carol/etc/ipsec.conf b/testing/tests/crl-to-cache/hosts/carol/etc/ipsec.conf index 955f08b1f..3a0ddd545 100755 --- a/testing/tests/crl-to-cache/hosts/carol/etc/ipsec.conf +++ b/testing/tests/crl-to-cache/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 cachecrls=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/crl-to-cache/hosts/moon/etc/ipsec.conf b/testing/tests/crl-to-cache/hosts/moon/etc/ipsec.conf index 885354ab5..d52084f21 100755 --- a/testing/tests/crl-to-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/crl-to-cache/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 cachecrls=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/default-keys/hosts/carol/etc/ipsec.conf index c4bb10a65..26ea4dfab 100755 --- a/testing/tests/default-keys/hosts/carol/etc/ipsec.conf +++ b/testing/tests/default-keys/hosts/carol/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=0 strictcrlpolicy=no nocrsend=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/default-keys/hosts/moon/etc/ipsec.conf index eeeec645b..52d0853e6 100755 --- a/testing/tests/default-keys/hosts/moon/etc/ipsec.conf +++ b/testing/tests/default-keys/hosts/moon/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=0 strictcrlpolicy=no nocrsend=yes + charonstart=no conn %default ikelifetime=60m @@ -15,7 +16,7 @@ conn %default keyingtries=1 conn carol - left=192.168.0.1 + left=PH_IP_MOON leftnexthop=%direct leftcert=selfCert.der leftsendcert=never diff --git a/testing/tests/double-nat-net/hosts/alice/etc/ipsec.conf b/testing/tests/double-nat-net/hosts/alice/etc/ipsec.conf index 395e62e7c..35ce73c77 100755 --- a/testing/tests/double-nat-net/hosts/alice/etc/ipsec.conf +++ b/testing/tests/double-nat-net/hosts/alice/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/double-nat-net/hosts/bob/etc/ipsec.conf b/testing/tests/double-nat-net/hosts/bob/etc/ipsec.conf index 6927a5ce4..6b2863b84 100755 --- a/testing/tests/double-nat-net/hosts/bob/etc/ipsec.conf +++ b/testing/tests/double-nat-net/hosts/bob/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/double-nat/hosts/alice/etc/ipsec.conf b/testing/tests/double-nat/hosts/alice/etc/ipsec.conf index 5b3cddb63..bba11a5f6 100755 --- a/testing/tests/double-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/double-nat/hosts/alice/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/dpd-clear/hosts/moon/etc/ipsec.conf b/testing/tests/dpd-clear/hosts/moon/etc/ipsec.conf index cac521c8f..641f2ae53 100755 --- a/testing/tests/dpd-clear/hosts/moon/etc/ipsec.conf +++ b/testing/tests/dpd-clear/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-ah-transport/hosts/carol/etc/ipsec.conf b/testing/tests/esp-ah-transport/hosts/carol/etc/ipsec.conf index 13ab3e07f..794186638 100755 --- a/testing/tests/esp-ah-transport/hosts/carol/etc/ipsec.conf +++ b/testing/tests/esp-ah-transport/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-ah-transport/hosts/moon/etc/ipsec.conf b/testing/tests/esp-ah-transport/hosts/moon/etc/ipsec.conf index 809f3c74b..926221f3e 100755 --- a/testing/tests/esp-ah-transport/hosts/moon/etc/ipsec.conf +++ b/testing/tests/esp-ah-transport/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-ah-tunnel/hosts/carol/etc/ipsec.conf b/testing/tests/esp-ah-tunnel/hosts/carol/etc/ipsec.conf index 98cdaab7a..655a0c186 100755 --- a/testing/tests/esp-ah-tunnel/hosts/carol/etc/ipsec.conf +++ b/testing/tests/esp-ah-tunnel/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-ah-tunnel/hosts/moon/etc/ipsec.conf b/testing/tests/esp-ah-tunnel/hosts/moon/etc/ipsec.conf index 7f976376d..446d1a7ad 100755 --- a/testing/tests/esp-ah-tunnel/hosts/moon/etc/ipsec.conf +++ b/testing/tests/esp-ah-tunnel/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-des/hosts/carol/etc/ipsec.conf b/testing/tests/esp-alg-des/hosts/carol/etc/ipsec.conf index b4f067b6d..ff74715eb 100755 --- a/testing/tests/esp-alg-des/hosts/carol/etc/ipsec.conf +++ b/testing/tests/esp-alg-des/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-des/hosts/moon/etc/ipsec.conf