diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-11-11 16:42:38 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-11-11 16:42:38 +0100 |
| commit | 74f8ad7fd9565326045ae43949c2c0529c97b0dd (patch) | |
| tree | bd1de68f38d8560f7e10d2a6bbc1b008bb3cc18e /testing/tests/tnc/tnccs-20-hcd-eap | |
| parent | 0d632555130e4f8665c6aeb4de90d0428509a4b8 (diff) | |
| parent | 7df35af7ccc9a7cac683dd7a41313d419b784d78 (diff) | |
| download | strongswan-74f8ad7fd9565326045ae43949c2c0529c97b0dd.tar.bz2 strongswan-74f8ad7fd9565326045ae43949c2c0529c97b0dd.tar.xz | |
Merge branch 'swanctl-testing'
Diffstat (limited to 'testing/tests/tnc/tnccs-20-hcd-eap')
6 files changed, 37 insertions, 44 deletions
diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf index 195534315..62cc662cb 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf @@ -1,17 +1,14 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - } syslog { auth { default = 0 } daemon { - tnc = 2 + tnc = 2 imv = 3 } } @@ -36,5 +33,5 @@ charon { libimcv { debug_level = 3 - policy_script = /usr/local/libexec/ipsec/imv_policy_manager + policy_script = /usr/local/libexec/ipsec/imv_policy_manager } diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf index f0a6c4bde..a577a456a 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf @@ -1,18 +1,14 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } syslog { auth { default = 0 } daemon { - tnc = 2 + tnc = 2 imc = 3 } } @@ -43,7 +39,7 @@ libimcv { plugins { imc-hcd { - push_info = no + push_info = no subtypes { system { attributes_natural_language = en @@ -64,7 +60,7 @@ libimcv { } fw-2 { name = Firmware UVW for ARMv6 32 bit strongPrint OS 1.0 - patches = "security patch CVE-2014-1288 2014-01-01\r\nsecurity patch CVE-2014-1492 2014-02-01\r\nsecurity patch CVE-2014-1622 2014-05-01\r\nsecurity patch CVE-2014-2775 2014-07-01\r\n\security patch CVE-2014-4453 2014-08-01\r\nsecurity patch CVE-2014-6108 2014-11-01\r\nsecurity patch CVE-2015-0555 2015-01-01\r\nsecurity patch CVE-2015-4319 2015-07-01\r\n" + patches = "security patch CVE-2014-1288 2014-01-01\r\nsecurity patch CVE-2014-1492 2014-02-01\r\nsecurity patch CVE-2014-1622 2014-05-01\r\nsecurity patch CVE-2014-2775 2014-07-01\r\n\security patch CVE-2014-4453 2014-08-01\r\nsecurity patch CVE-2014-6108 2014-11-01\r\nsecurity patch CVE-2015-0555 2015-01-01\r\nsecurity patch CVE-2015-4319 2015-07-01\r\n" string_version = 13.8.5 version = 0000000D000000080000000500000000 } @@ -78,7 +74,7 @@ libimcv { resident_application { resident-app-1 { - name = Resident App XYZ + name = Resident App XYZ patches = "xmas patch 2014-12-24\r\nservice patch for App XYZ 2015-05-22\r\n" string_version = 2.5 version = 00000002000000050000000000000000 @@ -137,7 +133,7 @@ libimcv { version = 00000007000000080000000000000000 } } - + resident_application { resident-app-if { name = Resident Interface App @@ -150,10 +146,10 @@ libimcv { scanner { attributes_natural_language = en - + firmware { fw-scanner { - name = Scanner Firmware + name = Scanner Firmware patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n" string_version = 2.5.3 version = 00000002000000050000000300000000 diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf index f5c3440c1..8b4a4501c 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf @@ -1,18 +1,14 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns - } syslog { auth { default = 0 } daemon { - tnc = 2 + tnc = 2 imc = 3 } } @@ -52,18 +48,18 @@ libimcv { vendor_smi_code = 36906 pstn_fax_enabled = yes time_source = 0.ch.pool.ntp.org - user_application_enabled = no + user_application_enabled = no user_application_persistence_enabled = no firmware { fw-1 { - name = Firmware ABC + name = Firmware ABC patches = "security patch 2014-05-08\r\nupgrade 2014-08-16\r\nsecurity patch 2015-3-22\r\n" string_version = 1.0.7 version = 00000001000000000000000700000000 } fw-2 { - name = Firmware UVW + name = Firmware UVW string_version = 13.8.5 version = 0000000D000000080000000500000000 } @@ -71,7 +67,7 @@ libimcv { resident_application { resident-app-1 { - name = Resident App XYZ + name = Resident App XYZ patches = "xmas patch 2014-12-24\r\nservice patch 2015-05-22\r\n" string_version = 2.5 version = 00000002000000050000000000000000 @@ -96,7 +92,7 @@ libimcv { interface { attributes_natural_language = en - + firmware { fw-if { name = Interface Firmware @@ -118,10 +114,10 @@ libimcv { scanner { attributes_natural_language = en - + firmware { fw-scanner { - name = Scanner Firmware + name = Scanner Firmware patches = "security patch 2013-08-11\r\nsecurity patch 2015-5-30\r\n" string_version = 2.5.3 version = 00000002000000050000000300000000 diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf index 4dae69352..77cd39c1c 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf @@ -1,17 +1,21 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { +charon-systemd { load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown multiple_authentication=no - start-scripts { - creds = /usr/local/sbin/swanctl --load-creds - conns = /usr/local/sbin/swanctl --load-conns + syslog { + daemon { + default = 1 + } + auth { + default = 0 + } } plugins { eap-radius { secret = gv6URkSs - #server = PH_IP6_ALICE + #server = PH_IP6_ALICE server = PH_IP_ALICE filter_id = yes } diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat index bcd655353..33a60f9ab 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat +++ b/testing/tests/tnc/tnccs-20-hcd-eap/posttest.dat @@ -1,7 +1,7 @@ -carol::service charon stop -dave::service charon stop -moon::service charon stop -alice::service charon stop +carol::systemctl stop strongswan-swanctl +dave::systemctl stop strongswan-swanctl +moon::systemctl stop strongswan-swanctl +alice::systemctl stop strongswan-swanctl alice::rm /etc/swanctl/rsa/aaaKey.pem alice::rm /etc/swanctl/x509/aaaCert.pem winnetou::ip route del 10.1.0.0/16 via 192.168.0.1 diff --git a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat index f9b4159d9..decc2394a 100644 --- a/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat +++ b/testing/tests/tnc/tnccs-20-hcd-eap/pretest.dat @@ -9,10 +9,10 @@ carol::echo 0 > /proc/sys/net/ipv4/ip_forward dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id alice::rm /etc/swanctl/rsa/aliceKey.pem alice::rm /etc/swanctl/x509/aliceCert.pem -alice::service charon start -moon::service charon start -carol::service charon start -dave::service charon start +alice::systemctl start strongswan-swanctl +moon::systemctl start strongswan-swanctl +carol::systemctl start strongswan-swanctl +dave::systemctl start strongswan-swanctl moon::expect-connection rw-allow moon::expect-connection rw-isolate carol::expect-connection home |