diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2015-03-27 10:56:50 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2015-03-27 20:56:43 +0100 |
| commit | 85aa509e84aaebe49a98981941f8514f31872c3f (patch) | |
| tree | 71de300a9bf1df1e9ca63bb3e843ac02dad90ac1 /testing/tests/tnc | |
| parent | bc1876bc9a39513d1bb4dce437b9b01ac263a05c (diff) | |
| download | strongswan-85aa509e84aaebe49a98981941f8514f31872c3f.tar.bz2 strongswan-85aa509e84aaebe49a98981941f8514f31872c3f.tar.xz | |
Added tnc/tnccs-20-pt-tls scenario
Diffstat (limited to 'testing/tests/tnc')
24 files changed, 114 insertions, 5 deletions
diff --git a/testing/tests/tnc/tnccs-20-mutual-eap/description.txt b/testing/tests/tnc/tnccs-20-mutual-eap/description.txt new file mode 100644 index 000000000..6c79b8c49 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-eap/description.txt @@ -0,0 +1,3 @@ +The hosts <b>moon</b> and <b>sun</b> do mutual TNC measurements over IKEv2-EAP +using the PA-TNC, PB-TNC and PT-EAP protocols. The authentication is based on +X.509 certificates. diff --git a/testing/tests/tnc/tnccs-20-mutual/evaltest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat index 218c24e4f..0ef7b5d7d 100644 --- a/testing/tests/tnc/tnccs-20-mutual/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap/evaltest.dat @@ -1,3 +1,5 @@ +moon::cat /var/log/daemon.log::activating mutual PB-TNC half duplex protocol::YES +sun:: cat /var/log/daemon.log::activating mutual PB-TNC half duplex protocol::YES moon::cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES sun:: cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES diff --git a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/ipsec.conf index 47a0283dc..47a0283dc 100644 --- a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf index 4e1693c16..953e7fcea 100644 --- a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = openssl pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown + load = x509 openssl pem pkcs1 random nonce curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown multiple_authentication = no plugins { diff --git a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/tnc_config index 476e8807e..476e8807e 100644 --- a/testing/tests/tnc/tnccs-20-mutual/hosts/moon/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/moon/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/ipsec.conf index c20bce930..c20bce930 100644 --- a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/ipsec.conf diff --git a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf index 66f91a6fc..570126a0e 100644 --- a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = openssl pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown + load = x509 openssl pem pkcs1 random nonce curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown multiple_authentication = no plugins { diff --git a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/tnc_config b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/tnc_config index 476e8807e..476e8807e 100644 --- a/testing/tests/tnc/tnccs-20-mutual/hosts/sun/etc/tnc_config +++ b/testing/tests/tnc/tnccs-20-mutual-eap/hosts/sun/etc/tnc_config diff --git a/testing/tests/tnc/tnccs-20-mutual/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat index 1f7aa73a1..1f7aa73a1 100644 --- a/testing/tests/tnc/tnccs-20-mutual/posttest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap/posttest.dat diff --git a/testing/tests/tnc/tnccs-20-mutual/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat index 3bce9f6e5..3bce9f6e5 100644 --- a/testing/tests/tnc/tnccs-20-mutual/pretest.dat +++ b/testing/tests/tnc/tnccs-20-mutual-eap/pretest.dat diff --git a/testing/tests/tnc/tnccs-20-mutual/test.conf b/testing/tests/tnc/tnccs-20-mutual-eap/test.conf index 55d6e9fd6..55d6e9fd6 100644 --- a/testing/tests/tnc/tnccs-20-mutual/test.conf +++ b/testing/tests/tnc/tnccs-20-mutual-eap/test.conf diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-mutual-pt-tls/description.txt new file mode 100644 index 000000000..09ab8e9f1 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/description.txt @@ -0,0 +1,3 @@ +The hosts <b>moon</b> and <b>sun</b> do mutual TNC measurements using the +PA-TNC, PB-TNC and PT-TLS protocols. The authentication is based on +X.509 certificates. diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/evaltest.dat new file mode 100644 index 000000000..eb996192d --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/evaltest.dat @@ -0,0 +1,6 @@ +moon::cat /var/log/auth.log::PT-TLS authentication complete::YES +sun:: cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES +moon::cat /var/log/auth.log::activating mutual PB-TNC half duplex protocol::YES +sun:: cat /var/log/daemon.log::activating mutual PB-TNC half duplex protocol::YES +moon::cat /var/log/auth.log::PB-TNC access recommendation is.