b/testing/tests/esp-alg-des/hosts/moon/etc/ipsec.conf index 9513f810d..300b8974f 100755 --- a/testing/tests/esp-alg-des/hosts/moon/etc/ipsec.conf +++ b/testing/tests/esp-alg-des/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/esp-alg-null/hosts/carol/etc/ipsec.conf index b732eba93..79202c043 100755 --- a/testing/tests/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/esp-alg-null/hosts/moon/etc/ipsec.conf index af11591a1..adbc542cb 100755 --- a/testing/tests/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf index ae8d2b772..da824ca1d 100755 --- a/testing/tests/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf +++ b/testing/tests/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf index 2dd1c763a..0d34ff225 100755 --- a/testing/tests/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf +++ b/testing/tests/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/esp-alg-strict/hosts/carol/etc/ipsec.conf index 5a14de070..f49e2ebb8 100755 --- a/testing/tests/esp-alg-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/esp-alg-strict/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/esp-alg-strict/hosts/moon/etc/ipsec.conf index 2dd1c763a..0d34ff225 100755 --- a/testing/tests/esp-alg-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/esp-alg-strict/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-weak/hosts/carol/etc/ipsec.conf b/testing/tests/esp-alg-weak/hosts/carol/etc/ipsec.conf index b4f067b6d..ff74715eb 100755 --- a/testing/tests/esp-alg-weak/hosts/carol/etc/ipsec.conf +++ b/testing/tests/esp-alg-weak/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/esp-alg-weak/hosts/moon/etc/ipsec.conf b/testing/tests/esp-alg-weak/hosts/moon/etc/ipsec.conf index 3f07213ae..735af8671 100755 --- a/testing/tests/esp-alg-weak/hosts/moon/etc/ipsec.conf +++ b/testing/tests/esp-alg-weak/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/host2host-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/host2host-swapped/hosts/moon/etc/ipsec.conf index 4b66a5ecb..a51b1b215 100755 --- a/testing/tests/host2host-swapped/hosts/moon/etc/ipsec.conf +++ b/testing/tests/host2host-swapped/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/host2host-swapped/hosts/sun/etc/ipsec.conf b/testing/tests/host2host-swapped/hosts/sun/etc/ipsec.conf index a58894b33..2605628c2 100755 --- a/testing/tests/host2host-swapped/hosts/sun/etc/ipsec.conf +++ b/testing/tests/host2host-swapped/hosts/sun/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/host2host-transport/hosts/moon/etc/ipsec.conf index af5000fa8..f1fc0695e 100755 --- a/testing/tests/host2host-transport/hosts/moon/etc/ipsec.conf +++ b/testing/tests/host2host-transport/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/host2host-transport/hosts/sun/etc/ipsec.conf index 10bea9847..766fc39c4 100755 --- a/testing/tests/host2host-transport/hosts/sun/etc/ipsec.conf +++ b/testing/tests/host2host-transport/hosts/sun/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf b/testing/tests/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf index 1f73cdc21..ec6dfe2c1 100755 --- a/testing/tests/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf b/testing/tests/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf index 90911997e..8433fabbe 100755 --- a/testing/tests/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug="control crypt" crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf index ae8d2b772..da824ca1d 100755 --- a/testing/tests/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf index 85cd235dc..50c0d0051 100755 --- a/testing/tests/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ike-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ike-alg-strict/hosts/carol/etc/ipsec.conf index 5a14de070..f49e2ebb8 100755 --- a/testing/tests/ike-alg-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ike-alg-strict/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ike-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ike-alg-strict/hosts/moon/etc/ipsec.conf