diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-05-11 11:00:32 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-05-11 11:00:32 +0200 |
| commit | a56fdff194990ea55f91bdccfc74f52d85176a92 (patch) | |
| tree | 889fe732efe9bf6442815ec07517df1686877ee9 /testing/tests/ikev2 | |
| parent | 0e1c6fa2a995bdba7d3589775a4e0d08462b0d97 (diff) | |
| download | strongswan-a56fdff194990ea55f91bdccfc74f52d85176a92.tar.bz2 strongswan-a56fdff194990ea55f91bdccfc74f52d85176a92.tar.xz | |
upgraded ikev2 scenarios to 5.0.0
Diffstat (limited to 'testing/tests/ikev2')
477 files changed, 1169 insertions, 1712 deletions
diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat index 1bb9c105f..3efaa5a98 100644 --- a/testing/tests/ikev2/after-2038-certs/evaltest.dat +++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf index bcdb8641b..d0e7ae27f 100755 --- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf index 274521386..00a522069 100755 --- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-3des-md5/evaltest.dat b/testing/tests/ikev2/alg-3des-md5/evaltest.dat index 6f598c6f3..a553ff168 100644 --- a/testing/tests/ikev2/alg-3des-md5/evaltest.dat +++ b/testing/tests/ikev2/alg-3des-md5/evaltest.dat @@ -1,13 +1,15 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES -carol::ipsec statusall::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*3DES_CBC/HMAC_MD5_96,::YES -carol::ipsec statusall::home.*3DES_CBC/HMAC_MD5_96,::YES -moon::ip xfrm state::enc cbc(des3_ede)::YES +moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES +carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES +moon:: ip xfrm state::enc cbc(des3_ede)::YES carol::ip xfrm state::enc cbc(des3_ede)::YES -moon::ip xfrm state::auth hmac(md5)::YES +moon:: ip xfrm state::auth hmac(md5)::YES carol::ip xfrm state::auth hmac(md5)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf index f2c71061d..e89334423 100755 --- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf index c4fd80fc0..c218ad4bb 100755 --- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat index 0834a8db0..e2cf773ea 100644 --- a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::IKE proposal: AES_CCM_12_128::YES -carol::ipsec statusall::IKE proposal: AES_CCM_12_128::YES -moon::ipsec statusall::AES_CCM_12_128,::YES -carol::ipsec statusall::AES_CCM_12_128,::YES -moon::ip xfrm state::aead rfc4309(ccm(aes))::YES +moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES +moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES +carol::ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES +moon:: ip xfrm state::aead rfc4309(ccm(aes))::YES carol::ip xfrm state::aead rfc4309(ccm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf index 6bcfbc28d..a5af62796 100755 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf index 1d6f13861..74dc0170b 100755 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat index 522ce6088..177e0ea62 100644 --- a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::IKE proposal: AES_CTR_128::YES -carol::ipsec statusall::IKE proposal: AES_CTR_128::YES -moon::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES -carol::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES -moon::ip xfrm state::rfc3686(ctr(aes))::YES +moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES +moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES +carol::ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES +moon:: ip xfrm state::rfc3686(ctr(aes))::YES carol::ip xfrm state::rfc3686(ctr(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf index 70c482835..97db0816c 100755 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf index bf103742f..dbfef0482 100755 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat index 9cd3e8e15..39f8b1cc4 100644 --- a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::IKE proposal: AES_GCM_16_256::YES -carol::ipsec statusall::IKE proposal: AES_GCM_16_256::YES -moon::ipsec statusall::AES_GCM_16_256,::YES -carol::ipsec statusall::AES_GCM_16_256,::YES -moon::ip xfrm state::aead rfc4106(gcm(aes))::YES +moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES +moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES +carol::ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES +moon:: ip xfrm state::aead rfc4106(gcm(aes))::YES carol::ip xfrm state::aead rfc4106(gcm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index e3f19aff8..f70a558d4 100755 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 0d51a3ea8..30c4a7dc0 100755 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat index 24e36eb77..7a9874528 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES -carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES -moon::ip xfrm state::auth xcbc(aes)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES +moon:: ip xfrm state::auth xcbc(aes)::YES carol::ip xfrm state::auth xcbc(aes)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index 33e6a842b..806923e30 100755 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index 208477deb..5f55bb7e7 100755 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat index f1b33895b..a458f0241 100644 --- a/testing/tests/ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat @@ -1,14 +1,15 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES +dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ipsec statusall::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES +dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES -dave::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -dave::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec statusall::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES -dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES +dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf index a78724926..2c059148b 100755 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf index 26f3f3a04..a3c6f1baf 100755 --- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf index 5183e26d2..9490dbf3f 100755 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat index 80df206bf..0acd6d2ce 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat +++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat @@ -1,13 +1,17 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[4]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES -dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES -moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES -dave::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES +dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES +dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf index 257923d02..947dbe72b 100755 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf index 9b5247973..268f298d5 100755 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf index 2b66e3400..78e27877d 100755 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat index 7ec47aadf..4bbc82d9b 100644 --- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat @@ -1,13 +1,15 @@ -moon::cat /var/log/daemon.log::received strongSwan vendor id::YES -carol::cat /var/log/daemon.log::received strongSwan vendor id::YES -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES +carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES -carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES -moon::ip xfrm state::auth hmac(sha256)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES +moon:: ip xfrm state::auth hmac(sha256)::YES carol::ip xfrm state::auth hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf index 47cf1e12c..2353884c3 100755 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf index d340aaf70..c1e415d5b 100755 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat index 2d1cc92bb..7b5640af8 100644 --- a/testing/tests/ikev2/alg-sha256/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES -carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES -moon::ip xfrm state::auth hmac(sha256)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES +moon:: ip xfrm state::auth hmac(sha256)::YES carol::ip xfrm state::auth hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf index d2b763a1b..e3c424606 100755 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf index 0e38bbb84..9f8e902ae 100755 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat index 31bb64c5e..21b3d5a4f 100644 --- a/testing/tests/ikev2/alg-sha384/evaltest.dat +++ b/testing/tests/ikev2/alg-sha384/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES -carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES -moon::ip xfrm state::auth hmac(sha384)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES +moon:: ip xfrm state::auth hmac(sha384)::YES carol::ip xfrm state::auth hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf index d38b7dfcf..14fce0317 100755 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf index ea84cd8a4..06a887f5c 100755 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha512/evaltest.dat b/testing/tests/ikev2/alg-sha512/evaltest.dat index e0f5fb7a3..7b94d2182 100644 --- a/testing/tests/ikev2/alg-sha512/evaltest.dat +++ b/testing/tests/ikev2/alg-sha512/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES -carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES -moon::ip xfrm state::auth hmac(sha512)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES +moon:: ip xfrm state::auth hmac(sha512)::YES carol::ip xfrm state::auth hmac(sha512)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf index 583522d1b..33f619eab 100755 --- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf index 40fec93c0..f76a4264b 100755 --- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/evaltest.dat b/testing/tests/ikev2/any-interface/evaltest.dat index f475ba70b..800ae4353 100644 --- a/testing/tests/ikev2/any-interface/evaltest.dat +++ b/testing/tests/ikev2/any-interface/evaltest.dat @@ -1,10 +1,17 @@ -moon::cat /var/log/daemon.log::creating acquire job::YES -bob::cat /var/log/daemon.log::creating acquire job::YES -moon::ipsec statusall::alice.*INSTALLED, TRANSPORT::YES -moon::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES -alice::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES -sun::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES -bob::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES +moon:: cat /var/log/daemon.log::creating acquire job::YES +bob:: cat /var/log/daemon.log::creating acquire job::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*CN=moon.strongswan.org.*CN=alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=moon.strongswan.org.*CN=sun.strongswan.org::YES +alice::ipsec status 2> /dev/null::remote.*ESTABLISHED.*CN=alice@strongswan.org.*CN=moon.strongswan.org::YES +sun:: ipsec status 2> /dev/null::remote\[1]: ESTABLISHED.*CN=sun.strongswan.org.*CN=moon.strongswan.org::YES +sun:: ipsec status 2> /dev/null::remote\[2]: ESTABLISHED.*CN=sun.strongswan.org.*CN=bob@strongswan.org::YES +bob:: ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=bob@strongswan.org.*CN=sun.strongswan.org::YES +moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TRANSPORT::YES +moon:: ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES +alice::ipsec status 2> /dev/null::remote.*INSTALLED, TRANSPORT::YES +sun:: ipsec status 2> /dev/null::remote[{]1}.*INSTALLED, TRANSPORT::YES +sun:: ipsec status 2> /dev/null::remote[{]2}.*INSTALLED, TRANSPORT::YES +bob:: ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf index eb7dfe848..e71d34729 100755 --- a/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf index 40d029b3e..c4ded5028 100755 --- a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf index ab0534331..e1880ee1d 100755 --- a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf index 71699b08e..0bab2caac 100755 --- a/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/compress/evaltest.dat b/testing/tests/ikev2/compress/evaltest.dat index 22dd94866..b989a7774 100644 --- a/testing/tests/ikev2/compress/evaltest.dat +++ b/testing/tests/ikev2/compress/evaltest.dat @@ -1,8 +1,10 @@ -moon::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES -moon::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES -carol::ipsec status::home.*INSTALLED::YES -moon::ipsec status::rw.*INSTALLED::YES -moon::ip xfrm state::proto comp spi::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES +moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES +moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES +moon:: ip xfrm state::proto comp spi::YES carol::ip xfrm state::proto comp spi::YES carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf index 670a50c00..24815976d 100755 --- a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf index 91abfd4da..4eaffb809 100755 --- a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat index 73d5ea206..3c41a596c 100644 --- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat +++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat @@ -1,15 +1,19 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw-carol.*INSTALLED::YES -moon::ipsec status::rw-dave.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf index 6894a952c..7d8031b1c 100755 --- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf index cefbc8270..f66544896 100755 --- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf index 222673704..1e2dc5c42 100755 --- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index 3451112cc..a429e9b32 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -1,17 +1,21 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES -carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw-carol.*INSTALLED::YES -moon::ipsec status::rw-dave.