added ikev1 pluto-charon interoperability scenarios

508 files changed, 6797 insertions, 0 deletions

diff --git a/testing/tests/ikev1-c-p/alg-blowfish/description.txt b/testing/tests/ikev1-c-p/alg-blowfish/description.txt
new file mode 100644
index 000000000..24b50b909
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/evaltest.dat b/testing/tests/ikev1-c-p/alg-blowfish/evaltest.dat
new file mode 100644
index 000000000..f3ad35bab
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
+dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..f0b98b1d0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+	charondebug="cfg 2"
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish256-sha512-modp2048!
+	esp=blowfish192-sha384!
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..1f0fd41a8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..36ff6a5df
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish128-sha256-modp1536!
+	esp=blowfish128-sha256!
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..1f0fd41a8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..419752974
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control crypt"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+	esp=blowfish192-sha384,blowfish128-sha256!
+	pfs=no
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..c03a08517
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/posttest.dat b/testing/tests/ikev1-c-p/alg-blowfish/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/pretest.dat b/testing/tests/ikev1-c-p/alg-blowfish/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/test.conf b/testing/tests/ikev1-c-p/alg-blowfish/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/alg-blowfish/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/config-payload/description.txt b/testing/tests/ikev1-c-p/config-payload/description.txt
new file mode 100644
index 000000000..ff6928e89
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
+by using the <b>leftsourceip=%config</b> parameter. <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the
+tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway
+<b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b>
+and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1-c-p/config-payload/evaltest.dat b/testing/tests/ikev1-c-p/config-payload/evaltest.dat
new file mode 100644
index 000000000..e6f6b1bb4
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/evaltest.dat
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..3f67cbc8a
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..0e4e57729
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..bf0f9ccae
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..0e4e57729
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..66a72f83c
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,33 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+	rekey=no
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftsourceip=PH_IP_MOON1
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+
+conn rw-carol
+	right=%any
+	rightid=carol@strongswan.org
+	rightsourceip=PH_IP_CAROL1
+	auto=add
+
+conn rw-dave
+	right=%any
+	rightid=dave@strongswan.org
+	rightsourceip=PH_IP_DAVE1
+	auto=add
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..91cdbae63
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl attr kernel-netlink
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_VENUS
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/config-payload/posttest.dat b/testing/tests/ikev1-c-p/config-payload/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/config-payload/pretest.dat b/testing/tests/ikev1-c-p/config-payload/pretest.dat
new file mode 100644
index 000000000..014e80517
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1-c-p/config-payload/test.conf b/testing/tests/ikev1-c-p/config-payload/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/config-payload/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/nat-rw/description.txt b/testing/tests/ikev1-c-p/nat-rw/description.txt
new file mode 100644
index 000000000..dcf4b94bd
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/description.txt
@@ -0,0 +1,5 @@
+The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
+tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
+ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-c-p/nat-rw/evaltest.dat b/testing/tests/ikev1-c-p/nat-rw/evaltest.dat
new file mode 100644
index 000000000..86356dd30
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/evaltest.dat
@@ -0,0 +1,18 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t.*STATE_MAIN_R3.*ISAKMP SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun::  ipsec status 2> /dev/null::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon:: sleep 6::no output expected::NO
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+alice::cat /var/log/daemon.log::sending keep alive::YES
+venus::cat /var/log/daemon.log::sending keep alive::YES
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..864878104
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+		
+conn nat-t
+	left=%any
+	leftcert=aliceCert.pem
+	leftid=alice@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..dabff38e4
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  keep_alive = 5
+}
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..7e0e93ae8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	nat_traversal=yes
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn nat-t
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	leftsubnet=10.2.0.0/16
+	right=%any
+	rightsubnetwithin=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..c4c200a07
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/ipsec.conf
new file mode 100755
index 000000000..87bce2552
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn nat-t
+	left=%any
+	leftcert=venusCert.pem
+	leftid=@venus.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..dabff38e4
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  keep_alive = 5
+}
diff --git a/testing/tests/ikev1-c-p/nat-rw/posttest.dat b/testing/tests/ikev1-c-p/nat-rw/posttest.dat
new file mode 100644
index 000000000..52572ece8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/posttest.dat
@@ -0,0 +1,8 @@
+sun::ipsec stop
+alice::ipsec stop
+venus::ipsec stop
+alice::/etc/init.d/iptables stop 2> /dev/null
+venus::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables -t nat -F
+moon::conntrack -F
diff --git a/testing/tests/ikev1-c-p/nat-rw/pretest.dat b/testing/tests/ikev1-c-p/nat-rw/pretest.dat
new file mode 100644
index 000000000..e365ff5c5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/pretest.dat
@@ -0,0 +1,14 @@
+alice::/etc/init.d/iptables start 2> /dev/null
+venus::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+alice::ipsec start
+venus::ipsec start
+sun::ipsec start
+alice::sleep 2 
+alice::ipsec up nat-t
+venus::sleep 2 
+venus::ipsec up nat-t
+venus::sleep 2