index 85cd235dc..50c0d0051 100755 --- a/testing/tests/ike-alg-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ike-alg-strict/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ikev2-net2net/description.txt b/testing/tests/ikev2-net2net/description.txt index 1f371c95e..0dd1b77a8 100644 --- a/testing/tests/ikev2-net2net/description.txt +++ b/testing/tests/ikev2-net2net/description.txt @@ -1,5 +1,5 @@ A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up using the IKEv2 key exchange protocol. The authentication is based on -locally importerd <b>X.509 certificates</b>. +locally imported <b>X.509 certificates</b>. In order to test the established tunnel, client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>. diff --git a/testing/tests/ikev2-net2net/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2-net2net/hosts/moon/etc/ipsec.conf index 16f46cf8d..9c763e9a9 100644 --- a/testing/tests/ikev2-net2net/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2-net2net/hosts/moon/etc/ipsec.conf @@ -6,10 +6,10 @@ config setup plutostart=no conn net-net - left=192.168.0.1 + left=PH_IP_MOON leftcert=moonCert.pem leftsubnet=10.1.0.0/16 - right=192.168.0.2 + right=PH_IP_SUN rightcert=sunCert.pem rightsubnet=10.2.0.0/16 keyexchange=ikev2 diff --git a/testing/tests/ikev2-net2net/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2-net2net/hosts/sun/etc/ipsec.conf index a90a4ce7d..defccb9ea 100644 --- a/testing/tests/ikev2-net2net/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2-net2net/hosts/sun/etc/ipsec.conf @@ -6,10 +6,10 @@ config setup plutostart=no conn net-net - left=192.168.0.2 + left=PH_IP_SUN leftcert=sunCert.pem leftsubnet=10.2.0.0/16 - right=192.168.0.1 + right=PH_IP_MOON rightcert=moonCert.pem rightsubnet=10.1.0.0/16 keyexchange=ikev2 diff --git a/testing/tests/mode-config-swapped/hosts/carol/etc/ipsec.conf b/testing/tests/mode-config-swapped/hosts/carol/etc/ipsec.conf index bee23f4df..ca53709cc 100755 --- a/testing/tests/mode-config-swapped/hosts/carol/etc/ipsec.conf +++ b/testing/tests/mode-config-swapped/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/mode-config-swapped/hosts/dave/etc/ipsec.conf b/testing/tests/mode-config-swapped/hosts/dave/etc/ipsec.conf index 698cd9673..e4846008e 100755 --- a/testing/tests/mode-config-swapped/hosts/dave/etc/ipsec.conf +++ b/testing/tests/mode-config-swapped/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/mode-config-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/mode-config-swapped/hosts/moon/etc/ipsec.conf index b9e401080..a449130cd 100755 --- a/testing/tests/mode-config-swapped/hosts/moon/etc/ipsec.conf +++ b/testing/tests/mode-config-swapped/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/mode-config/hosts/carol/etc/ipsec.conf b/testing/tests/mode-config/hosts/carol/etc/ipsec.conf index 598997b45..b1d9a0813 100755 --- a/testing/tests/mode-config/hosts/carol/etc/ipsec.conf +++ b/testing/tests/mode-config/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/mode-config/hosts/dave/etc/ipsec.conf b/testing/tests/mode-config/hosts/dave/etc/ipsec.conf index da601389c..fcf690fb1 100755 --- a/testing/tests/mode-config/hosts/dave/etc/ipsec.conf +++ b/testing/tests/mode-config/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/mode-config/hosts/moon/etc/ipsec.conf b/testing/tests/mode-config/hosts/moon/etc/ipsec.conf index 49333e217..d83b2d976 100755 --- a/testing/tests/mode-config/hosts/moon/etc/ipsec.conf +++ b/testing/tests/mode-config/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf index 222c3cf67..5149fcfd0 100755 --- a/testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf b/testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf index bfa0ebba3..d04667fc8 100755 --- a/testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf index e2b60589b..3754c2e90 100755 --- a/testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.conf b/testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.conf