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf index cb5f6406b..57829ad2c 100644 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf index cb5f6406b..57829ad2c 100644 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf index bb558fe25..ee2d12094 100755 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf index f763e3ef1..1ec24a257 100644 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown attr + dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS } diff --git a/testing/tests/ikev2/critical-extension/evaltest.dat b/testing/tests/ikev2/critical-extension/evaltest.dat index 8c2f8ec9d..05c2c2f4d 100644 --- a/testing/tests/ikev2/critical-extension/evaltest.dat +++ b/testing/tests/ikev2/critical-extension/evaltest.dat @@ -1,6 +1,8 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO moon::cat /var/log/daemon.log::sending end entity cert::YES moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -sun::cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES -sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES -sun::cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES -sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES +sun:: cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES +sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES +sun:: cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES +sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf index 2e3c9dde4..11d2aefe6 100755 --- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf index 19e197131..15ba692a0 100755 --- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/crl-from-cache/evaltest.dat b/testing/tests/ikev2/crl-from-cache/evaltest.dat index 2f4cf7afa..2d649bbee 100644 --- a/testing/tests/ikev2/crl-from-cache/evaltest.dat +++ b/testing/tests/ikev2/crl-from-cache/evaltest.dat @@ -1,10 +1,12 @@ -moon::cat /var/log/daemon.log::loaded crl from::YES -moon::cat /var/log/daemon.log::crl is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec listcrls:: ok::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::loaded crl from::YES +moon:: cat /var/log/daemon.log::crl is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES +moon:: cat /var/log/daemon.log::using cached crl::YES +moon:: ipsec listcrls 2> /dev/null:: ok::YES carol::cat /var/log/daemon.log::loaded crl from::YES carol::cat /var/log/daemon.log::crl is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -carol::ipsec listcrls:: ok::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +carol::cat /var/log/daemon.log::using cached crl::YES +carol::ipsec listcrls 2> /dev/null:: ok::YES diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf index 4d47c831c..633d921ad 100755 --- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf index 9488a6822..cc5f11dde 100755 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-ldap/evaltest.dat b/testing/tests/ikev2/crl-ldap/evaltest.dat index 5ab094401..b0774c64d 100644 --- a/testing/tests/ikev2/crl-ldap/evaltest.dat +++ b/testing/tests/ikev2/crl-ldap/evaltest.dat @@ -1,12 +1,12 @@ -moon::cat /var/log/daemon.log::loaded crl from::YES -moon::cat /var/log/daemon.log::crl is stale::YES -moon::cat /var/log/daemon.log::fetching crl from.*ldap::YES -moon::cat /var/log/daemon.log::crl is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::loaded crl from::YES +moon:: cat /var/log/daemon.log::crl is stale::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap::YES +moon:: cat /var/log/daemon.log::crl is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::loaded crl from::YES carol::cat /var/log/daemon.log::crl is stale::YES carol::cat /var/log/daemon.log::fetching crl from.*ldap::YES carol::cat /var/log/daemon.log::crl is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf index 26d34de47..35967d750 100755 --- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf index 1d2a68528..6a6b9129f 100755 --- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-revoked/evaltest.dat b/testing/tests/ikev2/crl-revoked/evaltest.dat index 62ed8676a..4f3e10ba1 100644 --- a/testing/tests/ikev2/crl-revoked/evaltest.dat +++ b/testing/tests/ikev2/crl-revoked/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::certificate was revoked::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO +moon:: cat /var/log/daemon.log::certificate was revoked::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf index cbab29414..9b8a8c293 100755 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf index dd50c335b..8eff71e61 100755 --- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/crl-to-cache/evaltest.dat b/testing/tests/ikev2/crl-to-cache/evaltest.dat index afc8f67e4..fe6a55aae 100644 --- a/testing/tests/ikev2/crl-to-cache/evaltest.dat +++ b/testing/tests/ikev2/crl-to-cache/evaltest.dat @@ -1,4 +1,4 @@ -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES carol::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf index 4d47c831c..633d921ad 100755 --- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf index 9488a6822..cc5f11dde 100755 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat index 2c1e11c97..1c206fff0 100644 --- a/testing/tests/ikev2/default-keys/evaltest.dat +++ b/testing/tests/ikev2/default-keys/evaltest.dat @@ -1,7 +1,9 @@ carol::cat /var/log/auth.log::scepclient::YES -moon::cat /var/log/auth.log::scepclient::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -moon::ipsec statusall::carol.*ESTABLISHED::YES +moon:: cat /var/log/auth.log::scepclient::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES +moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf index 9574f18bb..7f3df2d69 100755 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf index 5b2c4e3f4..165dc5463 100755 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat index b3814084f..4b0ddace7 100644 --- a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.51/32::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf index 3868a7a38..642a7cd2e 100755 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat index 8abd2416a..830094c7a 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf index 3868a7a38..642a7cd2e 100755 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat index 8abd2416a..830094c7a 100644 --- a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf index 3868a7a38..642a7cd2e 100755 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat-net/evaltest.dat b/testing/tests/ikev2/double-nat-net/evaltest.dat index aa69dabfa..2fe67cb9a 100644 --- a/testing/tests/ikev2/double-nat-net/evaltest.dat +++ b/testing/tests/ikev2/double-nat-net/evaltest.dat @@ -1,5 +1,7 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -bob::ipsec statusall::nat-t.*INSTALLED::YES +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES +bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf index c8aa460cf..2d52634a2 100755 --- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf index f0c5b6f15..57880fa29 100755 --- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat/evaltest.dat b/testing/tests/ikev2/double-nat/evaltest.dat index 77deea2a7..0812bae4e 100644 --- a/testing/tests/ikev2/double-nat/evaltest.dat +++ b/testing/tests/ikev2/double-nat/evaltest.dat @@ -1,5 +1,7 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -bob::ipsec statusall::nat-t.*INSTALLED::YES +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES +bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf index 26830f390..310fda677 100755 --- a/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf index b4a24cb1f..f1f02b183 100755 --- a/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-clear/evaltest.dat b/testing/tests/ikev2/dpd-clear/evaltest.dat index 86c0227bd..c1a271903 100644 --- a/testing/tests/ikev2/dpd-clear/evaltest.dat +++ b/testing/tests/ikev2/dpd-clear/evaltest.dat @@ -1,6 +1,8 @@ -carol::ipsec statusall::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -moon::sleep 180::no output expected::NO -moon::cat /var/log/daemon.log::sending DPD request::YES -moon::cat /var/log/daemon.log::retransmit.*of request::YES -moon::cat /var/log/daemon.log::giving up after 5 retransmits::YES +moon:: sleep 180::no output expected::NO +moon:: cat /var/log/daemon.log::sending DPD request::YES +moon:: cat /var/log/daemon.log::retransmit.*of request::YES +moon:: cat /var/log/daemon.log::giving up after 5 retransmits::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf index bcdb8641b..d0e7ae27f 100755 --- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf index cdb40d72d..ae01a624b 100755 --- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-hold/evaltest.dat b/testing/tests/ikev2/dpd-hold/evaltest.dat index 2cf063762..4c035a6e9 100644 --- a/testing/tests/ikev2/dpd-hold/evaltest.dat +++ b/testing/tests/ikev2/dpd-hold/evaltest.dat @@ -1,14 +1,14 @@ -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES -moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO carol::sleep 180::no output expected::NO carol::cat /var/log/daemon.log::sending DPD request::YES carol::cat /var/log/daemon.log::retransmit.*of request::YES carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::ping -c 1 PH_IP_ALICE::trigger route::NO carol::sleep 2::no output expected::NO -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf index bfc8ac34c..d5cc10d59 100755 --- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf index cdb40d72d..ae01a624b 100755 --- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-restart/evaltest.dat b/testing/tests/ikev2/dpd-restart/evaltest.dat index 28edd4823..962bd0636 100644 --- a/testing/tests/ikev2/dpd-restart/evaltest.dat +++ b/testing/tests/ikev2/dpd-restart/evaltest.dat @@ -1,13 +1,13 @@ -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES -moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO carol::sleep 180::no output expected::NO carol::cat /var/log/daemon.log::sending DPD request::YES carol::cat /var/log/daemon.log::retransmit.*of request::YES carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::sleep 10::no output expected::NO -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf index 631eac9b6..f1c466976 100755 --- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf index cdb40d72d..ae01a624b 100755 --- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat index 9377d9fd2..74150fb04 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::NULL_AES_GMAC_256::YES -carol::ipsec statusall::NULL_AES_GMAC_256::YES +moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES +carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ip xfrm state::aead rfc4543(gcm(aes))::YES -moon::ip xfrm state::aead rfc4543(gcm(aes))::YES +moon:: ip xfrm state::aead rfc4543(gcm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index f3a266c7d..44babd983 100755 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index bbdb38301..71697b12e 100755 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat index d65d71240..a66edc5fe 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES -carol::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES -moon::ip xfrm state::auth hmac(md5)::YES +moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES +carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES +moon:: ip xfrm state::auth hmac(md5)::YES carol::ip xfrm state::auth hmac(md5)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf index 09797799f..ae5800beb 100755 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf index ae83aaf58..7af2b0dd9 100755 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat index bebca1f61..937d85ed2 100644 --- a/testing/tests/ikev2/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::NULL/HMAC_SHA1_96::YES -carol::ipsec statusall::NULL/HMAC_SHA1_96::YES -moon::ip xfrm state::enc ecb(cipher_null)::YES +moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +moon:: ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf index 5640d74fc..dbf53b56a 100755 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf index 91f4a7c7f..deb022fed 100755 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat index b0277271d..52c27cba5 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES -carol::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES -moon::ip xfrm state::auth hmac(sha1)::YES +moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES +carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES +moon:: ip xfrm state::auth hmac(sha1)::YES carol::ip xfrm state::auth hmac(sha1)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 204::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 204::YES diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf index 3991d517d..d2a4b5ea1 100755 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf index 893419585..25aa11a76 100755 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat index d48812f47..21b10d170 100644 --- a/testing/tests/ikev2/farp/evaltest.dat +++ b/testing/tests/ikev2/farp/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw-carol.*INSTALLED::YES -moon::ipsec status::rw-dave.*INSTALLED::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf index 19dd5d3e6..457b7a9b9 100755 --- a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat index 35f01d491..d7fe707ab 100644 --- a/testing/tests/ikev2/force-udp-encaps/evaltest.dat +++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat @@ -1,6 +1,8 @@ +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES -alice::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf index 2074646cc..842b72d47 100755 --- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf index a2c168601..0592ad313 100755 --- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-cert/evaltest.dat b/testing/tests/ikev2/host2host-cert/evaltest.dat index 8d5d8167a..53e5589ca 100644 --- a/testing/tests/ikev2/host2host-cert/evaltest.dat +++ b/testing/tests/ikev2/host2host-cert/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::host-host.*ESTABLISHED::YES -sun::ipsec statusall::host-host.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf index ec9ac5b80..37ac6a611 100755 --- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf index 484eb995f..d47a5c2e1 100755 --- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-swapped/evaltest.dat b/testing/tests/ikev2/host2host-swapped/evaltest.dat index 8d5d8167a..53e5589ca 100644 --- a/testing/tests/ikev2/host2host-swapped/evaltest.dat +++ b/testing/tests/ikev2/host2host-swapped/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::host-host.*ESTABLISHED::YES -sun::ipsec statusall::host-host.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf index 981c7f073..b20e94e69 100755 --- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf index e3fc2b728..e3c0f698c 100755 --- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat index b3cade48c..3021b5e04 100644 --- a/testing/tests/ikev2/host2host-transport/evaltest.dat +++ b/testing/tests/ikev2/host2host-transport/evaltest.dat @@ -1,8 +1,7 @@ -moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES -moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES -sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES -moon::ip xfrm state::mode transport::YES -sun::ip xfrm state::mode transport::YES +moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES +sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf index 7f6c5a58a..7b4ab6415 100755 --- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf index af52fb22b..c2d251a12 100755 --- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat index a8975481f..dceceaef6 100644 --- a/testing/tests/ikev2/inactivity-timeout/evaltest.dat +++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat @@ -1,8 +1,8 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::sleep 15::NO carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES -moon::ipsec statusall::rw.*INSTALLED::NO -carol::ipsec statusall::home.