diff --git a/testing/tests/ikev1-c-p/nat-rw/test.conf b/testing/tests/ikev1-c-p/nat-rw/test.conf
new file mode 100644
index 000000000..84317fd70
--- /dev/null
+++ b/testing/tests/ikev1-c-p/nat-rw/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1-c-p/net2net-cert/description.txt b/testing/tests/ikev1-c-p/net2net-cert/description.txt
new file mode 100644
index 000000000..7eea9192f
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/description.txt
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-c-p/net2net-cert/evaltest.dat b/testing/tests/ikev1-c-p/net2net-cert/evaltest.dat
new file mode 100644
index 000000000..5bf6af0b5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..46d243c18
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn net-net 
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-cert/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..902ae5f1b
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charonstart=no
+	plutodebug=control
+	crlcheckinterval=180
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn net-net 
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-cert/posttest.dat b/testing/tests/ikev1-c-p/net2net-cert/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/net2net-cert/pretest.dat b/testing/tests/ikev1-c-p/net2net-cert/pretest.dat
new file mode 100644
index 000000000..9f60760c6
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-c-p/net2net-cert/test.conf b/testing/tests/ikev1-c-p/net2net-cert/test.conf
new file mode 100644
index 000000000..d9a61590f
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/description.txt b/testing/tests/ikev1-c-p/net2net-psk-fail/description.txt
new file mode 100644
index 000000000..688182be4
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/description.txt
@@ -0,0 +1,5 @@
+A connection between the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b>
+uses a wrong PSK. This makes it impossible for gateway <b>sun</b> to decrypt the
+IKEv1 message correctly. Thus <b>sun</b> returns a <b>PAYLOAD-MALFORMED</b> error
+notify which in turn cannot be decrypted by <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/evaltest.dat b/testing/tests/ikev1-c-p/net2net-psk-fail/evaltest.dat
new file mode 100644
index 000000000..439f48eb3
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/evaltest.dat
@@ -0,0 +1,8 @@
+sun:: cat /var/log/auth.log::probable authentication failure::YES
+sun:: cat /var/log/auth.log::sending encrypted notification PAYLOAD_MALFORMED::YES
+moon::cat /var/log/daemon.log::invalid HASH_V1 payload length, decryption failed::YES
+moon::cat /var/log/daemon.log::ignore malformed INFORMATIONAL request::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::NO
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::NO
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e14b2efe1
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	
+conn net-net
+	left=PH_IP_MOON
+	leftid=moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftauth=psk
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	rightauth=psk
+	auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..85e0dc23a
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..238ec24b7
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..2574652eb
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn net-net
+	left=PH_IP_SUN
+	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..4ee78dc47
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/posttest.dat b/testing/tests/ikev1-c-p/net2net-psk-fail/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/pretest.dat b/testing/tests/ikev1-c-p/net2net-psk-fail/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/test.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk-fail/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-c-p/net2net-psk/description.txt b/testing/tests/ikev1-c-p/net2net-psk/description.txt
new file mode 100644
index 000000000..02cddbb83
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/description.txt
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK). Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-c-p/net2net-psk/evaltest.dat b/testing/tests/ikev1-c-p/net2net-psk/evaltest.dat
new file mode 100644
index 000000000..5bf6af0b5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e14b2efe1
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	
+conn net-net
+	left=PH_IP_MOON
+	leftid=moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftauth=psk
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	rightauth=psk
+	auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..dc4370792
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..238ec24b7
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..2574652eb
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn net-net
+	left=PH_IP_SUN
+	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..4ee78dc47
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk/posttest.dat b/testing/tests/ikev1-c-p/net2net-psk/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/net2net-psk/pretest.dat b/testing/tests/ikev1-c-p/net2net-psk/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-c-p/net2net-psk/test.conf b/testing/tests/ikev1-c-p/net2net-psk/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev1-c-p/net2net-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-c-p/rw-cert/description.txt b/testing/tests/ikev1-c-p/rw-cert/description.txt
new file mode 100644
index 000000000..15b3822b5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/rw-cert/evaltest.dat b/testing/tests/ikev1-c-p/rw-cert/evaltest.dat
new file mode 100644
index 000000000..c166fbc24
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/evaltest.dat
@@ -0,0 +1,13 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..e463e22ef
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..eb2bc55bf
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..c3fd646ae
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..eb2bc55bf
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3c328a715
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charonstart=no
+	plutodebug=control
+	crlcheckinterval=180
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3893b1997
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-c-p/rw-cert/posttest.dat b/testing/tests/ikev1-c-p/rw-cert/posttest.dat
new file mode 100644
index 000000000..126bf6005
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/posttest.dat
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/rw-cert/pretest.dat b/testing/tests/ikev1-c-p/rw-cert/pretest.dat
new file mode 100644
index 000000000..1e45f00fd
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/rw-cert/test.conf b/testing/tests/ikev1-c-p/rw-cert/test.conf
new file mode 100644
index 000000000..9cd583b16
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/description.txt b/testing/tests/ikev1-c-p/rw-psk-fqdn/description.txt
new file mode 100644
index 000000000..47f6968ae
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1-c-p/rw-psk-fqdn/evaltest.dat