*Access Allowed::YES +sun:: cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/ipsec.conf new file mode 100644 index 000000000..98c415edb --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/ipsec.conf @@ -0,0 +1,3 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +/* configuration is read from /etc/pts/options */ diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/pts/options b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/pts/options new file mode 100644 index 000000000..79ae1e866 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/pts/options @@ -0,0 +1,8 @@ +--connect sun.strongswan.org +--client moon.strongswan.org +--key /etc/ipsec.d/private/moonKey.pem +--cert /etc/ipsec.d/certs/moonCert.pem +--cert /etc/ipsec.d/cacerts/strongswanCert.pem +--mutual +--quiet +--debug 2 diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..fafdac4aa --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/strongswan.conf @@ -0,0 +1,16 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pt-tls-client { + load = x509 openssl pem pkcs1 random nonce revocation curl tnc-tnccs tnc-imc tnc-imv tnccs-20 +} + +libimcv { + plugins { + imc-test { + command = allow + } + imv-test { + rounds = 1 + } + } +} diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/tnc_config new file mode 100644 index 000000000..476e8807e --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/moon/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC/IMV configuration file for strongSwan endpoint + +IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so +IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/ipsec.conf new file mode 100644 index 000000000..ba629a24f --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/ipsec.conf @@ -0,0 +1,9 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="tnc 2, imc 2, imv 2" + +conn pdp + leftcert=sunCert.pem + leftid=sun.strongswan.org + auto=add diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..05ffdb178 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/strongswan.conf @@ -0,0 +1,28 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = x509 openssl pem pkcs1 random nonce curl revocation stroke kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20 + + plugins { + tnc-pdp { + server = sun.strongswan.org + radius { + enable = no + } + } + tnccs-20 { + mutual = yes + } + } +} + +libimcv { + plugins { + imc-test { + command = allow + } + imv-test { + rounds = 1 + } + } +} diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/tnc_config b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/tnc_config new file mode 100644 index 000000000..476e8807e --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/hosts/sun/etc/tnc_config @@ -0,0 +1,4 @@ +#IMC/IMV configuration file for strongSwan endpoint + +IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so +IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat new file mode 100644 index 000000000..e6ccb14fe --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/posttest.dat @@ -0,0 +1 @@ +sun::ipsec stop diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat new file mode 100644 index 000000000..fab55d11a --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/pretest.dat @@ -0,0 +1,4 @@ +sun::ipsec start +moon::cat /etc/pts/options +moon::sleep 1 +moon::ipsec pt-tls-client --optionsfrom /etc/pts/options diff --git a/testing/tests/tnc/tnccs-20-mutual-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-mutual-pt-tls/test.conf new file mode 100644 index 000000000..55d6e9fd6 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-mutual-pt-tls/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="moon winnetou sun" + +# Corresponding block diagram +# +DIAGRAM="m-w-s.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/tnc/tnccs-20-mutual/description.txt b/testing/tests/tnc/tnccs-20-mutual/description.txt deleted file mode 100644 index 6f01c22d5..000000000 --- a/testing/tests/tnc/tnccs-20-mutual/description.txt +++ /dev/null @@ -1,3 +0,0 @@ -The hosts <b>moon</b> and <b>sun</b> do mutual TNC measurements using the -PA-TNC, PB-TNC and PT-EAP protocols. The authentication is based on X.509 -certificates. |