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED::NO carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf index 5fbb99617..89a0be7ea 100755 --- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf index c3d417302..b2e2c4dc9 100755 --- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat index f9d0cbb37..941cb34c0 100644 --- a/testing/tests/ikev2/ip-pool-db/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat @@ -4,26 +4,30 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES -dave::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES -dave::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES -moon::cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES -moon::cat /var/log/daemon.log::assigning virtual IP::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES +dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES +dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES +moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES +moon:: cat /var/log/daemon.log::assigning virtual IP::YES moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +moon::ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon::ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon::ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon::ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf index b3413830f..bc0a0ac1c 100755 --- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-wish/evaltest.dat b/testing/tests/ikev2/ip-pool-wish/evaltest.dat index d02d422ab..fd15d5209 100644 --- a/testing/tests/ikev2/ip-pool-wish/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-wish/evaltest.dat @@ -1,18 +1,22 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES -moon::cat /var/log/daemon.log::assigning virtual IP::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org.::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES +moon:: cat /var/log/daemon.log::assigning virtual IP::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf index c9867c7d4..81e0202c4 100755 --- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf index 98dd99271..86d1f2e4c 100755 --- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf index 0b4cded6c..d6657cd9a 100755 --- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool/evaltest.dat b/testing/tests/ikev2/ip-pool/evaltest.dat index b130d4565..50b7f1159 100644 --- a/testing/tests/ikev2/ip-pool/evaltest.dat +++ b/testing/tests/ikev2/ip-pool/evaltest.dat @@ -1,21 +1,25 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool::YES -moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES -moon::cat /var/log/daemon.log::assigning virtual IP::YES -moon::ipsec leases rw::2/15, 2 online::YES -moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES -moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES +moon:: cat /var/log/daemon.log::assigning virtual IP::YES +moon:: ipsec leases rw 2> /dev/null::2/15, 2 online::YES +moon:: ipsec leases rw 10.3.0.1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec leases rw 10.3.0.2 2> /dev/null::dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf index 0b4cded6c..d6657cd9a 100755 --- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-split-pools-db/evaltest.dat b/testing/tests/ikev2/ip-split-pools-db/evaltest.dat index 8fd47dc34..60a537b02 100644 --- a/testing/tests/ikev2/ip-split-pools-db/evaltest.dat +++ b/testing/tests/ikev2/ip-split-pools-db/evaltest.dat @@ -1,15 +1,19 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES -carol::ipsec status::home.*INSTALLED::YES -dave::cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES -dave::ipsec status::home.*INSTALLED::YES -moon::cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES -moon::cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES -moon::cat /var/log/daemon.log::no available address found in pool.*pool0::YES -moon::cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES -moon::cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES -moon::ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES -moon::ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES -moon::ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES +moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES +moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES +moon:: cat /var/log/daemon.log::no available address found in pool.*pool0::YES +moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES +moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES +moon:: ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES +moon:: ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES +moon:: ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf index c0f9756e4..4ef94c753 100755 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat index ba2b07a10..fd0413d11 100644 --- a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat @@ -1,29 +1,37 @@ -carol::ipsec status::home.*INSTALLED::YES -dave::ipsec status::home.*INSTALLED::YES -alice::ipsec status::home.*INSTALLED::YES -venus::ipsec status::home.*INSTALLED::YES -moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::ext.*ESTABLISHED.*dave@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*venus.strongswan.org::YES -moon::ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES -moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES -moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES +venus::ipsec status 2> /dev/null::home.*ESTABLISHED.*venus.strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int\[3]: ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int\[4]: ESTABLISHED.*moon.strongswan.org.*venus.strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext[{]1}.*INSTALLED. TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext[{]2}.*INSTALLED. TUNNEL::YES +moon:: ipsec status 2> /dev/null::int[{]3}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::int[{]4}.*INSTALLED, TUNNEL::YES +moon:: ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES +moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES +moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES -dave::cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES +dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES venus::cat /var/log/daemon.log::installing new virtual IP 10.4.0.2::YES carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES -dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES +dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -dave::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES -dave::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES +dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf index d925a2564..403ed3b1b 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf index 2b673ec4d..d84d26140 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf index 22f9b6634..a53c9111c 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf index a4c37e117..996f52fe3 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf index 2dbd84fe7..2e0c50d2d 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat index 1505de751..05d8493e2 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat @@ -1,12 +1,16 @@ -carol::ipsec status::home.*INSTALLED::YES -alice::ipsec status::home.*INSTALLED::YES -moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES -moon::ipsec leases ext::1/15, 1 online::YES -moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES -moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES -moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES +moon:: ipsec leases ext 2> /dev/null::1/15, 1 online::YES +moon:: ipsec leases ext 10.3.0.1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES +moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf index f5ce1687e..4a47ce545 100755 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf index e647f1e36..a600d5e26 100755 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf index d80bb5305..1ce2634d5 100755 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools/evaltest.dat b/testing/tests/ikev2/ip-two-pools/evaltest.dat index ac0a3eeb3..c894edf9f 100644 --- a/testing/tests/ikev2/ip-two-pools/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools/evaltest.dat @@ -1,13 +1,17 @@ -carol::ipsec status::home.*INSTALLED::YES -alice::ipsec status::home.*INSTALLED::YES -moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES -moon::ipsec leases ext::1/15, 1 online::YES -moon::ipsec leases int::1/15, 1 online::YES -moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES -moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES +moon:: ipsec leases ext 2> /dev/null::1/15, 1 online::YES +moon:: ipsec leases int 2> /dev/null::1/15, 1 online::YES +moon:: ipsec leases ext 10.3.0.1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec leases int 10.4.0.1 2> /dev/null::alice@strongswan.org::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf index f5ce1687e..4a47ce545 100755 --- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf index e647f1e36..a600d5e26 100755 --- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf index 8435479fa..c13a8c309 100755 --- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat index f2758eb35..aded7a040 100644 --- a/testing/tests/ikev2/mobike-nat/evaltest.dat +++ b/testing/tests/ikev2/mobike-nat/evaltest.dat @@ -1,14 +1,14 @@ -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf index ed670efb1..5e7d48ec4 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf index ca4d84e16..faf9c8663 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat index 94dea0b14..c4c7b0b6f 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat @@ -1,14 +1,14 @@ -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf index ed670efb1..5e7d48ec4 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf index 1c8be1db4..b77b14861 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike/evaltest.dat b/testing/tests/ikev2/mobike/evaltest.dat index 6c49c0425..ebf5ad4cf 100644 --- a/testing/tests/ikev2/mobike/evaltest.dat +++ b/testing/tests/ikev2/mobike/evaltest.dat @@ -1,14 +1,14 @@ -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::PH_IP_ALICE1/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE1/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES +alice::ipsec statusall 2> /dev/null::PH_IP_ALICE1/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE1/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES +alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf index 6c87468bb..1ead52b8d 100755 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf index 4806cd9c8..fa54c3f64 100755 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat index 897db40ed..4a72b4392 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat @@ -1,11 +1,11 @@ -moon::cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES -moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES +moon:: cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES +moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES -moon::cat /var/log/daemon.log::received EAP identity .*228060123456001::YES -moon::cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES -moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED.*228060123456001@strongswan.org::YES +moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES +moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001@strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES @@ -15,7 +15,7 @@ dave::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES moon::cat /var/log/daemon.log::received EAP identity .*228060123456002::YES moon::cat /var/log/daemon.log::RADIUS authentication of '228060123456002' failed::YES moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 228060123456002@strongswan.org::YES -moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO +moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf index f8c52be78..d77e6c5db 100755 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf @@ -9,7 +9,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_DAVE diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf index 37d23b1f5..7ec97d8d6 100755 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat b/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat index d2453bbee..03426ac44 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES -dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf index a8a6d2b8f..38724c59b 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf index 8647ac813..717debbd6 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf index 4c84d183b..94c8a8773 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat index 4b827b4dd..dcd271772 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES -dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*INSTALLED::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*INSTALLED::YES +dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf index 9031a948c..6a343a0a4 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf index 0168be8e1..54e4075aa 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf index 75138581e..0d33c23b3 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat index 4a1c7208b..4abcde1e8 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat @@ -1,19 +1,19 @@ -moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -carol::ipsec status::venus.*INSTALLED::NO -moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO -moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES -moon::cat /var/log/daemon.log::switching to peer config.*venus::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES -dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -dave::ipsec status::alice.*INSTALLED::NO -moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO +moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES +moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES +moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES +dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*moon.strongswan.org.*ESTABLISHED.*dave@strongswan.org::NO diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf index 39996cf42..49ffd40f3 100755 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf index e25636a7d..c3c7afa3a 100755 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf index 46f1030cd..6ea3c3035 100755 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat index 6b77a8161..85bbe4ab9 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::maximum path length of 7 exceeded::YES +moon:: cat /var/log/daemon.log::maximum path length of 7 exceeded::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ipsec status::alice.*INSTALLED::NO -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::NO +carol::ipsec status 2> /dev/null::alice.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf index 5c34528a4..0b0426994 100755 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf index 96e493719..083a50195 100755 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat index 266f0d0da..913e8f454 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES +moon:: cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ipsec status::home.*INSTALLED::NO -moon::ipsec status::duck.*INSTALLED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::duck.*INSTALLED::NO diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf index 64539ccc2..d303a0512 100755 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf index 528dda39b..c5f13f9fa 100755 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat index 182f9e0fc..008ff2cf8 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::certificate was revoked::YES +moon:: cat /var/log/daemon.log::certificate was revoked::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -moon::ipsec status::alice.*ESTABLISHED::NO -carol::ipsec status::home.