added firewall support to scenario

7 files changed, 17 insertions, 8 deletions

diff --git a/testing/tests/ikev2/host2host-transport/description.txt b/testing/tests/ikev2/host2host-transport/description.txt
index 63d15ab13..fe3482c96 100644
--- a/testing/tests/ikev2/host2host-transport/description.txt
+++ b/testing/tests/ikev2/host2host-transport/description.txt
@@ -1,3 +1,4 @@
-A connection between the hosts <b>moon</b> and <b>sun</b> is set up using IPsec transport mode.
-The authentication is based on X.509 certificates. 
-In order to test the host-to-host tunnel <b>moon</b> pings <b>sun</b>.
+An IPsec <b>transport-mode</b> connection between the hosts <b>moon</b> and <b>sun</b> is
+successfully set up. <b>leftfirewall=yes</b> automatically inserts iptables-based firewall
+rules that let pass the decrypted IP packets. In order to test the host-to-host connection
+<b>moon</b> pings <b>sun</b>.
diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat
index 2dc75a505..a46e4e4e4 100644
--- a/testing/tests/ikev2/host2host-transport/evaltest.dat
+++ b/testing/tests/ikev2/host2host-transport/evaltest.dat
@@ -1,5 +1,5 @@
-moon::ipsec statusall::host-host.*TRANSPORT::YES
-sun::ipsec statusall::host-host.*TRANSPORT::YES
+moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
+sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf
index 32fcdb787..9d3060b20 100755
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf
@@ -16,6 +16,7 @@ conn host-host
 	leftnexthop=%direct
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
+	leftfirewall=yes
 	right=PH_IP_SUN
 	rightid=@sun.strongswan.org
 	type=transport
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf
index 99cb40e00..1467e7ef4 100755
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf
@@ -16,6 +16,7 @@ conn host-host
 	leftnexthop=%direct
 	leftcert=sunCert.pem
 	leftid=@sun.strongswan.org
+	leftfirewall=yes
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
 	type=transport
diff --git a/testing/tests/ikev2/host2host-transport/posttest.dat b/testing/tests/ikev2/host2host-transport/posttest.dat
index dff181797..52979508d 100644
--- a/testing/tests/ikev2/host2host-transport/posttest.dat
+++ b/testing/tests/ikev2/host2host-transport/posttest.dat
@@ -1,2 +1,6 @@
+moon::iptables -v -n -L
+sun::iptables -v -n -L
 moon::ipsec stop
 sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/host2host-transport/pretest.dat b/testing/tests/ikev2/host2host-transport/pretest.dat
index c441ccbfe..e2d98f2eb 100644
--- a/testing/tests/ikev2/host2host-transport/pretest.dat
+++ b/testing/tests/ikev2/host2host-transport/pretest.dat
@@ -1,4 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
 sun::ipsec start
-moon::sleep 1 
+moon::sleep 2
 moon::ipsec up host-host
diff --git a/testing/tests/ikev2/host2host-transport/test.conf b/testing/tests/ikev2/host2host-transport/test.conf
index 305a67316..cf2e704fd 100644
--- a/testing/tests/ikev2/host2host-transport/test.conf
+++ b/testing/tests/ikev2/host2host-transport/test.conf
@@ -6,11 +6,11 @@
 # All UML instances that are required for this test
 #
 UMLHOSTS="moon winnetou sun"
-
+ 
 # Corresponding block diagram
 #
 DIAGRAM="m-w-s.png"
- 
+
 # UML instances on which tcpdump is to be started
 #
 TCPDUMPHOSTS="sun"