diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-08-22 17:24:20 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-08-22 17:24:20 +0200 |
commit | 03d673620debfd29cbec541b2956fc94a1087831 (patch) | |
tree | f68f7b9194af424519cb6bff07e707b28d5e875b /testing | |
parent | d7ae0b254da55abc033745106a958d5fa2ebd175 (diff) | |
download | strongswan-03d673620debfd29cbec541b2956fc94a1087831.tar.bz2 strongswan-03d673620debfd29cbec541b2956fc94a1087831.tar.xz |
Cleaned configuration files in PT-TLS client scenario
Diffstat (limited to 'testing')
11 files changed, 13 insertions, 127 deletions
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf index 59563730b..4a41e7ed9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf @@ -1,23 +1,3 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tnc 3, imc 3" - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn home - left=PH_IP_CAROL - leftauth=eap - leftfirewall=yes - right=PH_IP_MOON - rightid=@moon.strongswan.org - rightsubnet=10.1.0.0/16 - rightauth=pubkey - eap_identity=carol - aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" - auto=add +# the PT-TLS client reads its configuration via the command line diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets index 23d79cf2e..d2f6378b8 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -carol : EAP "Ar3etTnp" +# the PT-TLS client loads its secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf index 8c27c78d2..4a41e7ed9 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf +++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf @@ -1,23 +1,3 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -config setup - charondebug="tnc 3, imc 3" - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn home - left=PH_IP_DAVE - leftauth=eap - leftfirewall=yes - right=PH_IP_MOON - rightid=@moon.strongswan.org - rightsubnet=10.1.0.0/16 - rightauth=pubkey - eap_identity=dave - aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" - auto=add +# the PT-TLS client reads its configuration via the command line diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets index 02e0c9963..d2f6378b8 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -dave : EAP "W7R0g3do" +# the PT-TLS client loads its secrets via the command line diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql new file mode 100644 index 000000000..805c8bfd9 --- /dev/null +++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql @@ -0,0 +1,4 @@ +/* strongSwan SQLite database */ + +/* configuration is read from the command line */ +/* credentials are read from the command line */ diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 02ada5665..000000000 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,33 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn rw-allow - rightgroups=allow - leftsubnet=10.1.0.0/28 - also=rw-eap - auto=add - -conn rw-isolate - rightgroups=isolate - leftsubnet=10.1.0.16/28 - also=rw-eap - auto=add - -conn rw-eap - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftauth=pubkey - leftfirewall=yes - rightauth=eap-radius - rightsendcert=never - right=%any - eap_identity=%any diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets deleted file mode 100644 index e86d6aa5c..000000000 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA moonKey.pem diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules deleted file mode 100644 index 1eb755354..000000000 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -# allow RADIUS protocol with alice --A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT --A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf deleted file mode 100644 index d32951866..000000000 --- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown - multiple_authentication=no - plugins { - eap-radius { - secret = gv6URkSs - #server = PH_IP6_ALICE - server = PH_IP_ALICE - filter_id = yes - } - } -} diff --git a/testing/tests/tnc/tnccs-20-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-pt-tls/test.conf index ad9bf837f..0887e4d09 100644 --- a/testing/tests/tnc/tnccs-20-pt-tls/test.conf +++ b/testing/tests/tnc/tnccs-20-pt-tls/test.conf @@ -18,7 +18,7 @@ TCPDUMPHOSTS="moon" # Guest instances on which IPsec is started # Used for IPsec logging purposes # -IPSECHOSTS="moon carol dave alice" +IPSECHOSTS="carol dave alice" # Guest instances on which FreeRadius is started # |