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED::NO diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf index a042da6d5..aac041e70 100755 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf index ef1beae7e..b9ece359f 100755 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat b/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat index a594745b7..90ee6a7a4 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat @@ -1,6 +1,6 @@ -carol::ipsec status::alice.*INSTALLED::YES -carol::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::ESTABLISHED.*carol@strongswan.org::YES -dave::ipsec status::venus.*INSTALLED::YES -dave::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::ESTABLISHED.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf index 6fcc1578e..c6f3ca64e 100755 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf index c4b41aa06..f190fe195 100755 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf index 9c02993e7..f5953bda8 100755 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca/evaltest.dat b/testing/tests/ikev2/multi-level-ca/evaltest.dat index b0814556d..e1c5be4ed 100644 --- a/testing/tests/ikev2/multi-level-ca/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca/evaltest.dat @@ -1,19 +1,19 @@ -moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org::YES carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -carol::ipsec status::venus.*INSTALLED::NO -moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO -moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES -moon::cat /var/log/daemon.log::switching to peer config.*venus::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES -dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -dave::ipsec status::alice.*INSTALLED::NO -moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO +moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES +moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES +moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES +dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*dave@strongswan.org::NO diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf index 174e248c2..942757add 100755 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf index 5c90dd4a2..2f14140ea 100755 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf index d0240a333..34b8b7258 100755 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/nat-one-rw/description.txt b/testing/tests/ikev2/nat-one-rw/description.txt deleted file mode 100644 index c3b9bb820..000000000 --- a/testing/tests/ikev2/nat-one-rw/description.txt +++ /dev/null @@ -1,5 +0,0 @@ -The roadwarrior <b>alice</b> sitting behind the NAT router <b>moon</b> sets up a tunnel to -gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router. -<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass -the tunneled traffic. In order to test the tunnel, the NAT-ed host <b>alice</b> pings the -client <b>bob</b> behind the gateway <b>sun</b>. diff --git a/testing/tests/ikev2/nat-one-rw/evaltest.dat b/testing/tests/ikev2/nat-one-rw/evaltest.dat deleted file mode 100644 index 7395e5571..000000000 --- a/testing/tests/ikev2/nat-one-rw/evaltest.dat +++ /dev/null @@ -1,5 +0,0 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 6d9e62e1d..000000000 --- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - keep_alive = 1d - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown -} diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf deleted file mode 100755 index a2c168601..000000000 --- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - left=PH_IP_SUN - leftcert=sunCert.pem - leftid=@sun.strongswan.org - leftfirewall=yes - -conn net-net - leftsubnet=10.2.0.0/16 - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add - -conn host-host - right=PH_IP_MOON - rightid=@moon.strongswan.org - auto=add - -conn nat-t - leftsubnet=10.2.0.0/16 - right=%any - rightsubnet=10.1.0.10/32 - auto=add diff --git a/testing/tests/ikev2/nat-one-rw/posttest.dat b/testing/tests/ikev2/nat-one-rw/posttest.dat deleted file mode 100644 index cd0d4df25..000000000 --- a/testing/tests/ikev2/nat-one-rw/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -alice::ipsec stop -sun::ipsec stop -alice::/etc/init.d/iptables stop 2> /dev/null -sun::/etc/init.d/iptables stop 2> /dev/null -moon::iptables -t nat -F -moon::conntrack -F diff --git a/testing/tests/ikev2/nat-one-rw/pretest.dat b/testing/tests/ikev2/nat-one-rw/pretest.dat deleted file mode 100644 index a4f5ecd79..000000000 --- a/testing/tests/ikev2/nat-one-rw/pretest.dat +++ /dev/null @@ -1,12 +0,0 @@ -alice::/etc/init.d/iptables start 2> /dev/null -sun::/etc/init.d/iptables start 2> /dev/null -moon::conntrack -F -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 -alice::ipsec start -sun::ipsec start -alice::sleep 4 -alice::ipsec up nat-t -alice::sleep 1 - diff --git a/testing/tests/ikev2/nat-portswitch/description.txt b/testing/tests/ikev2/nat-portswitch/description.txt deleted file mode 100644 index 93b779ee1..000000000 --- a/testing/tests/ikev2/nat-portswitch/description.txt +++ /dev/null @@ -1,6 +0,0 @@ -The roadwarrior <b>alice</b> sitting behind the NAT router <b>moon</b> sets up a connection -to gateway <b>sun</b> using IKEv2. UDP encapsulation is used to traverse the NAT router. -The authentication is based on locally loaded <b>X.509 certificates</b>. -After the IPsec Setup NAT router moon "crashes" (i.e. flushes its conntrack -table) and with the next dpd sent from <b>alice</b> a dynamical address update -should occur in gateway <b>sun</b>. diff --git a/testing/tests/ikev2/nat-portswitch/evaltest.dat b/testing/tests/ikev2/nat-portswitch/evaltest.dat deleted file mode 100644 index 75b01a551..000000000 --- a/testing/tests/ikev2/nat-portswitch/evaltest.dat +++ /dev/null @@ -1,10 +0,0 @@ -sun::ipsec statusall::rw-alice.*ESTABLISHED::YES -alice::ipsec statusall::home.*ESTABLISHED::YES -moon::cmd::iptables -t nat -F::YES -moon::cmd::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:3024-3100::YES -moon::cmd::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:4000-4100::YES -moon::cmd::conntrack -F::YES -alice::cmd::sleep 75::YES -bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP, length: 132::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP, length: 132::YES diff --git a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf deleted file mode 100644 index cd9de533a..000000000 --- a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -version 2.0 # conforms to second version of ipsec.conf specification - -config setup - plutostart=no - -conn home - left=PH_IP_ALICE - leftcert=aliceCert.pem - leftid=alice@strongswan.org - right=PH_IP_SUN - rightcert=sunCert.pem - rightid=@sun.strongswan.org - rightsubnet=10.2.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem deleted file mode 100644 index e7825e3db..000000000 --- a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTU1M1oXDTA5MDkwOTExMTU1M1owRTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z -dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ8 -foB9h5BZ92gA5JkQTJNuoF6FAzoq91Gh7To27/g74p01+SUnsSaBfPmNfGp4avdS -Ewy2dWMA/7uj0Dbe8MEKssNztp0JQubp2s7n8mrrQLGsqB6YAS09l75XDjS3yqTC -AtH1kD4zAl/j/AyeQBuLR4CyJEmC/rqD3/a+pr42CaljuFBgBRpCTUpU4mlslZSe -zv9wu61PwTFxb8VDlBHUd/lwkXThKgU3uEhWRxLahpSldEGmiTTmx30k/XbOMF2n -HObEHt5EY9uWRGGbj81ZRWiNk0dNtbpneUHv/NvdWLc591M8cEGEQdWW2XTVbL2G -N67q8hdzGgIvb7QJPMcCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgOoMB0GA1UdDgQWBBQ9xLkyCBbyQmRet0vvV1Fg6z5q2DBtBgNVHSMEZjBkgBRd -p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT -EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB -ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwOQYDVR0fBDIwMDAuoCyg -KoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLmNybDANBgkq -hkiG9w0BAQQFAAOCAQEAGQQroiAa0SwwhJprGd7OM+rfBJAGbsa3DPzFCfHX1R7i -ZyDs9aph1DK+IgUa377Ev1U7oB0EldpmOoJJugCjtNLfpW3t1RXBERL/QfpO2+VP -Wt3SfZ0Oq48jiqB1MVLMZRPCICZEQjT4sJ3HYs5ZuucuvoxeMx3rQ4HxUtHtMD3S -5JNMwFFiOXAjyIyrTlb7YuRJTT5hE+Rms8GUQ5Xnt7zKZ7yfoSLFzy0/cLFPdQvE -JA7w8crODCZpDgEKVHVyUWuyt1O46N3ydUfDcnKJoQ9HWHm3xCbDex5MHTnvm1lk -Stx71CGM7TE6VPy028UlrSw0JqEwCVwstei2cMzwgA== ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem deleted file mode 100644 index e99ae8ec7..000000000 --- a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz -MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer -GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4 -FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W -6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH -v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc -KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa -60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG -A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0 -cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu -Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn -L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo -2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ -AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5 -D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S -CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi -6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re -JGhV ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-portswitch/posttest.dat b/testing/tests/ikev2/nat-portswitch/posttest.dat deleted file mode 100644 index 3b9f53e9b..000000000 --- a/testing/tests/ikev2/nat-portswitch/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -sun::ipsec stop -alice::ipsec stop -sun::rm /etc/ipsec.d/certs/* -alice::rm /etc/ipsec.d/certs/* -moon::iptables -t nat -F -moon::conntrack -F diff --git a/testing/tests/ikev2/nat-portswitch/pretest.dat b/testing/tests/ikev2/nat-portswitch/pretest.dat deleted file mode 100644 index 17cc4b070..000000000 --- a/testing/tests/ikev2/nat-portswitch/pretest.dat +++ /dev/null @@ -1,9 +0,0 @@ -sun::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 -sun::ipsec start -alice::ipsec start -alice::sleep 1 -alice::ipsec up home -alice::sleep 1 diff --git a/testing/tests/ikev2/nat-portswitch/test.conf b/testing/tests/ikev2/nat-portswitch/test.conf deleted file mode 100644 index d84149aaf..000000000 --- a/testing/tests/ikev2/nat-portswitch/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice moon winnetou sun bob" - -# Corresponding block diagram -# -DIAGRAM="a-m-w-s-b.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="alice sun" diff --git a/testing/tests/ikev2/nat-two-rw-mark/description.txt b/testing/tests/ikev2/nat-rw-mark/description.txt index 2a93d11d8..2a93d11d8 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/description.txt +++ b/testing/tests/ikev2/nat-rw-mark/description.txt diff --git a/testing/tests/ikev2/nat-two-rw-mark/evaltest.dat b/testing/tests/ikev2/nat-rw-mark/evaltest.dat index 74ba178d9..db9e969d2 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/evaltest.dat +++ b/testing/tests/ikev2/nat-rw-mark/evaltest.dat @@ -1,9 +1,11 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -venus::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::alice.*ESTABLISHED.*alice@strongswan.org::YES -sun::ipsec statusall::venus.*ESTABLISHED.*venus.strongswan.org::YES -sun::ipsec statusall::alice.*10.2.0.0/16 === 10.1.0.0/25::YES -sun::ipsec statusall::venus.*10.2.0.0/16 === 10.1.0.0/25::YES +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES +venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES +sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES +sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.ipsec-nat-t: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf index 0f7c23845..c0244e2ff 100755 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf index 339b56987..339b56987 100644 --- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf index ae4644c4b..1f0ec3734 100755 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown index 0d22e684d..0d22e684d 100755 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf index 339b56987..339b56987 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf index c82c3e978..78df400fd 100755 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf index 339b56987..339b56987 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat b/testing/tests/ikev2/nat-rw-mark/posttest.dat index 89d5f534b..89d5f534b 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat +++ b/testing/tests/ikev2/nat-rw-mark/posttest.dat diff --git a/testing/tests/ikev2/nat-two-rw-mark/pretest.dat b/testing/tests/ikev2/nat-rw-mark/pretest.dat index 105968f45..3ed13d5fa 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/pretest.dat +++ b/testing/tests/ikev2/nat-rw-mark/pretest.dat @@ -1,6 +1,6 @@ +sun::/etc/init.d/iptables start 2> /dev/null alice::/etc/init.d/iptables start 2> /dev/null venus::/etc/init.d/iptables start 2> /dev/null -sun::/etc/init.d/iptables start 2> /dev/null moon::echo 1 > /proc/sys/net/ipv4/ip_forward moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 500 -j SNAT --to PH_IP_MOON:510 @@ -11,9 +11,9 @@ sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3. sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20 sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 10 sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 20 +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start alice::sleep 2 alice::ipsec up nat-t venus::sleep 2 diff --git a/testing/tests/ikev2/nat-two-rw-mark/test.conf b/testing/tests/ikev2/nat-rw-mark/test.conf index ae3c190b8..ae3c190b8 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/test.conf +++ b/testing/tests/ikev2/nat-rw-mark/test.conf diff --git a/testing/tests/ikev2/nat-rw-mixed/description.txt b/testing/tests/ikev2/nat-rw-mixed/description.txt deleted file mode 100644 index 511a1a874..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/description.txt +++ /dev/null @@ -1,6 +0,0 @@ -The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> -set up a connection to gateway <b>sun</b>. <b>alice</b> uses the IKEv2 key exchange protocol -whereas <b>venus</b> negotiates the connection via the IKEv1 protocol. -UDP encapsulation is used to traverse the NAT router. -In order to test the tunnel the NAT-ed hosts <b>alice</b> and <b>venus</b> ping the client -<b>bob</b> behind the gateway <b>sun</b>. diff --git a/testing/tests/ikev2/nat-rw-mixed/evaltest.dat b/testing/tests/ikev2/nat-rw-mixed/evaltest.dat deleted file mode 100644 index 685c1b43f..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -sun::ipsec statusall::rw-alice.*ESTABLISHED::YES -sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES -sun::ipsec status::nat-t.*@venus.strongswan.org::YES -alice::ipsec statusall::home.*ESTABLISHED::YES -sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf deleted file mode 100644 index cd9de533a..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -version 2.0 # conforms to second version of ipsec.conf specification - -config setup - plutostart=no - -conn home - left=PH_IP_ALICE - leftcert=aliceCert.pem - leftid=alice@strongswan.org - right=PH_IP_SUN - rightcert=sunCert.pem - rightid=@sun.strongswan.org - rightsubnet=10.2.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem deleted file mode 100644 index e7825e3db..