new file mode 100644
index 000000000..4924c052f
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..021d4dcc8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_CAROL
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..47e31ca21
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..13816c764
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_DAVE
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..f6c1a22ef
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ea60cac31
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,32 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	rightid=carol@strongswan.org
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	rightid=dave@strongswan.org
+	auto=add
+	
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e3dd0fba3
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+@moon.strongswan.org dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/posttest.dat b/testing/tests/ikev1-c-p/rw-psk-fqdn/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1-c-p/rw-psk-fqdn/pretest.dat
new file mode 100644
index 000000000..761abe274
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/test.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-fqdn/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/description.txt b/testing/tests/ikev1-c-p/rw-psk-ipv4/description.txt
new file mode 100644
index 000000000..b4aaa6a6a
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1-c-p/rw-psk-ipv4/evaltest.dat
new file mode 100644
index 000000000..86ca69321
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*\[192.168.0.1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*\[192.168.0.1]::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..cb6ca3d0f
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,19 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..18a074472
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..0a293c8f1
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,19 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_DAVE
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..e989540e9
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..75be5b67b
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	auto=add
+	
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..55c639704
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+192.168.0.1 192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/posttest.dat b/testing/tests/ikev1-c-p/rw-psk-ipv4/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1-c-p/rw-psk-ipv4/pretest.dat
new file mode 100644
index 000000000..761abe274
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/test.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/rw-psk-ipv4/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/description.txt b/testing/tests/ikev1-c-p/xauth-id-psk-config/description.txt
new file mode 100644
index 000000000..fc417e416
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%config</b>
+parameter. The virtual IP addresses are registered under the users' XAUTH identity. 
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1-c-p/xauth-id-psk-config/evaltest.dat
new file mode 100644
index 000000000..bdc87d7f6
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/evaltest.dat
@@ -0,0 +1,24 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave::YES
+moon:: cat /var/log/auth.log::assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/auth.log::assigning virtual IP 10.3.0.2 to peer::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..dfeaab80d
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_CAROL
+	leftid=PH_IP_CAROL
+	leftsourceip=%config
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	xauth_identity=carol
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..e2cea4e3d
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,9 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq
+
+@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+@sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..1fb5d14b1
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..8f92870a0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_DAVE
+	leftid=PH_IP_DAVE
+	leftsourceip=%config
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	xauth_identity=dave
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..25e8c2796
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..1fb5d14b1
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..f03d545ea
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	xauth=server
+	pfs=no
+
+conn rw
+	left=PH_IP_MOON
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	rightsourceip=10.3.0.0/24
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..20d8e0269
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..6dab4fe28
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth attr kernel-netlink
+  dns1 = 192.168.0.150
+  dns2 = 10.1.0.20
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/posttest.dat b/testing/tests/ikev1-c-p/xauth-id-psk-config/posttest.dat
new file mode 100644
index 000000000..f90d222b5
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/posttest.dat
@@ -0,0 +1,8 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/pretest.dat b/testing/tests/ikev1-c-p/xauth-id-psk-config/pretest.dat
new file mode 100644
index 000000000..95a6be131
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/test.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/test.conf
new file mode 100644
index 000000000..75510b295
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-psk-config/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/description.txt b/testing/tests/ikev1-c-p/xauth-id-rsa/description.txt
new file mode 100644
index 000000000..9483c8f39
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names defined by the <b>xauth_identity</b> parameter (<b>carol</b> and <b>dave</b>,
+respectively) and corresponding user passwords defined and stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/evaltest.dat b/testing/tests/ikev1-c-p/xauth-id-rsa/evaltest.dat
new file mode 100644
index 000000000..bd98d497c
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/evaltest.dat
@@ -0,0 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..aa861be93
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	xauth_identity=carol
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..29492b5f9
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..e1f02f6f8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	xauth_identity=dave
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..8cf7db530
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..732b5494f
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+	pfs=no
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..fef50218a
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/posttest.dat b/testing/tests/ikev1-c-p/xauth-id-rsa/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/pretest.dat b/testing/tests/ikev1-c-p/xauth-id-rsa/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/test.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-id-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-psk/description.txt b/testing/tests/ikev1-c-p/xauth-psk/description.txt