index c56678b59..621dca270 100755 --- a/testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.conf b/testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.conf index 343042f15..c0b9b6a2b 100755 --- a/testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf index 6d0aee86a..156ea9bb3 100755 --- a/testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf index 39a298de9..e48a7f1a8 100755 --- a/testing/tests/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.conf b/testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.conf index de179c565..1240dbfe7 100755 --- a/testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.conf b/testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.conf index 2fb6a301e..eb972c854 100755 --- a/testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.conf b/testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.conf index 6ed262d20..2242cab54 100755 --- a/testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/multi-level-ca/hosts/carol/etc/ipsec.conf index e851a82f0..2a753b98f 100755 --- a/testing/tests/multi-level-ca/hosts/carol/etc/ipsec.conf +++ b/testing/tests/multi-level-ca/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/multi-level-ca/hosts/dave/etc/ipsec.conf index 458a4ca5e..cabdfeaeb 100755 --- a/testing/tests/multi-level-ca/hosts/dave/etc/ipsec.conf +++ b/testing/tests/multi-level-ca/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/multi-level-ca/hosts/moon/etc/ipsec.conf index e60bbc016..dcc0296a7 100755 --- a/testing/tests/multi-level-ca/hosts/moon/etc/ipsec.conf +++ b/testing/tests/multi-level-ca/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/net2net-pgp/hosts/moon/etc/ipsec.conf b/testing/tests/net2net-pgp/hosts/moon/etc/ipsec.conf index e7de6cf0b..4194c57ef 100755 --- a/testing/tests/net2net-pgp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/net2net-pgp/hosts/moon/etc/ipsec.conf @@ -5,6 +5,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control nocrsend=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-pgp/hosts/sun/etc/ipsec.conf b/testing/tests/net2net-pgp/hosts/sun/etc/ipsec.conf index 5dd8a8587..1a4484020 100755 --- a/testing/tests/net2net-pgp/hosts/sun/etc/ipsec.conf +++ b/testing/tests/net2net-pgp/hosts/sun/etc/ipsec.conf @@ -5,6 +5,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control nocrsend=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-psk-fail/hosts/moon/etc/ipsec.conf b/testing/tests/net2net-psk-fail/hosts/moon/etc/ipsec.conf index 87396e455..acc336a4e 100755 --- a/testing/tests/net2net-psk-fail/hosts/moon/etc/ipsec.conf +++ b/testing/tests/net2net-psk-fail/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-psk-fail/hosts/sun/etc/ipsec.conf b/testing/tests/net2net-psk-fail/hosts/sun/etc/ipsec.conf index 7e102b25c..4b2645370 100755 --- a/testing/tests/net2net-psk-fail/hosts/sun/etc/ipsec.conf +++ b/testing/tests/net2net-psk-fail/hosts/sun/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/net2net-psk/hosts/moon/etc/ipsec.conf index 51c53a505..ddfce35cd 100755 --- a/testing/tests/net2net-psk/hosts/moon/etc/ipsec.conf +++ b/testing/tests/net2net-psk/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/net2net-psk/hosts/sun/etc/ipsec.conf index 9c3695178..ed3fe259f 100755 --- a/testing/tests/net2net-psk/hosts/sun/etc/ipsec.conf +++ b/testing/tests/net2net-psk/hosts/sun/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/net2net-route/hosts/moon/etc/ipsec.conf index 4063ae05f..a16129085 100755 --- a/testing/tests/net2net-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/net2net-route/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/net2net-rsa/hosts/moon/etc/ipsec.conf index 772762321..7eaea4945 100755 --- a/testing/tests/net2net-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/net2net-rsa/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-rsa/hosts/sun/etc/ipsec.conf b/testing/tests/net2net-rsa/hosts/sun/etc/ipsec.conf index 9626ef168..018ea65a5 