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTU1M1oXDTA5MDkwOTExMTU1M1owRTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z -dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ8 -foB9h5BZ92gA5JkQTJNuoF6FAzoq91Gh7To27/g74p01+SUnsSaBfPmNfGp4avdS -Ewy2dWMA/7uj0Dbe8MEKssNztp0JQubp2s7n8mrrQLGsqB6YAS09l75XDjS3yqTC -AtH1kD4zAl/j/AyeQBuLR4CyJEmC/rqD3/a+pr42CaljuFBgBRpCTUpU4mlslZSe -zv9wu61PwTFxb8VDlBHUd/lwkXThKgU3uEhWRxLahpSldEGmiTTmx30k/XbOMF2n -HObEHt5EY9uWRGGbj81ZRWiNk0dNtbpneUHv/NvdWLc591M8cEGEQdWW2XTVbL2G -N67q8hdzGgIvb7QJPMcCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgOoMB0GA1UdDgQWBBQ9xLkyCBbyQmRet0vvV1Fg6z5q2DBtBgNVHSMEZjBkgBRd -p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT -EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB -ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwOQYDVR0fBDIwMDAuoCyg -KoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLmNybDANBgkq -hkiG9w0BAQQFAAOCAQEAGQQroiAa0SwwhJprGd7OM+rfBJAGbsa3DPzFCfHX1R7i -ZyDs9aph1DK+IgUa377Ev1U7oB0EldpmOoJJugCjtNLfpW3t1RXBERL/QfpO2+VP -Wt3SfZ0Oq48jiqB1MVLMZRPCICZEQjT4sJ3HYs5ZuucuvoxeMx3rQ4HxUtHtMD3S -5JNMwFFiOXAjyIyrTlb7YuRJTT5hE+Rms8GUQ5Xnt7zKZ7yfoSLFzy0/cLFPdQvE -JA7w8crODCZpDgEKVHVyUWuyt1O46N3ydUfDcnKJoQ9HWHm3xCbDex5MHTnvm1lk -Stx71CGM7TE6VPy028UlrSw0JqEwCVwstei2cMzwgA== ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf deleted file mode 100644 index b85bd607b..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf +++ /dev/null @@ -1,31 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -version 2.0 # conforms to second version of ipsec.conf specification - -config setup - plutodebug=control - crlcheckinterval=180 - nat_traversal=yes - -conn %default - ikelifetime=60m - keylife=20m - left=PH_IP_SUN - leftcert=sunCert.pem - leftid=@sun.strongswan.org - leftsubnet=10.2.0.0/16 - -conn rw-alice - right=%any - rightcert=aliceCert.pem - rightid=alice@strongswan.org - rightsubnet=10.1.0.0/16 - keyexchange=ikev2 - auto=add - -conn nat-t - leftsubnet=10.2.0.0/16 - right=%any - rightsubnetwithin=10.1.0.0/16 - keyexchange=ikev1 - auto=add diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem deleted file mode 100644 index e99ae8ec7..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz -MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer -GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4 -FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W -6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH -v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc -KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa -60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG -A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0 -cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu -Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn -L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo -2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ -AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5 -D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S -CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi -6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re -JGhV ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem deleted file mode 100644 index 25a6941b0..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBBDANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTgyNloXDTA5MDkwOTExMTgyNlowRzELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHTAbBgNVBAMTFHZlbnVz -LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -mlQ2s9J7bw73onkw0ZwwcM2JDJuU3KmmuzETlmLdtg7m8yFCdhoDg6cxrsIvPAWy -Gs++1e+1qzy7LTnNHckaHHFwJQf0JoIGE1bbUrJidX8B1T3sDdvZFbyfmQTWSEyJ -thrdqdPS92VJW/9XQOPeEhudIHr+NtWQfCm3OQFKDXGCEkHOjpVNHn3BPUiL99ON -FiLZX3gZy6vTERpEE8ga66fHtpM3RJfIxYoUQUdRw8iIa8iOvRGtJa/MfOWX6L/H -wquRv3SuCl4iMSph7e/VE+z5xx3OyKSAki914DgRFnQITKjyGxw1lORlDQlZy2w/ -nu0BAbXS1pb/2AiF8jDpbQIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E -BAMCA6gwHQYDVR0OBBYEFEqPlXBYJh1knX0Q61HMcn9LOZ6sMG0GA1UdIwRmMGSA -FF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UE -ChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENB -ggEAMB8GA1UdEQQYMBaCFHZlbnVzLnN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAw -LqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmww -DQYJKoZIhvcNAQEEBQADggEBAEx3kXh2Z5CMH+tX6cJPyi6gSeOgXy7NBiNsEdXN -rwGp4DwN6uiSog4EYZJA203oqE3eaoYdBXKiOGvjW4vyigvpDr8H+MeW2HsNuMKX -PFpY4NucV0fJlzFhtkp31zTLHNESCgTqNIwGj+CbN0rxhHGE6502krnu+C12nJ7B -fdMzml1RmVp4JlZC5yfiTy0F2s/aH+8xQ2x509UoD+boNM9GR+IlWS2dDypISGid -hbM4rpiMLBj2riWD8HiuljkKQ6LemBXeZQXuIPlusl7cH/synNkHk8iiALM8xfGh -wTEmdo5Tp5sDI3cj3LVvhcsTxjiOA81her1F0itlxpEA/gA= ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-rw-mixed/posttest.dat b/testing/tests/ikev2/nat-rw-mixed/posttest.dat deleted file mode 100644 index 0a8ce2bbc..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -sun::ipsec stop -alice::ipsec stop -venus::ipsec stop -sun::rm /etc/ipsec.d/certs/* -alice::rm /etc/ipsec.d/certs/* -moon::iptables -t nat -F diff --git a/testing/tests/ikev2/nat-rw-mixed/pretest.dat b/testing/tests/ikev2/nat-rw-mixed/pretest.dat deleted file mode 100644 index d2c5c7df2..000000000 --- a/testing/tests/ikev2/nat-rw-mixed/pretest.dat +++ /dev/null @@ -1,11 +0,0 @@ -sun::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 -sun::ipsec start -alice::ipsec start -venus::ipsec start -alice::sleep 1 -venus::ipsec up nat-t -alice::ipsec up home -alice::sleep 1 diff --git a/testing/tests/ikev2/nat-two-rw-psk/description.txt b/testing/tests/ikev2/nat-rw-psk/description.txt index c74897d9a..c74897d9a 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/description.txt +++ b/testing/tests/ikev2/nat-rw-psk/description.txt diff --git a/testing/tests/ikev2/nat-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-rw-psk/evaltest.dat new file mode 100644 index 000000000..051db978a --- /dev/null +++ b/testing/tests/ikev2/nat-rw-psk/evaltest.dat @@ -0,0 +1,9 @@ +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +venus::ipsec status 2> /dev/null::nat-t.*INSTALLED. TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_ALICE\]::YES +sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_VENUS\]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES +moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf index e0ccbb812..e0ccbb812 100755 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets index d61e3eb48..d61e3eb48 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets +++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf index 882ea04a5..882ea04a5 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf index d6b5d4d6f..d6b5d4d6f 100755 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets index 5f2955503..5f2955503 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets +++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf index 882ea04a5..882ea04a5 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf index e0ccbb812..e0ccbb812 100755 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets index 9cd66b1df..9cd66b1df 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets +++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf index 882ea04a5..882ea04a5 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/posttest.dat b/testing/tests/ikev2/nat-rw-psk/posttest.dat index 52572ece8..52572ece8 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/posttest.dat +++ b/testing/tests/ikev2/nat-rw-psk/posttest.dat diff --git a/testing/tests/ikev2/nat-two-rw-psk/pretest.dat b/testing/tests/ikev2/nat-rw-psk/pretest.dat index 5e23259bb..6a542ec8f 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/pretest.dat +++ b/testing/tests/ikev2/nat-rw-psk/pretest.dat @@ -7,9 +7,9 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to- alice::rm /etc/ipsec.d/cacerts/* venus::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start alice::sleep 2 alice::ipsec up nat-t venus::sleep 2 diff --git a/testing/tests/ikev2/nat-rw-mixed/test.conf b/testing/tests/ikev2/nat-rw-psk/test.conf index 84317fd70..84317fd70 100644 --- a/testing/tests/ikev2/nat-rw-mixed/test.conf +++ b/testing/tests/ikev2/nat-rw-psk/test.conf diff --git a/testing/tests/ikev2/nat-two-rw/description.txt b/testing/tests/ikev2/nat-rw/description.txt index dcf4b94bd..dcf4b94bd 100644 --- a/testing/tests/ikev2/nat-two-rw/description.txt +++ b/testing/tests/ikev2/nat-rw/description.txt diff --git a/testing/tests/ikev2/nat-rw/evaltest.dat b/testing/tests/ikev2/nat-rw/evaltest.dat new file mode 100644 index 000000000..e0b458dba --- /dev/null +++ b/testing/tests/ikev2/nat-rw/evaltest.dat @@ -0,0 +1,18 @@ +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES +venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon:: sleep 6::no output expected::NO +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES +alice::cat /var/log/daemon.log::sending keep alive::YES +venus::cat /var/log/daemon.log::sending keep alive::YES diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf index 3da2fcf86..a425f7bbf 100755 --- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -13,7 +11,7 @@ conn %default keyexchange=ikev2 conn nat-t - left=%defaultroute + left=%any leftcert=aliceCert.pem leftid=alice@strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..9953ffa94 --- /dev/null +++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown + + keep_alive = 5 +} diff --git a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf index a7722142f..a488d9817 100644..100755 --- a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf @@ -1,20 +1,21 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -version 2.0 # conforms to second version of ipsec.conf specification - config setup plutostart=no conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn nat-t left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org + leftfirewall=yes leftsubnet=10.2.0.0/16 - keyexchange=ikev2 - -conn rw-alice right=%any - rightcert=aliceCert.pem - rightid=alice@strongswan.org rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf index 339b56987..fa8b1ce55 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf index 3a70b3434..61671ba08 100755 --- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -13,7 +11,7 @@ conn %default keyexchange=ikev2 conn nat-t - left=%defaultroute + left=%any leftcert=venusCert.pem leftid=@venus.strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf new file mode 100644 index 000000000..9953ffa94 --- /dev/null +++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown + + keep_alive = 5 +} diff --git a/testing/tests/ikev2/nat-two-rw/posttest.dat b/testing/tests/ikev2/nat-rw/posttest.dat index 52572ece8..52572ece8 100644 --- a/testing/tests/ikev2/nat-two-rw/posttest.dat +++ b/testing/tests/ikev2/nat-rw/posttest.dat diff --git a/testing/tests/ikev2/nat-two-rw/pretest.dat b/testing/tests/ikev2/nat-rw/pretest.dat index e365ff5c5..e365ff5c5 100644 --- a/testing/tests/ikev2/nat-two-rw/pretest.dat +++ b/testing/tests/ikev2/nat-rw/pretest.dat diff --git a/testing/tests/ikev2/nat-two-rw-psk/test.conf b/testing/tests/ikev2/nat-rw/test.conf index 84317fd70..84317fd70 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/test.conf +++ b/testing/tests/ikev2/nat-rw/test.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat deleted file mode 100644 index 2cab168f0..000000000 --- a/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -venus::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec status::nat-t.*\[PH_IP_ALICE\]::YES -sun::ipsec status::nat-t.*\[PH_IP_VENUS\]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw/evaltest.dat b/testing/tests/ikev2/nat-two-rw/evaltest.dat deleted file mode 100644 index bd0a4b52b..000000000 --- a/testing/tests/ikev2/nat-two-rw/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -venus::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec status::alice@strongswan.org::YES -sun::ipsec status::venus.strongswan.org::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 339b56987..000000000 --- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown -} diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf deleted file mode 100644 index 339b56987..000000000 --- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown -} diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf deleted file mode 100644 index 339b56987..000000000 --- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown -} diff --git a/testing/tests/ikev2/nat-two-rw/test.conf b/testing/tests/ikev2/nat-two-rw/test.conf deleted file mode 100644 index 84317fd70..000000000 --- a/testing/tests/ikev2/nat-two-rw/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice venus moon winnetou sun bob" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-w-s-b.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="alice venus sun" diff --git a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat index 75d5ffbd3..9c98e312a 100644 --- a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat @@ -1,6 +1,6 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf index e43e0d785..e5870894d 100755 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf index 9cede8d56..51dc508a5 100755 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-cert/evaltest.dat b/testing/tests/ikev2/net2net-cert/evaltest.dat index e67c39a08..c98f5d78d 100644 --- a/testing/tests/ikev2/net2net-cert/evaltest.dat +++ b/testing/tests/ikev2/net2net-cert/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf index 562f26826..def5813b1 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf index cb17a9e07..7101d36dc 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf index 24e5df519..b93233168 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf index cb17a9e07..7101d36dc 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-esn/evaltest.dat b/testing/tests/ikev2/net2net-esn/evaltest.dat index 928783c87..63058eb88 100644 --- a/testing/tests/ikev2/net2net-esn/evaltest.dat +++ b/testing/tests/ikev2/net2net-esn/evaltest.dat @@ -1,14 +1,16 @@ -sun::cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES -sun::cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES -sun::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES -moon::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES -moon::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES +sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES +moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES +moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES -moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES -sun::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES +moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES +sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf index 98f4864d3..dbddd9f5b 100755 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2, knl 2" diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf index 26fde389e..e3a4944c8 100755 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2, knl 2" diff --git a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat index 1a3759e34..97dd63c5a 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec status::net-net.*INSTALLED::YES -sun::ipsec status::net-net.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed.*sun <sun.strongswan.org>::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun <sun.strongswan.org>.