diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-04-05 15:38:06 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-04-15 09:21:05 +0200 |
commit | 48f37c448c169fa1f88510fa68d26273a1ec5afa (patch) | |
tree | 399d20c029ddfa049071ed5fe59a5908a33fdfd2 /testing/tests/tnc/tnccs-20-pts | |
parent | 4894bfa2279c861b863464418cad66c07bfa13e2 (diff) | |
download | strongswan-48f37c448c169fa1f88510fa68d26273a1ec5afa.tar.bz2 strongswan-48f37c448c169fa1f88510fa68d26273a1ec5afa.tar.xz |
Make Attestation IMV independent of OS IMV
Diffstat (limited to 'testing/tests/tnc/tnccs-20-pts')
-rw-r--r-- | testing/tests/tnc/tnccs-20-pts/description.txt | 6 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pts/evaltest.dat | 14 | ||||
-rw-r--r-- | testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config | 1 |
3 files changed, 10 insertions, 11 deletions
diff --git a/testing/tests/tnc/tnccs-20-pts/description.txt b/testing/tests/tnc/tnccs-20-pts/description.txt index e78a70091..0a4716ce2 100644 --- a/testing/tests/tnc/tnccs-20-pts/description.txt +++ b/testing/tests/tnc/tnccs-20-pts/description.txt @@ -3,9 +3,9 @@ using EAP-TTLS authentication only with the gateway presenting a server certific the clients doing EAP-MD5 password-based authentication. In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the state of <b>carol</b>'s and <b>dave</b>'s operating system via the <b>TNCCS 2.0 </b> -client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS IMC and OS IMV pair -is using the <b>IF-M 1.0</b> measurement protocol defined by <b>RFC 5792 PA-TNC</b> to -exchange PA-TNC attributes. +client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The OS and Attestation IMCs +exchange PA-TNC attributes with the OS IMV via the <b>IF-M 1.0</b> measurement protocol +defined by <b>RFC 5792 PA-TNC</b>. <p> <b>carol</b> sends information on her operating system consisting of the PA-TNC attributes <em>Product Information</em>, <em>String Version</em>, and <em>Device ID</em> up-front diff --git a/testing/tests/tnc/tnccs-20-pts/evaltest.dat b/testing/tests/tnc/tnccs-20-pts/evaltest.dat index 5eb944055..fd8bba404 100644 --- a/testing/tests/tnc/tnccs-20-pts/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pts/evaltest.dat @@ -2,19 +2,19 @@ carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed' carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES -dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES +dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES +dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/28::YES moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*carol@strongswan.org - allow::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - isolate::YES -moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES +moon:: ipsec attest --session 2> /dev/null::Debian 7.2 x86_64.*dave@strongswan.org - allow::YES +moon:: cat /var/log/daemon.log::added group membership 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES -moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES +moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.200/32::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config index 6507baaa1..4865036f4 100644 --- a/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-pts/hosts/moon/etc/tnc_config @@ -1,4 +1,3 @@ #IMV configuration file for strongSwan client -IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so IMV "Attestation" /usr/local/lib/ipsec/imcvs/imv-attestation.so |