new file mode 100644
index 000000000..0ac2043c2
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/description.txt
@@ -0,0 +1,9 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-psk/evaltest.dat b/testing/tests/ikev1-c-p/xauth-psk/evaltest.dat
new file mode 100644
index 000000000..355eabd98
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/evaltest.dat
@@ -0,0 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
+moon:: cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..9befe747b
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_CAROL
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..a899783bd
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..61260f891
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..fbd777755
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_DAVE
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c8506152
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..61260f891
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..30c55d216
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	xauth=server
+	pfs=no
+
+conn rw
+	left=PH_IP_MOON
+	leftid=moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..ae45ea03e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org %any : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..58cc78ee8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-psk/posttest.dat b/testing/tests/ikev1-c-p/xauth-psk/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-psk/pretest.dat b/testing/tests/ikev1-c-p/xauth-psk/pretest.dat
new file mode 100644
index 000000000..95a6be131
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-psk/test.conf b/testing/tests/ikev1-c-p/xauth-psk/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/description.txt b/testing/tests/ikev1-c-p/xauth-rsa-config/description.txt
new file mode 100644
index 000000000..1ada58fbe
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next both <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the
+<b>leftsourceip=%config</b> parameter.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/evaltest.dat b/testing/tests/ikev1-c-p/xauth-rsa-config/evaltest.dat
new file mode 100644
index 000000000..34e3ad3a4
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/evaltest.dat
@@ -0,0 +1,20 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::carol.*extended authentication was successful::YES
+moon:: cat /var/log/auth.log::dave.*extended authentication was successful::YES
+moon:: cat /var/log/auth.log::rw-carol.*assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/auth.log::rw-dave.*assigning virtual IP 10.3.0.2 to peer::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..b27b3bc01
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..4a77c3b97
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..ec5842e3a
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c0248b84
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..4e4ec0f30
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,31 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control"
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+	authby=xauthrsasig
+	xauth=server
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
+
+conn rw-carol
+	rightid=carol@strongswan.org
+	rightsourceip=PH_IP_CAROL1
+
+conn rw-dave
+	rightid=dave@strongswan.org
+	rightsourceip=PH_IP_DAVE1
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..1ba66971a
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/posttest.dat b/testing/tests/ikev1-c-p/xauth-rsa-config/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/pretest.dat b/testing/tests/ikev1-c-p/xauth-rsa-config/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/test.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa-config/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/description.txt b/testing/tests/ikev1-c-p/xauth-rsa/description.txt
new file mode 100644
index 000000000..a9b76b618
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names equal to the <b>IKEv1 identity</b> (<b>carol@strongswan.org</b> and
+<b>dave@strongswan.org</b>, respectively) and corresponding user passwords defined and
+stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/evaltest.dat b/testing/tests/ikev1-c-p/xauth-rsa/evaltest.dat
new file mode 100644
index 000000000..6dca99bd0
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/evaltest.dat
@@ -0,0 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol@strongswan.org::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave@strongswan.org::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..8cf84711e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..4a77c3b97
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..bb11eb989
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c0248b84
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..732b5494f
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+	pfs=no
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..1ba66971a
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/posttest.dat b/testing/tests/ikev1-c-p/xauth-rsa/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/pretest.dat b/testing/tests/ikev1-c-p/xauth-rsa/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/test.conf b/testing/tests/ikev1-c-p/xauth-rsa/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-c-p/xauth-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/description.txt b/testing/tests/ikev1-p-c/alg-blowfish/description.txt
new file mode 100644
index 000000000..24b50b909
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/evaltest.dat b/testing/tests/ikev1-p-c/alg-blowfish/evaltest.dat
new file mode 100644
index 000000000..e8f0b05ef
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/evaltest.dat
@@ -0,0 +1,16 @@
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_2048::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::ESP proposal: BLOWFISH_CBC_192/HMAC_SHA2_384::YES
+dave:: ipsec statusall 2> /dev/null::ESP proposal: BLOWFISH_CBC_128/HMAC_SHA2_256::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..96255f293
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control crypt"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish256-sha512-modp2048!
+	esp=blowfish192-sha384!
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..c03a08517
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..c957cb4b4
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control crypt"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish128-sha256-modp1536!
+	esp=blowfish128-sha256!
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..c03a08517
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ebac92bca
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+	esp=blowfish192-sha384,blowfish128-sha256!