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat index 1a3759e34..4615c3ed8 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec status::net-net.*INSTALLED::YES -sun::ipsec status::net-net.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat index 5881d9246..1556143cf 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat @@ -1,7 +1,7 @@ -moon::ipsec statusall::dscp-be.*ESTABLISHED::YES -moon::ipsec statusall::dscp-ef.*ESTABLISHED::YES -sun::ipsec statusall::dscp-be.*ESTABLISHED::YES -sun::ipsec statusall::dscp-ef.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*moon-be.*sun-be::YES +moon:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*moon-ef.*sun-ef::YES +sun:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*sun-be.*moon-be::YES +sun:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*sun-ef.*moon-ef::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf index d78d27c1a..9ba79b28e 100755 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" @@ -15,15 +13,15 @@ conn %default mobike=no conn dscp-be - leftid=@sun-be - rightid=@moon-be + leftid=@moon-be + rightid=@sun-be mark=10 also=net-net auto=add conn dscp-ef - leftid=@sun-ef - rightid=@moon-ef + leftid=@moon-ef + rightid=@sun-ef mark=20 also=net-net auto=add diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf index 9d2ef7471..94e8c073b 100755 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" @@ -15,15 +13,15 @@ conn %default mobike=no conn dscp-be - leftid=@moon-be - rightid=@sun-be + leftid=@sun-be + rightid=@moon-be mark=10 also=net-net auto=add conn dscp-ef - leftid=@moon-ef - rightid=@sun-ef + leftid=@sun-ef + rightid=@moon-ef mark=20 also=net-net auto=add diff --git a/testing/tests/ikev2/net2net-psk-fail/description.txt b/testing/tests/ikev2/net2net-psk-fail/description.txt new file mode 100644 index 000000000..d41b2c954 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/description.txt @@ -0,0 +1,4 @@ +A connection between the gateways <b>moon</b> and <b>sun</b> is set up. +The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b> +uses a wrong PSK. Therefore the connection setup is aborted by gateway <b>sun</b> +by sending an <b>AUTHENTICATION_FAILED</b> notify error. diff --git a/testing/tests/ikev2/net2net-psk-fail/evaltest.dat b/testing/tests/ikev2/net2net-psk-fail/evaltest.dat new file mode 100644 index 000000000..3f5092893 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/evaltest.dat @@ -0,0 +1,6 @@ +sun:: cat /var/log/daemon.log::tried 1 shared key for.*sun.strongswan.org.*moon.strongswan.org.*but MAC mismatched::YES +moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::NO +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::NO +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf index 8db43213f..15d8ddb11 100755 --- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,14 +8,16 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + authby=secret keyexchange=ikev2 + mobike=no -conn nat-t - left=%defaultroute - leftcert=aliceCert.pem - leftid=alice@strongswan.org +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org leftfirewall=yes right=PH_IP_SUN - rightid=@sun.strongswan.org rightsubnet=10.2.0.0/16 + rightid=@sun.strongswan.org auto=add diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..38ebf966c --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,4 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx + diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..57148a040 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf index d8b426318..e145d9974 100755 --- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,26 +8,16 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + authby=secret keyexchange=ikev2 - left=PH_IP_SUN - leftcert=sunCert.pem - leftid=@sun.strongswan.org - leftfirewall=yes + mobike=no conn net-net + left=PH_IP_SUN leftsubnet=10.2.0.0/16 + leftid=@sun.strongswan.org + leftfirewall=yes right=PH_IP_MOON rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org auto=add - -conn host-host - right=PH_IP_MOON - rightid=@moon.strongswan.org - auto=add - -conn nat-t - leftsubnet=10.2.0.0/16 - right=%any - rightsubnet=10.1.0.0/16 - auto=add diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets new file mode 100644 index 000000000..be95c4d99 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,7 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL + + + + diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..57148a040 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-psk-fail/posttest.dat b/testing/tests/ikev2/net2net-psk-fail/posttest.dat new file mode 100644 index 000000000..5a9150bc8 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/net2net-psk-fail/pretest.dat b/testing/tests/ikev2/net2net-psk-fail/pretest.dat new file mode 100644 index 000000000..976a196db --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/pretest.dat @@ -0,0 +1,8 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::rm /etc/ipsec.d/cacerts/* +sun::rm /etc/ipsec.d/cacerts/* +moon::ipsec start +sun::ipsec start +moon::sleep 1 +moon::ipsec up net-net diff --git a/testing/tests/ikev2/nat-one-rw/test.conf b/testing/tests/ikev2/net2net-psk-fail/test.conf index d84149aaf..f6e064e7d 100644 --- a/testing/tests/ikev2/nat-one-rw/test.conf +++ b/testing/tests/ikev2/net2net-psk-fail/test.conf @@ -5,17 +5,17 @@ # All UML instances that are required for this test # -UMLHOSTS="alice moon winnetou sun bob" +UMLHOSTS="moon winnetou sun" # Corresponding block diagram # -DIAGRAM="a-m-w-s-b.png" +DIAGRAM="m-w-s.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="moon" +TCPDUMPHOSTS="" # UML instances on which IPsec is started # Used for IPsec logging purposes # -IPSECHOSTS="alice sun" +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-psk/evaltest.dat b/testing/tests/ikev2/net2net-psk/evaltest.dat index e67c39a08..c98f5d78d 100644 --- a/testing/tests/ikev2/net2net-psk/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf index 4e2fcf17b..57148a040 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf index 4e2fcf17b..57148a040 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pubkey/evaltest.dat b/testing/tests/ikev2/net2net-pubkey/evaltest.dat index 0ccfb7efd..e47e709e2 100644 --- a/testing/tests/ikev2/net2net-pubkey/evaltest.dat +++ b/testing/tests/ikev2/net2net-pubkey/evaltest.dat @@ -1,7 +1,7 @@ -moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES -sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES -moon::ipsec status::INSTALLED, TUNNEL::YES -sun::ipsec status::INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat index 149cf727a..59d0372dc 100644 --- a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat +++ b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat @@ -1,15 +1,15 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES -moon::cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES -moon::cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -moon::cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -sun::cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES -sun::cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES -sun::cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -sun::cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -moon::cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES -sun::cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES +moon:: cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES +moon:: cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +moon:: cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +sun:: cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES +sun:: cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES +sun:: cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +sun:: cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +moon:: cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES +sun:: cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf index ce59d849c..68b944359 100755 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf index afc2e399e..3f7bc2ac4 100755 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/net2net-route/evaltest.dat b/testing/tests/ikev2/net2net-route/evaltest.dat index a89e5a298..63d1cde24 100644 --- a/testing/tests/ikev2/net2net-route/evaltest.dat +++ b/testing/tests/ikev2/net2net-route/evaltest.dat @@ -1,6 +1,8 @@ -moon::cat /var/log/daemon.log::creating acquire job::YES -moon::ipsec statusall::net-net.*INSTALLED::YES -sun::ipsec statusall::net-net.*INSTALLED::YES +moon:: cat /var/log/daemon.log::creating acquire job::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf index 8a2f8b77c..c15fdbb4f 100755 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf index 24e5df519..b93233168 100755 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-rsa/evaltest.dat b/testing/tests/ikev2/net2net-rsa/evaltest.dat index 0ccfb7efd..e47e709e2 100644 --- a/testing/tests/ikev2/net2net-rsa/evaltest.dat +++ b/testing/tests/ikev2/net2net-rsa/evaltest.dat @@ -1,7 +1,7 @@ -moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES -sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES -moon::ipsec status::INSTALLED, TUNNEL::YES -sun::ipsec status::INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-same-nets/evaltest.dat b/testing/tests/ikev2/net2net-same-nets/evaltest.dat index bf99bb278..1ca7e2d60 100644 --- a/testing/tests/ikev2/net2net-same-nets/evaltest.dat +++ b/testing/tests/ikev2/net2net-same-nets/evaltest.dat @@ -1,7 +1,9 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_seq=1::YES -bob::ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES +bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf index 8f43a4f6e..fbb054f07 100755 --- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf index 33e1e6656..399e374aa 100755 --- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-start/evaltest.dat b/testing/tests/ikev2/net2net-start/evaltest.dat index 244dec5bf..dbd06104f 100644 --- a/testing/tests/ikev2/net2net-start/evaltest.dat +++ b/testing/tests/ikev2/net2net-start/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::net-net.*INSTALLED::YES -sun::ipsec statusall::net-net.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf index 1cc812864..28e979108 100755 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf index 24e5df519..b93233168 100755 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-start/pretest.dat b/testing/tests/ikev2/net2net-start/pretest.dat index 6e41d5245..8f3d17207 100644 --- a/testing/tests/ikev2/net2net-start/pretest.dat +++ b/testing/tests/ikev2/net2net-start/pretest.dat @@ -3,4 +3,4 @@ sun::/etc/init.d/iptables start 2> /dev/null sun::ipsec start sun::sleep 2 moon::ipsec start -alice::sleep 3 +moon::sleep 3 diff --git a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat index c08a17943..e931afb7e 100644 --- a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat @@ -1,12 +1,12 @@ -moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES -carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES +moon:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES +carol::ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES carol::cat /var/log/daemon.log::requesting ocsp status from::YES carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf index e2602f08a..ba9779cb5 100755 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf index 119d14a42..b79c056ab 100755 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat index 768de938b..c41a668f0 100644 --- a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat +++ b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat @@ -1,10 +1,10 @@ -moon::ipsec listocspcerts::altNames.*ocsp.*strongswan.org::YES -carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES -dave::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.*strongswan.org::YES +carol::ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES +dave:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::certificate status is good::YES -dave::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::ESTABLISHED.*carol::YES -moon::ipsec status::ESTABLISHED.*dave::YES -carol::ipsec status::ESTABLISHED::YES -dave::ipsec status::ESTABLISHED::YES +dave:: cat /var/log/daemon.log::certificate status is good::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*CN=carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*CN=dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::ESTABLISHED.*CN=carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::ESTABLISHED.*CN=dave@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf index 259997f5c..672b155a1 100755 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf index 0763d1734..9846658bb 100755 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf index b0e8336e6..2cea2e401 100755 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat index a0a045ce8..a2ce5ad93 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat @@ -1,7 +1,7 @@ -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::ocsp response verification failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES -moon::ipsec status::rw.*ESTABLISHED::NO +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::ocsp response verification failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ipsec status::home.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-revoked/evaltest.dat b/testing/tests/ikev2/ocsp-revoked/evaltest.dat index 2c3196103..97006c93e 100644 --- a/testing/tests/ikev2/ocsp-revoked/evaltest.dat +++ b/testing/tests/ikev2/ocsp-revoked/evaltest.dat @@ -1,8 +1,8 @@ -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::certificate was revoked on::YES -moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature failed +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::certificate was revoked on::YES +moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature failed carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf index 0d7cf5928..f0ea55952 100755 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf index 119d14a42..b79c056ab 100755 --- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat index 5bb322acc..0f852d7b1 100644 --- a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat @@ -1,10 +1,10 @@ -moon::cat /var/log/daemon.log::requesting ocsp status::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: cat /var/log/daemon.log::requesting ocsp status::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::requesting ocsp status::YES carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf index e2602f08a..ba9779cb5 100755 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf index 119d14a42..b79c056ab 100755 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat index f8bf0326a..7c7813cff 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat @@ -1,12 +1,12 @@ -carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES -moon::cat /var/log/daemon.log::requesting ocsp status::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +carol::ipsec listcainfos 2> /dev/null::ocspuris.