diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-11-11 16:42:38 +0100 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-11-11 16:42:38 +0100 |
commit | 74f8ad7fd9565326045ae43949c2c0529c97b0dd (patch) | |
tree | bd1de68f38d8560f7e10d2a6bbc1b008bb3cc18e /testing/tests/ipv6/rw-ikev2/hosts/carol | |
parent | 0d632555130e4f8665c6aeb4de90d0428509a4b8 (diff) | |
parent | 7df35af7ccc9a7cac683dd7a41313d419b784d78 (diff) | |
download | strongswan-74f8ad7fd9565326045ae43949c2c0529c97b0dd.tar.bz2 strongswan-74f8ad7fd9565326045ae43949c2c0529c97b0dd.tar.xz |
Merge branch 'swanctl-testing'
Diffstat (limited to 'testing/tests/ipv6/rw-ikev2/hosts/carol')
3 files changed, 49 insertions, 29 deletions
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf deleted file mode 100644 index 21166b2d0..000000000 --- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,26 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -ca strongswan - cacert=strongswanCert.pem - certuribase=http://ip6-winnetou.strongswan.org/certs/ - crluri=http://ip6-winnetou.strongswan.org/strongswan.crl - auto=add - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn home - left=PH_IP6_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - leftfirewall=yes - right=PH_IP6_MOON - rightid=@moon.strongswan.org - rightsubnet=fec1::/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf index 9c9714a33..547ef0b78 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf @@ -1,6 +1,18 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { - hash_and_url = yes - load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown +swanctl { + load = pem pkcs1 x509 revocation constraints pubkey openssl random +} + +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown + + syslog { + daemon { + default = 1 + } + auth { + default = 0 + } + } } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 000000000..5bfbe324d --- /dev/null +++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,34 @@ +connections { + + home { + local_addrs = fec0::10 + remote_addrs = fec0::1 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = moon.strongswan.org + } + children { + home { + remote_ts = fec1::0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128-sha256-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} + +authorities { + strongswan { + cacert = strongswanCert.pem + crl_uris = http://ip6-winnetou.strongswan.org/strongswan.crl + } +} |