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..1f0fd41a8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/posttest.dat b/testing/tests/ikev1-p-c/alg-blowfish/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/pretest.dat b/testing/tests/ikev1-p-c/alg-blowfish/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/test.conf b/testing/tests/ikev1-p-c/alg-blowfish/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/alg-blowfish/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/config-payload/description.txt b/testing/tests/ikev1-p-c/config-payload/description.txt
new file mode 100644
index 000000000..ff6928e89
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
+by using the <b>leftsourceip=%config</b> parameter. <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the
+tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway
+<b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b>
+and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1-p-c/config-payload/evaltest.dat b/testing/tests/ikev1-p-c/config-payload/evaltest.dat
new file mode 100644
index 000000000..01ad1b53e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/evaltest.dat
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..0baa9443d
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%modeconfig
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
+
+
+
+
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..d8cee31c2
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..223a66e45
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%modeconfig
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
+
+
+
+
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d8cee31c2
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ea6cd0d31
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+
+conn rw-carol
+	right=%any
+	rightid=carol@strongswan.org
+	rightsourceip=PH_IP_CAROL1
+	auto=add
+
+conn rw-dave
+	right=%any
+	rightid=dave@strongswan.org
+	rightsourceip=PH_IP_DAVE1
+	auto=add
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..002166a54
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
+
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_VENUS
+}
diff --git a/testing/tests/ikev1-p-c/config-payload/posttest.dat b/testing/tests/ikev1-p-c/config-payload/posttest.dat
new file mode 100644
index 000000000..42fa8359b
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-p-c/config-payload/pretest.dat b/testing/tests/ikev1-p-c/config-payload/pretest.dat
new file mode 100644
index 000000000..bb222992e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1-p-c/config-payload/test.conf b/testing/tests/ikev1-p-c/config-payload/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev1-p-c/config-payload/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/nat-rw/description.txt b/testing/tests/ikev1-p-c/nat-rw/description.txt
new file mode 100644
index 000000000..dcf4b94bd
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/description.txt
@@ -0,0 +1,5 @@
+The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
+tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
+ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-c/nat-rw/evaltest.dat b/testing/tests/ikev1-p-c/nat-rw/evaltest.dat
new file mode 100644
index 000000000..43494dd13
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/evaltest.dat
@@ -0,0 +1,17 @@
+alice::ipsec status 2> /dev/null::nat-t.*STATE_MAIN_I4.*ISAKMP SA established::YES
+venus::ipsec status 2> /dev/null::nat-t.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
+venus::ipsec status 2> /dev/null::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+alice::cat /var/log/auth.log::inserting event EVENT_NAT_T_KEEPALIVE, timeout in 5 seconds::YES
+venus::cat /var/log/auth.log::inserting event EVENT_NAT_T_KEEPALIVE, timeout in 5 seconds::YES
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..dd7e13231
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	nat_traversal=yes
+	keep_alive=5
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+		
+conn nat-t
+	left=%defaultroute
+	leftcert=aliceCert.pem
+	leftid=alice@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..2d9cbf786
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn nat-t
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	leftsubnet=10.2.0.0/16
+	right=%any
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca23c6971
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/venus/etc/ipsec.conf
new file mode 100755
index 000000000..50dcccafe
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/hosts/venus/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	nat_traversal=yes
+	keep_alive=5
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn nat-t
+	left=%defaultroute
+	leftcert=venusCert.pem
+	leftid=@venus.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/nat-rw/posttest.dat b/testing/tests/ikev1-p-c/nat-rw/posttest.dat
new file mode 100644
index 000000000..52572ece8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/posttest.dat
@@ -0,0 +1,8 @@
+sun::ipsec stop
+alice::ipsec stop
+venus::ipsec stop
+alice::/etc/init.d/iptables stop 2> /dev/null
+venus::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables -t nat -F
+moon::conntrack -F
diff --git a/testing/tests/ikev1-p-c/nat-rw/pretest.dat b/testing/tests/ikev1-p-c/nat-rw/pretest.dat
new file mode 100644
index 000000000..dd5259936
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/pretest.dat
@@ -0,0 +1,13 @@
+alice::/etc/init.d/iptables start 2> /dev/null
+venus::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+alice::ipsec start
+venus::ipsec start
+sun::ipsec start
+alice::sleep 5 
+alice::ipsec up nat-t
+venus::sleep 5 
+venus::ipsec up nat-t
diff --git a/testing/tests/ikev1-p-c/nat-rw/test.conf b/testing/tests/ikev1-p-c/nat-rw/test.conf
new file mode 100644
index 000000000..84317fd70
--- /dev/null
+++ b/testing/tests/ikev1-p-c/nat-rw/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1-p-c/net2net-cert/description.txt b/testing/tests/ikev1-p-c/net2net-cert/description.txt
new file mode 100644
index 000000000..7eea9192f
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/description.txt
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-c/net2net-cert/evaltest.dat b/testing/tests/ikev1-p-c/net2net-cert/evaltest.dat
new file mode 100644
index 000000000..ddccf706f
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-cert/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..04242ea25
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charonstart=no
+	plutodebug=control
+	crlcheckinterval=180
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn net-net 
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..6545f66c9
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev1
+
+conn net-net 
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/net2net-cert/posttest.dat b/testing/tests/ikev1-p-c/net2net-cert/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/net2net-cert/pretest.dat b/testing/tests/ikev1-p-c/net2net-cert/pretest.dat
new file mode 100644
index 000000000..9f60760c6
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-c/net2net-cert/test.conf b/testing/tests/ikev1-p-c/net2net-cert/test.conf
new file mode 100644
index 000000000..d9a61590f
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/description.txt b/testing/tests/ikev1-p-c/net2net-psk-fail/description.txt
new file mode 100644
index 000000000..688182be4
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/description.txt
@@ -0,0 +1,5 @@
+A connection between the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b>
+uses a wrong PSK. This makes it impossible for gateway <b>sun</b> to decrypt the
