Cleaned configuration files in PT-TLS client scenario

author: Andreas Steffen <andreas.steffen@strongswan.org> 2013-08-22 17:24:20 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2013-08-22 17:24:20 +0200
commit: 03d673620debfd29cbec541b2956fc94a1087831 (patch)
tree: f68f7b9194af424519cb6bff07e707b28d5e875b /testing
parent: d7ae0b254da55abc033745106a958d5fa2ebd175 (diff)
download: strongswan-03d673620debfd29cbec541b2956fc94a1087831.tar.bz2
strongswan-03d673620debfd29cbec541b2956fc94a1087831.tar.xz
11 files changed, 13 insertions, 127 deletions
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf
index 59563730b..4a41e7ed9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf
@@ -1,23 +1,3 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
-config setup
-	charondebug="tnc 3, imc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn home
-	left=PH_IP_CAROL
-	leftauth=eap
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	rightauth=pubkey
-	eap_identity=carol
-	aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-	auto=add
+# the PT-TLS client reads its configuration via the command line
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets
index 23d79cf2e..d2f6378b8 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-carol : EAP "Ar3etTnp"
+# the PT-TLS client loads its secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql
new file mode 100644
index 000000000..805c8bfd9
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql
@@ -0,0 +1,4 @@
+/* strongSwan SQLite database */
+
+/* configuration is read from the command line */
+/* credentials are read from the command line */
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf
index 8c27c78d2..4a41e7ed9 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf
@@ -1,23 +1,3 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
-config setup
-	charondebug="tnc 3, imc 3"
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn home
-	left=PH_IP_DAVE
-	leftauth=eap
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	rightauth=pubkey
-	eap_identity=dave
-	aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-	auto=add
+# the PT-TLS client reads its configuration via the command line
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets
index 02e0c9963..d2f6378b8 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-dave : EAP "W7R0g3do"
+# the PT-TLS client loads its secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql
new file mode 100644
index 000000000..805c8bfd9
--- /dev/null
+++ b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql
@@ -0,0 +1,4 @@
+/* strongSwan SQLite database */
+
+/* configuration is read from the command line */
+/* credentials are read from the command line */
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 02ada5665..000000000
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev2
-
-conn rw-allow
-	rightgroups=allow
-	leftsubnet=10.1.0.0/28
-	also=rw-eap
-	auto=add
-
-conn rw-isolate
-	rightgroups=isolate
-	leftsubnet=10.1.0.16/28
-	also=rw-eap
-	auto=add
-
-conn rw-eap
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftauth=pubkey
-	leftfirewall=yes
-	rightauth=eap-radius
-	rightsendcert=never
-	right=%any
-	eap_identity=%any
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index e86d6aa5c..000000000
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules
deleted file mode 100644
index 1eb755354..000000000
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT  -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-# allow RADIUS protocol with alice
--A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
--A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index d32951866..000000000
--- a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown
-  multiple_authentication=no
-  plugins {
-    eap-radius {
-      secret = gv6URkSs
-      #server = PH_IP6_ALICE 
-      server = PH_IP_ALICE
-      filter_id = yes
-    }
-  }
-}
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/test.conf b/testing/tests/tnc/tnccs-20-pt-tls/test.conf
index ad9bf837f..0887e4d09 100644
--- a/testing/tests/tnc/tnccs-20-pt-tls/test.conf
+++ b/testing/tests/tnc/tnccs-20-pt-tls/test.conf
@@ -18,7 +18,7 @@ TCPDUMPHOSTS="moon"
 # Guest instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol dave alice"
+IPSECHOSTS="carol dave alice"
 
 # Guest instances on which FreeRadius is started
 #
author	Andreas Steffen <andreas.steffen@strongswan.org>	2013-08-22 17:24:20 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2013-08-22 17:24:20 +0200
commit	03d673620debfd29cbec541b2956fc94a1087831 (patch)
tree	f68f7b9194af424519cb6bff07e707b28d5e875b /testing
parent	d7ae0b254da55abc033745106a958d5fa2ebd175 (diff)
download	strongswan-03d673620debfd29cbec541b2956fc94a1087831.tar.bz2 strongswan-03d673620debfd29cbec541b2956fc94a1087831.tar.xz