*http://ocsp.strongswan.org::YES +moon:: cat /var/log/daemon.log::requesting ocsp status::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::requesting ocsp status::YES carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf index 4011a6c17..83a2fd4b1 100755 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf index ce653cf08..3adc76790 100755 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat index 2e0f059c6..c31e05ef5 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat +++ b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat @@ -1,8 +1,8 @@ -moon::cat /var/log/daemon.log::authentication of.*carol.*successful::YES -moon::cat /var/log/daemon.log::libcurl http request failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES -moon::ipsec status::ESTABLISHED.*carol::YES -moon::ipsec status::ESTABLISHED.*dave::NO -carol::ipsec status::ESTABLISHED::YES -dave::ipsec status::ESTABLISHED::NO +moon:: cat /var/log/daemon.log::authentication of.*carol.*successful::YES +moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf index bce685c53..9c38b4592 100755 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=ifuri plutostart=no diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf index 1ab63e84b..bca441cbe 100755 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=ifuri plutostart=no diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf index 401e9b567..8cde4538f 100755 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=ifuri plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat index 777c32699..f50d5e88c 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat @@ -1,13 +1,12 @@ -moon::cat /var/log/daemon.log::libcurl http request failed::YES -moon::cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES -moon::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES +moon:: cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::libcurl http request failed::YES carol::cat /var/log/daemon.log::ocsp request to.*bob.strongswan.org:8800.*failed::YES carol::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES - +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf index ff312cc6b..08c22fa60 100755 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf index 394d94160..c6373ef22 100755 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat index 1b281507b..7c0a9a5a4 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat @@ -1,7 +1,7 @@ -moon::cat /var/log/daemon.log::libcurl http request failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed::YES +moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf index ef24ea191..54cf33c8f 100755 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf index fe657b4a6..8b73361de 100755 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat index 45c6ce7c5..6ba1be6b1 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat @@ -1,7 +1,7 @@ -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES -moon::cat /var/log/daemon.log::ocsp response verification failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES +moon:: cat /var/log/daemon.log::ocsp response verification failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/protoport-dual/evaltest.dat b/testing/tests/ikev2/protoport-dual/evaltest.dat index bd24b911c..a65460cc8 100644 --- a/testing/tests/ikev2/protoport-dual/evaltest.dat +++ b/testing/tests/ikev2/protoport-dual/evaltest.dat @@ -1,7 +1,7 @@ -carol::ipsec statusall::home-icmp.*INSTALLED::YES -carol::ipsec statusall::home-ssh.*INSTALLED::YES -moon::ipsec statusall::rw-icmp.*INSTALLED::YES -moon::ipsec statusall::rw-ssh.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf index 51971a13c..d7c48a777 100755 --- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf index 0d7e8db3f..84ebd77e0 100755 --- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/protoport-route/evaltest.dat b/testing/tests/ikev2/protoport-route/evaltest.dat index 78d062918..83a5e1bde 100644 --- a/testing/tests/ikev2/protoport-route/evaltest.dat +++ b/testing/tests/ikev2/protoport-route/evaltest.dat @@ -2,9 +2,9 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES carol::ssh PH_IP_ALICE hostname::alice::YES carol::cat /var/log/daemon.log::creating acquire job::YES -carol::ipsec statusall::home-icmp.*INSTALLED::YES -carol::ipsec statusall::home-ssh.*INSTALLED::YES -moon::ipsec statusall::rw-icmp.*INSTALLED::YES -moon::ipsec statusall::rw-ssh.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf index d76a6ee17..bd0fbbecf 100755 --- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf index 0d7e8db3f..84ebd77e0 100755 --- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-early/evaltest.dat b/testing/tests/ikev2/reauth-early/evaltest.dat index b4cbe2f41..1d3a35916 100644 --- a/testing/tests/ikev2/reauth-early/evaltest.dat +++ b/testing/tests/ikev2/reauth-early/evaltest.dat @@ -1,5 +1,5 @@ -moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES -carol::ipsec statusall::home\[2\].*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf index 311dc3dc5..e2432f623 100755 --- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf index 64a7aef6d..e0ea953f3 100755 --- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-late/evaltest.dat b/testing/tests/ikev2/reauth-late/evaltest.dat index c0893df65..d86758f9a 100644 --- a/testing/tests/ikev2/reauth-late/evaltest.dat +++ b/testing/tests/ikev2/reauth-late/evaltest.dat @@ -1,5 +1,5 @@ -moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES -carol::ipsec statusall::home\[2\].*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf index 32a43efac..0e506d9ca 100755 --- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf index cb5e86a66..6ba996551 100755 --- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat index 06a0f8cda..f8cfb111b 100644 --- a/testing/tests/ikev2/rw-cert/evaltest.dat +++ b/testing/tests/ikev2/rw-cert/evaltest.dat @@ -1,8 +1,13 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf index bcdb8641b..f666a1c3c 100755 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,6 +8,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn home left=PH_IP_CAROL @@ -19,5 +18,4 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index e070f9a27..5e9b4be92 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf index ea8bc92a7..43cd6c3c3 100755 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,6 +8,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn home left=PH_IP_DAVE @@ -19,5 +18,4 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index e070f9a27..5e9b4be92 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf index 274521386..218b7b84e 100755 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,6 +8,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn rw left=PH_IP_MOON @@ -18,5 +17,4 @@ conn rw leftsubnet=10.1.0.0/16 leftfirewall=yes right=%any - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index e070f9a27..5e9b4be92 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat index 661e6cfe7..a39bf3afe 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat @@ -1,10 +1,12 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_AKA authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::received EAP identity.*carol::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf index 16171feb3..e50878c39 100755 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat index 3064f02a6..2abfdd19b 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat @@ -1,9 +1,11 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_AKA authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap-aka.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf index 3a1fd98d3..bf5704b4a 100755 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat index 3f828141c..a239b56e7 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat @@ -2,10 +2,12 @@ carol::cat /var/log/daemon.log::configured EAP-Identity carol::YES carol::cat /var/log/daemon.log::added EAP secret for carol moon.strongswan.org::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES -moon::cat /var/log/daemon.log::received EAP identity.*carol::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES +moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf index c132b9ab8..cd5100af2 100755 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat index 2ee440cdb..73f606be3 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat @@ -1,10 +1,12 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES -moon::cat /var/log/daemon.log::received EAP identity .*carol::YES +moon:: cat /var/log/daemon.log::received EAP identity .*carol::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf index 11ff84400..9d14d442a 100755 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat index 5e8dce9cf..525d987af 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf index 4a885babc..41e719bc5 100755 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat index fadcdc635..dd67704eb 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat @@ -1,8 +1,10 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf index 28d52b9eb..7b6852ec4 100755 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat index 5b632bfe8..eafd09b80 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat @@ -1,10 +1,12 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES -moon::cat /var/log/daemon.log::received EAP identity.*carol::YES -moon::cat /var/log/daemon.log::authentication of .*PH_IP_CAROL.* with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES +moon:: cat /var/log/daemon.log::authentication of .*PH_IP_CAROL.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf index a4a45f06c..79fe4220b 100755 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat index 0908e1c97..871d3b931 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat @@ -3,17 +3,21 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap\[1]: ESTABLISHED.*CN=moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap\[2]: ESTABLISHED.*CN=moon.strongswan.org.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*CN=moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*CN=moon.strongswan.org::NO +moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf index 2f8b9dfda..6fa85acfe 100755 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf index 3a29329d5..ab8584406 100755 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf index 129486c05..ca35f18d9 100755 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat index 8743b9643..643b2c39d 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MSCHAPV2 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MSCHAPV2 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf index 2f8b9dfda..6fa85acfe 100755 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf index 3a29329d5..ab8584406 100755 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf index 129486c05..ca35f18d9 100755 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat index 39a24f15e..81244bd85 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat @@ -3,19 +3,17 @@ carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES -dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf index fc8f84638..547f5d4f5 100755 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat index 4305a1400..7f1def4a5 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::received EAP identity .*228060123456001::YES +moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf index d3a99fe41..c93f49a99 100755 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf @@ -12,7 +12,6 @@ conn %default conn home left=PH_IP_CAROL - leftnexthop=%direct leftid=carol@strongswan.org leftfirewall=yes leftauth=eap diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf index a86bb3d73..efd1a2167 100755 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat index 852d424af..f2654766a 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat @@ -1,15 +1,15 @@ carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -dave::ipsec statusall::home.*ESTABLISHED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf index 11b9f0d71..6940dce0b 100755 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf @@ -17,5 +17,6 @@ conn home leftauth=eap right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=any rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf index e3f4694bd..4b8a7d339 100755 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat index b4d66adc6..8e12c29d0 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat @@ -1,15 +1,15 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -dave::ipsec statusall::home.*ESTABLISHED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf index 4f0d40b3e..2f456415d 100755 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf @@ -9,13 +9,14 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_CAROL leftid=carol@strongswan.org + leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf index 511eb6172..4583aec0d 100755 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf @@ -9,13 +9,14 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_DAVE leftid=dave@strongswan.org + leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf index 825994278..049042edb 100755 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default @@ -13,13 +12,14 @@ conn %default conn rw-eap authby=rsasig - eap=radius left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org + leftauth=pubkey leftcert=moonCert.pem leftfirewall=yes rightid=*@strongswan.org + rightauth=eap-radius rightsendcert=never right=%any auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat index 53c7e71ce..ade9306cf 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat @@ -1,10 +1,10 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap-sim.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap-sim.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap-sim.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf index ea62749be..ed928e5e8 100755 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat index f4d534051..4db0a30b4 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.d.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf index 889a47d80..1d228b0f1 100755 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=strongSwan Project, CN=moon.d.