+IKEv1 message correctly. Thus <b>sun</b> returns a <b>PAYLOAD-MALFORMED</b> error
+notify which in turn cannot be decrypted by <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/evaltest.dat b/testing/tests/ikev1-p-c/net2net-psk-fail/evaltest.dat
new file mode 100644
index 000000000..0b9520bb2
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/evaltest.dat
@@ -0,0 +1,7 @@
+sun:: cat /var/log/daemon.log::invalid ID_V1 payload length, decryption failed::YES
+sun:: cat /var/log/daemon.log::generating INFORMATIONAL_V1 request.*HASH N(PLD_MAL)::YES
+moon::cat /var/log/auth.log::malformed payload in packet::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::NO
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::NO
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::NO
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..fbafb4221
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn net-net
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightsubnet=10.2.0.0/16
+	rightid=@sun.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..a294f246d
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..027287ad4
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn net-net
+	left=PH_IP_SUN
+	leftsubnet=10.2.0.0/16
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..27185fbc5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.1 192.168.0.2 : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/posttest.dat b/testing/tests/ikev1-p-c/net2net-psk-fail/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/pretest.dat b/testing/tests/ikev1-p-c/net2net-psk-fail/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/test.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk-fail/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-c/net2net-psk/description.txt b/testing/tests/ikev1-p-c/net2net-psk/description.txt
new file mode 100644
index 000000000..02cddbb83
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/description.txt
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK). Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-c/net2net-psk/evaltest.dat b/testing/tests/ikev1-p-c/net2net-psk/evaltest.dat
new file mode 100644
index 000000000..ddccf706f
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..fbafb4221
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn net-net
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightsubnet=10.2.0.0/16
+	rightid=@sun.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..27185fbc5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.1 192.168.0.2 : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..027287ad4
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn net-net
+	left=PH_IP_SUN
+	leftsubnet=10.2.0.0/16
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..27185fbc5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.1 192.168.0.2 : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk/posttest.dat b/testing/tests/ikev1-p-c/net2net-psk/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/net2net-psk/pretest.dat b/testing/tests/ikev1-p-c/net2net-psk/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-c/net2net-psk/test.conf b/testing/tests/ikev1-p-c/net2net-psk/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev1-p-c/net2net-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-c/rw-cert/description.txt b/testing/tests/ikev1-p-c/rw-cert/description.txt
new file mode 100644
index 000000000..15b3822b5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/rw-cert/evaltest.dat b/testing/tests/ikev1-p-c/rw-cert/evaltest.dat
new file mode 100644
index 000000000..1483ff1fe
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..9d3af5330
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charonstart=no
+	plutodebug=control
+	crlcheckinterval=180
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..3893b1997
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..020b8c053
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charonstart=no
+	plutodebug=control
+	crlcheckinterval=180
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..3893b1997
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..9931d8711
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..eb2bc55bf
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-c/rw-cert/posttest.dat b/testing/tests/ikev1-p-c/rw-cert/posttest.dat
new file mode 100644
index 000000000..126bf6005
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/posttest.dat
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/rw-cert/pretest.dat b/testing/tests/ikev1-p-c/rw-cert/pretest.dat
new file mode 100644
index 000000000..1e45f00fd
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/rw-cert/test.conf b/testing/tests/ikev1-p-c/rw-cert/test.conf
new file mode 100644
index 000000000..9cd583b16
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/description.txt b/testing/tests/ikev1-p-c/rw-psk-fqdn/description.txt
new file mode 100644
index 000000000..47f6968ae
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1-p-c/rw-psk-fqdn/evaltest.dat
new file mode 100644
index 000000000..7a12371a3
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..091fec67e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..18a074472
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..e709ee494
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn home
+	left=PH_IP_DAVE
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..e989540e9
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..20bbef0b2
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	auto=add
+	
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..55c639704
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+192.168.0.1 192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/posttest.dat b/testing/tests/ikev1-p-c/rw-psk-fqdn/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1-p-c/rw-psk-fqdn/pretest.dat
new file mode 100644
index 000000000..761abe274
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/test.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-fqdn/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/description.txt b/testing/tests/ikev1-p-c/rw-psk-ipv4/description.txt
new file mode 100644
index 000000000..b4aaa6a6a
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1-p-c/rw-psk-ipv4/evaltest.dat
new file mode 100644
index 000000000..7a12371a3
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..091fec67e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..18a074472
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..e709ee494
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	pfs=no
+	
+conn home
+	left=PH_IP_DAVE
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..e989540e9
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..20bbef0b2
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	auto=add
+	
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..0cd102226
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+192.168.0.1 192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/posttest.dat b/testing/tests/ikev1-p-c/rw-psk-ipv4/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1-p-c/rw-psk-ipv4/pretest.dat
new file mode 100644
index 000000000..761abe274
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/test.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/rw-psk-ipv4/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/description.txt b/testing/tests/ikev1-p-c/xauth-id-psk-config/description.txt
new file mode 100644
index 000000000..fc417e416
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%config</b>
+parameter. The virtual IP addresses are registered under the users' XAUTH identity. 
