testing: Speed up OCSP scenarios

Don't make clients wait for the TCP connections to timeout by dropping
packets.  By rejecting them the OCSP requests fail immediately.

3 files changed, 4 insertions, 4 deletions

diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
index 9d3999937..6296b4e06 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/pretest.dat
@@ -1,4 +1,4 @@
-moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
 moon::ipsec start
 carol::ipsec start
 carol::expect-connection home
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
index 2006925af..a43ba3550 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat
@@ -1,5 +1,5 @@
-moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
-carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
+carol::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
 moon::ipsec start
 carol::ipsec start
 carol::expect-connection home
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
index 9d3999937..6296b4e06 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat
@@ -1,4 +1,4 @@
-moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j DROP
+moon::iptables -I OUTPUT -d PH_IP_WINNETOU -p tcp --dport 80 -j REJECT --reject-with tcp-reset
 moon::ipsec start
 carol::ipsec start
 carol::expect-connection home