100755 --- a/testing/tests/net2net-rsa/hosts/sun/etc/ipsec.conf +++ b/testing/tests/net2net-rsa/hosts/sun/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/net2net-start/hosts/moon/etc/ipsec.conf index 677955bc1..64b11a2fc 100755 --- a/testing/tests/net2net-start/hosts/moon/etc/ipsec.conf +++ b/testing/tests/net2net-start/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.conf index 7d4384767..2f495395e 100755 --- a/testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/ocsp-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ocsp-revoked/hosts/moon/etc/ipsec.conf index 7134b6ee9..9236234ab 100755 --- a/testing/tests/ocsp-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ocsp-revoked/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/ocsp-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ocsp-strict/hosts/carol/etc/ipsec.conf index b34719401..1bdb0ac2f 100755 --- a/testing/tests/ocsp-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ocsp-strict/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/ocsp-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ocsp-strict/hosts/moon/etc/ipsec.conf index 7134b6ee9..9236234ab 100755 --- a/testing/tests/ocsp-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ocsp-strict/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=yes + charonstart=no ca strongswan cacert=strongswanCert.pem diff --git a/testing/tests/protoport-dual/hosts/carol/etc/ipsec.conf b/testing/tests/protoport-dual/hosts/carol/etc/ipsec.conf index 9e05ecf61..b9e60c224 100755 --- a/testing/tests/protoport-dual/hosts/carol/etc/ipsec.conf +++ b/testing/tests/protoport-dual/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/protoport-dual/hosts/moon/etc/ipsec.conf b/testing/tests/protoport-dual/hosts/moon/etc/ipsec.conf index 84b9b0ba3..4597f96f4 100755 --- a/testing/tests/protoport-dual/hosts/moon/etc/ipsec.conf +++ b/testing/tests/protoport-dual/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/protoport-pass/hosts/carol/etc/ipsec.conf b/testing/tests/protoport-pass/hosts/carol/etc/ipsec.conf index ade7308f6..a19bc6dbf 100755 --- a/testing/tests/protoport-pass/hosts/carol/etc/ipsec.conf +++ b/testing/tests/protoport-pass/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/protoport-pass/hosts/moon/etc/ipsec.conf b/testing/tests/protoport-pass/hosts/moon/etc/ipsec.conf index fd67e2b4b..8c46e894f 100755 --- a/testing/tests/protoport-pass/hosts/moon/etc/ipsec.conf +++ b/testing/tests/protoport-pass/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/protoport-route/hosts/carol/etc/ipsec.conf b/testing/tests/protoport-route/hosts/carol/etc/ipsec.conf index 31c25c12f..94a78081a 100755 --- a/testing/tests/protoport-route/hosts/carol/etc/ipsec.conf +++ b/testing/tests/protoport-route/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/protoport-route/hosts/moon/etc/ipsec.conf b/testing/tests/protoport-route/hosts/moon/etc/ipsec.conf index 84b9b0ba3..4597f96f4 100755 --- a/testing/tests/protoport-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/protoport-route/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/req-pkcs10/hosts/carol/etc/ipsec.conf b/testing/tests/req-pkcs10/hosts/carol/etc/ipsec.conf index 58e2f1e5b..95d5bdebd 100755 --- a/testing/tests/req-pkcs10/hosts/carol/etc/ipsec.conf +++ b/testing/tests/req-pkcs10/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf b/testing/tests/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf index da5e198a8..9ae925cf6 100755 --- a/testing/tests/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf +++ b/testing/tests/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf b/testing/tests/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf index c32dfaf9b..6244e04fb 100755 --- a/testing/tests/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf +++ b/testing/tests/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/rw-psk-fqdn/hosts/carol/etc/ipsec.conf index da5e198a8..9ae925cf6 100755 --- a/testing/tests/rw-psk-fqdn/hosts/carol/etc/ipsec.conf +++ b/testing/tests/rw-psk-fqdn/hosts/carol/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/rw-psk-fqdn/hosts/moon/etc/ipsec.conf index 9a894806c..bb0eec7f1 100755 --- a/testing/tests/rw-psk-fqdn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/rw-psk-fqdn/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/rw-psk-ipv4/hosts/carol/etc/ipsec.conf index 2c0227b7a..57ae965c9 100755 --- a/testing/tests/rw-psk-ipv4/hosts/carol/etc/ipsec.conf +++ b/testing/tests/rw-psk-ipv4/hosts/carol/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/rw-psk-ipv4/hosts/moon/etc/ipsec.conf index a75d4e222..fd6d6192a 100755 --- a/testing/tests/rw-psk-ipv4/hosts/moon/etc/ipsec.conf +++ b/testing/tests/rw-psk-ipv4/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-no-policy/hosts/carol/etc/ipsec.conf b/testing/tests/rw-psk-no-policy/hosts/carol/etc/ipsec.conf index 413eff762..8d402d740 100755 --- a/testing/tests/rw-psk-no-policy/hosts/carol/etc/ipsec.conf +++ b/testing/tests/rw-psk-no-policy/hosts/carol/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-no-policy/hosts/moon/etc/ipsec.conf b/testing/tests/rw-psk-no-policy/hosts/moon/etc/ipsec.conf index ac63abdc9..196968e07 100755 --- a/testing/tests/rw-psk-no-policy/hosts/moon/etc/ipsec.conf +++ b/testing/tests/rw-psk-no-policy/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf index 69e13b538..d1abc5b6d 100755 --- a/testing/tests/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf +++ b/testing/tests/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf index b23248b5b..3268b1f7c 100755 --- a/testing/tests/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf +++ b/testing/tests/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf @@ -4,6 +4,7 @@ version 2.0 # conforms to second version of ipsec.conf specification config setup plutodebug=control + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/self-signed/hosts/carol/etc/ipsec.conf b/testing/tests/self-signed/hosts/carol/etc/ipsec.conf index fcf7a1754..cb831c436 100755 --- a/testing/tests/self-signed/hosts/carol/etc/ipsec.conf +++ b/testing/tests/self-signed/hosts/carol/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=0 strictcrlpolicy=no nocrsend=yes + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/self-signed/hosts/moon/etc/ipsec.conf b/testing/tests/self-signed/hosts/moon/etc/ipsec.conf index 7d7f42b06..7665e7cf6 100755 --- a/testing/tests/self-signed/hosts/moon/etc/ipsec.conf +++ b/testing/tests/self-signed/hosts/moon/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=0 strictcrlpolicy=no nocrsend=yes + charonstart=no conn %default ikelifetime=60m @@ -15,7 +16,7 @@ conn %default keyingtries=1 conn carol - left=192.168.0.1 + left=PH_IP_MOON leftnexthop=%direct leftcert=moonCert.der leftid=@moon.strongswan.org diff --git a/testing/tests/starter-also-loop/hosts/moon/etc/ipsec.conf b/testing/tests/starter-also-loop/hosts/moon/etc/ipsec.conf index e1d210253..e7731ddb9 100755 --- a/testing/tests/starter-also-loop/hosts/moon/etc/ipsec.conf +++ b/testing/tests/starter-also-loop/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m @@ -30,7 +31,7 @@ conn rw auto=add conn moon - left=192.168.0.1 + left=PH_IP_MOON leftnexthop=%direct leftcert=moonCert.pem leftid=@moon.strongswan.org @@ -41,7 +42,7 @@ conn moon-net leftsubnet=10.1.0.0/16 conn sun - right=192.168.0.2 + right=PH_IP_SUN rightid=@sun.strongswan.org conn sun-net diff --git a/testing/tests/starter-also/hosts/moon/etc/ipsec.conf b/testing/tests/starter-also/hosts/moon/etc/ipsec.conf index 74d009cfa..7da271636 100755 --- a/testing/tests/starter-also/hosts/moon/etc/ipsec.conf +++ b/testing/tests/starter-also/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m @@ -30,7 +31,7 @@ conn rw auto=add conn moon - left=192.168.0.1 + left=PH_IP_MOON leftnexthop=%direct leftcert=moonCert.pem leftid=@moon.strongswan.org @@ -40,7 +41,7 @@ conn moon-net leftsubnet=10.1.0.0/16 conn sun - right=192.168.0.2 + right=PH_IP_SUN