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1-p-c/xauth-id-psk-config/evaltest.dat
new file mode 100644
index 000000000..338aeb1c7
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/evaltest.dat
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..2510da06a
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	xauth_identity=carol
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..547bc1f5c
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,9 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 @dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq
+
+192.168.0.100 @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.100 @sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f15001a90
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..3b43e1432
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	xauth_identity=dave
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..25e8c2796
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..f15001a90
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..cdafdb76e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	rightsourceip=10.3.0.0/24
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..20d8e0269
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..422538cec
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic attr kernel-netlink socket-default stroke updown
+  dns1 = 192.168.0.150
+  dns2 = 10.1.0.20
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/posttest.dat b/testing/tests/ikev1-p-c/xauth-id-psk-config/posttest.dat
new file mode 100644
index 000000000..f90d222b5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/posttest.dat
@@ -0,0 +1,8 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/pretest.dat b/testing/tests/ikev1-p-c/xauth-id-psk-config/pretest.dat
new file mode 100644
index 000000000..95a6be131
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/test.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/test.conf
new file mode 100644
index 000000000..75510b295
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-psk-config/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/description.txt b/testing/tests/ikev1-p-c/xauth-id-rsa/description.txt
new file mode 100644
index 000000000..9483c8f39
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names defined by the <b>xauth_identity</b> parameter (<b>carol</b> and <b>dave</b>,
+respectively) and corresponding user passwords defined and stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/evaltest.dat b/testing/tests/ikev1-p-c/xauth-id-rsa/evaltest.dat
new file mode 100644
index 000000000..a6bd45fd3
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/evaltest.dat
@@ -0,0 +1,18 @@
+carol::ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+dave:: ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..a4a35e518
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	xauth_identity=carol
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..29492b5f9
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..5c671ddf7
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	xauth_identity=dave
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..8cf7db530
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..a981739b8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..fef50218a
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/posttest.dat b/testing/tests/ikev1-p-c/xauth-id-rsa/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/pretest.dat b/testing/tests/ikev1-p-c/xauth-id-rsa/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/xauth-id-rsa/test.conf b/testing/tests/ikev1-p-c/xauth-id-rsa/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-id-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/xauth-psk/description.txt b/testing/tests/ikev1-p-c/xauth-psk/description.txt
new file mode 100644
index 000000000..0ac2043c2
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/description.txt
@@ -0,0 +1,9 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/xauth-psk/evaltest.dat b/testing/tests/ikev1-p-c/xauth-psk/evaltest.dat
new file mode 100644
index 000000000..f25dba6a5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/evaltest.dat
@@ -0,0 +1,18 @@
+carol::ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+dave:: ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..34d73865a
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..a899783bd
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..58cc78ee8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..3559c578f
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c8506152
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..58cc78ee8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..2b9a83719
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..ae45ea03e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org %any : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..61260f891
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-psk/posttest.dat b/testing/tests/ikev1-p-c/xauth-psk/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/xauth-psk/pretest.dat b/testing/tests/ikev1-p-c/xauth-psk/pretest.dat
new file mode 100644
index 000000000..95a6be131
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/xauth-psk/test.conf b/testing/tests/ikev1-p-c/xauth-psk/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/description.txt b/testing/tests/ikev1-p-c/xauth-rsa-config/description.txt
new file mode 100644
index 000000000..1ada58fbe
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next both <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the
+<b>leftsourceip=%config</b> parameter.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/evaltest.dat b/testing/tests/ikev1-p-c/xauth-rsa-config/evaltest.dat
new file mode 100644
index 000000000..bbbe6e253
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/evaltest.dat
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..68ed753e6
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..4a77c3b97
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..3fe83ff5f
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c0248b84
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..2dff01480
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
+
+conn rw-carol
+	rightid=carol@strongswan.org
+	rightsourceip=PH_IP_CAROL1
+
+conn rw-dave
+ 	rightid=dave@strongswan.org
+ 	rightsourceip=PH_IP_DAVE1
+
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..1ba66971a
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/posttest.dat b/testing/tests/ikev1-p-c/xauth-rsa-config/posttest.dat
new file mode 100644
index 000000000..f90d222b5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/posttest.dat
@@ -0,0 +1,8 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/pretest.dat b/testing/tests/ikev1-p-c/xauth-rsa-config/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/xauth-rsa-config/test.conf b/testing/tests/ikev1-p-c/xauth-rsa-config/test.conf