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf index 9f979e17b..3993751a0 100755 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no charondebug="tls 2" diff --git a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat index 1e9bdb2af..96417face 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf index 3aeab002f..885f5282f 100755 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf index 430211020..839dcda00 100755 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat index f0a674063..21190669e 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat @@ -1,11 +1,9 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf index be907f839..cfacd2b6b 100755 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat index 9586fe558..941bb2985 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf index 967598643..68ae1faec 100755 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf index ad1255212..bccf111e9 100755 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf index d37848bac..947edae4e 100755 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no charondebug="tls 2" diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat index 9586fe558..941bb2985 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf index 967598643..68ae1faec 100755 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf index ad1255212..bccf111e9 100755 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf index d37848bac..947edae4e 100755 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no charondebug="tls 2" diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat index 2c0f65159..ff08ae792 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES -dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf index fc8f84638..547f5d4f5 100755 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat index fe2a8d063..c52036028 100644 --- a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat +++ b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat @@ -1,14 +1,18 @@ -moon::cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES -moon::cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES -dave::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +dave:: cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES +moon:: cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf index 77046eb7d..23df618de 100755 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf index febaf9be2..5caa200de 100755 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf index cbc60000a..5e4c83374 100755 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat index c248a508a..4a93dc921 100644 --- a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat +++ b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat @@ -1,9 +1,9 @@ -alice::ipsec statusall::home.*INSTALLED::YES -venus::ipsec statusall::home.*INSTALLED::YES -sun::ipsec statusall::alice.*ESTABLISHED.*alice@strongswan.org::YES -sun::ipsec statusall::venus.*ESTABLISHED.*venus.strongswan.org::YES -sun::ipsec statusall::alice.*10.2.0.0/16 === 10.1.0.0/25::YES -sun::ipsec statusall::venus.*10.2.0.0/16 === 10.1.0.0/25::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES +sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES +sun:: ipsec statusall 2>::venus.*10.2.0.0/16 === 10.1.0.0/25::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP alice.strongswan.org > sun.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf index dd0240b07..6d3392c30 100755 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf index 5fa211c2a..b76b9c38a 100755 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf index 4af93df8d..2df484204 100755 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-pkcs8/evaltest.dat b/testing/tests/ikev2/rw-pkcs8/evaltest.dat index 06a0f8cda..b545c2289 100644 --- a/testing/tests/ikev2/rw-pkcs8/evaltest.dat +++ b/testing/tests/ikev2/rw-pkcs8/evaltest.dat @@ -1,10 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf index bcdb8641b..d0e7ae27f 100755 --- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf index ea8bc92a7..d917f6d5d 100755 --- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf index 274521386..00a522069 100755 --- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-fqdn/description.txt b/testing/tests/ikev2/rw-psk-fqdn/description.txt index d4a7c3878..47f6968ae 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/description.txt +++ b/testing/tests/ikev2/rw-psk-fqdn/description.txt @@ -1,6 +1,6 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b> -and fully qualified domain names. Upon the successful establishment of the IPsec tunnels, +and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat index 06a0f8cda..683173c30 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat @@ -1,8 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index 882ea04a5..0d4d27fbd 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf index 1af9be7f7..15781129b 100755 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index 882ea04a5..0d4d27fbd 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index 882ea04a5..0d4d27fbd 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/description.txt b/testing/tests/ikev2/rw-psk-ipv4/description.txt index 4eb66c540..b4aaa6a6a 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/description.txt +++ b/testing/tests/ikev2/rw-psk-ipv4/description.txt @@ -1,6 +1,6 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b> -and IPv4 addresses. Upon the successful establishment of the IPsec tunnels, +and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat index 06a0f8cda..1ad36fcaf 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat @@ -1,8 +1,13 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*\[192.168.0.1]::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*\[192.168.0.1]::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index 882ea04a5..0d4d27fbd 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf index bdd50899a..6828894af 100755 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index 882ea04a5..0d4d27fbd 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index 882ea04a5..0d4d27fbd 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat index 06a0f8cda..b545c2289 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat @@ -1,10 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf index 2397d6d6d..72ee8d97b 100755 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat index 236684c57..51e868760 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat @@ -1,15 +1,14 @@ -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-shared key::YES -moon::ipsec statusall::rw-psk.*INSTALLED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES -moon::ipsec statusall::rw-rsasig.*INSTALLED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES +moon:: cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-shared key::YES +moon:: ipsec status 2> /dev/null::rw-psk.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*\[192.168.0.1]::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES +moon:: ipsec status 2> /dev/null::rw-rsasig.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf index e533b4b4e..d917f6d5d 100755 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no - crlcheckinterval=180 plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf index 004993d94..e8c3b45fa 100755 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat index 0e5bd03db..9a1ab3f8f 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat @@ -1,11 +1,16 @@ -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES +moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf index da59dfdae..aa7ae6d6f 100755 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -11,14 +9,15 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=secret conn home left=PH_IP_CAROL leftsourceip=%config leftid=carol@strongswan.org + leftauth=psk leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf index f09d46c5b..f273a0088 100755 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -11,14 +9,15 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=secret conn home left=PH_IP_DAVE leftsourceip=%config leftid=dave@strongswan.org + leftauth=psk leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf index fb4b9ed3a..f6df621a1 100755 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf @@ -14,9 +14,11 @@ conn rw left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org + leftauth=pubkey leftsubnet=10.1.0.0/16 leftfirewall=yes right=%any + rightauth=psk rightsourceip=10.3.0.0/28 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat index d23d6360b..5c453f8b4 100644 --- a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat +++ b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat @@ -1,15 +1,14 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES -moon::cat /var/log/daemon.log::received EAP identity .*carol::YES +moon:: cat /var/log/daemon.log::received EAP identity .*carol::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 5 -s 1392 PH_IP_ALICE::1400 bytes from PH_IP_ALICE::YES -carol::ipsec down home::no output expected::NO +carol::ipsec down home 2> /dev/null::no output expected::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES alice::cat /var/log/radius/radacct/10.1.0.1/*::User-Name =.*carol::YES alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Output-Octets = 7100::YES alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Input-Octets = 7100::YES - diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf index 11ff84400..9d14d442a 100755 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat index 733cfd844..d6f71d7c0 100644 --- a/testing/tests/ikev2/rw-whitelist/evaltest.dat +++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat @@ -1,14 +1,14 @@ -moon::cat /var/log/daemon.log::whitelist functionality was already enabled::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES -carol::ipsec status::home.*INSTALLED::YES +moon:: cat /var/log/daemon.log::whitelist functionality was already enabled::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES -dave::ipsec status::home.*INSTALLED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::NO +dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf index a19f6cfae..5aa16a8c3 100755 --- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf index 1a89f4e5d..29fd9a4e8 100755 --- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf index 0b4cded6c..d6657cd9a 100755 --- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/shunt-policies/evaltest.dat b/testing/tests/ikev2/shunt-policies/evaltest.dat index 2f6e1a91f..f40437e3e 100644 --- a/testing/tests/ikev2/shunt-policies/evaltest.dat +++ b/testing/tests/ikev2/shunt-policies/evaltest.dat @@ -1,16 +1,16 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon::ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -bob::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES venus::ssh PH_IP_BOB hostname::bob::YES -bob::ssh PH_IP_VENUS hostname::venus::YES +bob:: ssh PH_IP_VENUS hostname::venus::YES diff --git a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf index a4958f295..f87bfa8e5 100755 --- a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf index c3b36fb7c..f952be18b 100755 --- a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/strong-keys-certs/evaltest.dat b/testing/tests/ikev2/strong-keys-certs/evaltest.dat index 06a0f8cda..b545c2289 100644 --- a/testing/tests/ikev2/strong-keys-certs/evaltest.dat +++ b/testing/tests/ikev2/strong-keys-certs/evaltest.dat @@ -1,10 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf index a7b55db24..bba53c1ce 100755 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf index 080073cd3..a643b353d 100755 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf index f33f26797..c5a9e7fef 100755 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat index d32e32660..f50e7c30d 100644 --- a/testing/tests/ikev2/two-certs/evaltest.dat +++ b/testing/tests/ikev2/two-certs/evaltest.dat @@ -1,12 +1,11 @@ -moon::cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES -moon::ipsec statusall::alice.*INSTALLED::YES -carol::ipsec statusall::alice.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::signature validation failed, looking for another key::YES -moon::cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES -moon::ipsec statusall::venus.*INSTALLED::YES -carol::ipsec statusall::venus.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES +moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf index 08b95659f..77c021927 100755 --- a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 uniqueids=no strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf index a93ccbc9a..8399333f9 100755 --- a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf @@ -1,9 +1,8 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes uniqueids=no + strictcrlpolicy=yes plutostart=no ca strongswan diff --git a/testing/tests/ikev2/virtual-ip-override/evaltest.dat b/testing/tests/ikev2/virtual-ip-override/evaltest.dat index 34ccb76ca..cb023b1fc 100644 --- a/testing/tests/ikev2/virtual-ip-override/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip-override/evaltest.dat @@ -1,13 +1,17 @@ -moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES -carol::ipsec statusall::home.*INSTALLED::YES -dave::ipsec statusall::home.*INSTALLED::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::src PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::src PH_IP_DAVE1::YES diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf index c9867c7d4..81e0202c4 100755 --- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf index 98dd99271..86d1f2e4c 100755 --- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf index bafd1b155..e511e5ad0 100755 --- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat index e3c3c7f3c..dd3143ae7 100644 --- a/testing/tests/ikev2/virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip/evaltest.dat @@ -1,21 +1,25 @@ -moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES -carol::ipsec statusall::home.*INSTALLED::YES -dave::ipsec statusall::home.*INSTALLED::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::src PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::src PH_IP_DAVE1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -moon::ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf index c9867c7d4..81e0202c4 100755 --- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf index b58ba5460..7a0e64336 100755 --- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf index fb7abe556..9f00e5c29 100755 --- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/wildcards/evaltest.dat b/testing/tests/ikev2/wildcards/evaltest.dat index 2bc83eacd..4789640ec 100644 --- a/testing/tests/ikev2/wildcards/evaltest.dat +++ b/testing/tests/ikev2/wildcards/evaltest.dat @@ -1,8 +1,8 @@ -carol::ipsec status::alice.*PH_IP_CAROL.*PH_IP_ALICE::YES -moon::ipsec status::alice.*PH_IP_ALICE.*PH_IP_CAROL::YES -carol::ipsec status::venus.*PH_IP_CAROL.*PH_IP_VENUS::NO -moon::ipsec status::venus.*PH_IP_VENUS.*PH_IP_CAROL::NO -dave::ipsec status::venus.*PH_IP_DAVE.*PH_IP_VENUS::YES -moon::ipsec status::venus.*PH_IP_VENUS.*PH_IP_DAVE::YES -dave::ipsec status::alice.*PH_IP_DAVE.*PH_IP_ALICE::NO -moon::ipsec status::alice.*PH_IP_ALICE.*PH_IP_DAVE::NO +carol::ipsec status 2> /dev/null::alice..*PH_IP_CAROL.*PH_IP_ALICE::YES +moon:: ipsec status 2> /dev/null::alice.*PH_IP_ALICE.*PH_IP_CAROL::YES +carol::ipsec status 2> /dev/null::venus.*PH_IP_CAROL.*PH_IP_VENUS::NO +moon:: ipsec status 2> /dev/null::venus.*PH_IP_VENUS.*PH_IP_CAROL::NO +dave:: ipsec status 2> /dev/null::venus.*PH_IP_DAVE.*PH_IP_VENUS::YES +moon:: ipsec status 2> /dev/null::venus.*PH_IP_VENUS.*PH_IP_DAVE::YES +dave:: ipsec status 2> /dev/null::alice.*PH_IP_DAVE.*PH_IP_ALICE::NO +moon:: ipsec status 2> /dev/null::alice.*PH_IP_ALICE.*PH_IP_DAVE::NO diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf index 043160a0f..e38c7a621 100755 --- a/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf index a01676be3..bd9fd97d5 100755 --- a/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf index 0523d56dd..53fac3a06 100755 --- a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default |