rightid=@sun.strongswan.org conn sun-net diff --git a/testing/tests/starter-includes/hosts/carol/etc/ipsec.conf b/testing/tests/starter-includes/hosts/carol/etc/ipsec.conf index 598997b45..b1d9a0813 100755 --- a/testing/tests/starter-includes/hosts/carol/etc/ipsec.conf +++ b/testing/tests/starter-includes/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/starter-includes/hosts/dave/etc/ipsec.conf b/testing/tests/starter-includes/hosts/dave/etc/ipsec.conf index da601389c..fcf690fb1 100755 --- a/testing/tests/starter-includes/hosts/dave/etc/ipsec.conf +++ b/testing/tests/starter-includes/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/starter-includes/hosts/moon/etc/ipsec.conf b/testing/tests/starter-includes/hosts/moon/etc/ipsec.conf index aa9116252..f8f78aa11 100755 --- a/testing/tests/starter-includes/hosts/moon/etc/ipsec.conf +++ b/testing/tests/starter-includes/hosts/moon/etc/ipsec.conf @@ -6,5 +6,6 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no include /etc/ipsec.connections diff --git a/testing/tests/virtual-ip-swapped/hosts/carol/etc/ipsec.conf b/testing/tests/virtual-ip-swapped/hosts/carol/etc/ipsec.conf index 0e239b707..980552d36 100755 --- a/testing/tests/virtual-ip-swapped/hosts/carol/etc/ipsec.conf +++ b/testing/tests/virtual-ip-swapped/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/virtual-ip-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/virtual-ip-swapped/hosts/moon/etc/ipsec.conf index db6effbac..253c2989e 100755 --- a/testing/tests/virtual-ip-swapped/hosts/moon/etc/ipsec.conf +++ b/testing/tests/virtual-ip-swapped/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/virtual-ip/hosts/carol/etc/ipsec.conf b/testing/tests/virtual-ip/hosts/carol/etc/ipsec.conf index 2f1170a6b..73f2189b0 100755 --- a/testing/tests/virtual-ip/hosts/carol/etc/ipsec.conf +++ b/testing/tests/virtual-ip/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/virtual-ip/hosts/moon/etc/ipsec.conf index 1cd8aab25..5cdd21530 100755 --- a/testing/tests/virtual-ip/hosts/moon/etc/ipsec.conf +++ b/testing/tests/virtual-ip/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/wildcards/hosts/carol/etc/ipsec.conf b/testing/tests/wildcards/hosts/carol/etc/ipsec.conf index de179c565..1240dbfe7 100755 --- a/testing/tests/wildcards/hosts/carol/etc/ipsec.conf +++ b/testing/tests/wildcards/hosts/carol/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/wildcards/hosts/dave/etc/ipsec.conf b/testing/tests/wildcards/hosts/dave/etc/ipsec.conf index 2fb6a301e..eb972c854 100755 --- a/testing/tests/wildcards/hosts/dave/etc/ipsec.conf +++ b/testing/tests/wildcards/hosts/dave/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/wildcards/hosts/moon/etc/ipsec.conf b/testing/tests/wildcards/hosts/moon/etc/ipsec.conf index ee7bc8115..90bf48d83 100755 --- a/testing/tests/wildcards/hosts/moon/etc/ipsec.conf +++ b/testing/tests/wildcards/hosts/moon/etc/ipsec.conf @@ -6,6 +6,7 @@ config setup plutodebug=control crlcheckinterval=180 strictcrlpolicy=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/wlan/hosts/alice/etc/ipsec.conf b/testing/tests/wlan/hosts/alice/etc/ipsec.conf index a658e4fe8..9c3003f43 100755 --- a/testing/tests/wlan/hosts/alice/etc/ipsec.conf +++ b/testing/tests/wlan/hosts/alice/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/wlan/hosts/moon/etc/ipsec.conf b/testing/tests/wlan/hosts/moon/etc/ipsec.conf index f873479e8..0a6c491b1 100755 --- a/testing/tests/wlan/hosts/moon/etc/ipsec.conf +++ b/testing/tests/wlan/hosts/moon/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=no + charonstart=no conn %default ikelifetime=60m diff --git a/testing/tests/wlan/hosts/venus/etc/ipsec.conf b/testing/tests/wlan/hosts/venus/etc/ipsec.conf index 742c1dbce..bf0f423c6 100755 --- a/testing/tests/wlan/hosts/venus/etc/ipsec.conf +++ b/testing/tests/wlan/hosts/venus/etc/ipsec.conf @@ -7,6 +7,7 @@ config setup crlcheckinterval=180 strictcrlpolicy=no nat_traversal=no + charonstart=no conn %default ikelifetime=60m |