new file mode 100644
index 000000000..75510b295
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa-config/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/description.txt b/testing/tests/ikev1-p-c/xauth-rsa/description.txt
new file mode 100644
index 000000000..a9b76b618
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names equal to the <b>IKEv1 identity</b> (<b>carol@strongswan.org</b> and
+<b>dave@strongswan.org</b>, respectively) and corresponding user passwords defined and
+stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/evaltest.dat b/testing/tests/ikev1-p-c/xauth-rsa/evaltest.dat
new file mode 100644
index 000000000..f25dba6a5
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/evaltest.dat
@@ -0,0 +1,18 @@
+carol::ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+dave:: ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..0c66858eb
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	pfs=no
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..4a77c3b97
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..56e4b4f42
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	pfs=no
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c0248b84
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..a981739b8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..1ba66971a
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/posttest.dat b/testing/tests/ikev1-p-c/xauth-rsa/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/pretest.dat b/testing/tests/ikev1-p-c/xauth-rsa/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/xauth-rsa/test.conf b/testing/tests/ikev1-p-c/xauth-rsa/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-c/xauth-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/description.txt b/testing/tests/ikev1-p-p/alg-blowfish/description.txt
new file mode 100644
index 000000000..24b50b909
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/evaltest.dat b/testing/tests/ikev1-p-p/alg-blowfish/evaltest.dat
new file mode 100644
index 000000000..e5a0a73e7
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_2048::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::ESP proposal: BLOWFISH_CBC_192/HMAC_SHA2_384::YES
+dave:: ipsec statusall 2> /dev/null::ESP proposal: BLOWFISH_CBC_128/HMAC_SHA2_256::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..106700ee6
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control crypt"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish256-sha512-modp2048!
+	esp=blowfish192-sha384!
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..c03a08517
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..7aed45b05
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control crypt"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish128-sha256-modp1536!
+	esp=blowfish128-sha256!
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..c03a08517
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..bb4fe6ed6
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control crypt"
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+	esp=blowfish192-sha384,blowfish128-sha256!
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..c03a08517
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/posttest.dat b/testing/tests/ikev1-p-p/alg-blowfish/posttest.dat
new file mode 100644
index 000000000..ed530f6d9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/posttest.dat
@@ -0,0 +1,3 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/pretest.dat b/testing/tests/ikev1-p-p/alg-blowfish/pretest.dat
new file mode 100644
index 000000000..cedd11197
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/pretest.dat
@@ -0,0 +1,8 @@
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1-p-p/alg-blowfish/test.conf b/testing/tests/ikev1-p-p/alg-blowfish/test.conf
new file mode 100644
index 000000000..b23157312
--- /dev/null
+++ b/testing/tests/ikev1-p-p/alg-blowfish/test.conf
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
diff --git a/testing/tests/ikev1-p-p/config-payload/description.txt b/testing/tests/ikev1-p-p/config-payload/description.txt
new file mode 100644
index 000000000..ff6928e89
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
+by using the <b>leftsourceip=%config</b> parameter. <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the
+tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway
+<b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b>
+and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1-p-p/config-payload/evaltest.dat b/testing/tests/ikev1-p-p/config-payload/evaltest.dat
new file mode 100644
index 000000000..661a60748
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/evaltest.dat
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..05af5154a
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%modeconfig
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
+
+
+
+
diff --git a/testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..d8cee31c2
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..ef7dead58
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%modeconfig
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
+
+
+
+
diff --git a/testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d8cee31c2
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3c29af5d9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,32 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	rekey=no
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftsourceip=PH_IP_MOON1
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+
+conn rw-carol
+	right=%any
+	rightid=carol@strongswan.org
+	rightsourceip=PH_IP_CAROL1
+	auto=add
+
+conn rw-dave
+	right=%any
+	rightid=dave@strongswan.org
+	rightsourceip=PH_IP_DAVE1
+	auto=add
diff --git a/testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..91cdbae63
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl attr kernel-netlink
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_VENUS
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/config-payload/posttest.dat b/testing/tests/ikev1-p-p/config-payload/posttest.dat
new file mode 100644
index 000000000..42fa8359b
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-p-p/config-payload/pretest.dat b/testing/tests/ikev1-p-p/config-payload/pretest.dat
new file mode 100644
index 000000000..bb222992e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1-p-p/config-payload/test.conf b/testing/tests/ikev1-p-p/config-payload/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev1-p-p/config-payload/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/nat-rw/description.txt b/testing/tests/ikev1-p-p/nat-rw/description.txt
new file mode 100644
index 000000000..dcf4b94bd
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/description.txt
@@ -0,0 +1,5 @@
+The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
+tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
+ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-p/nat-rw/evaltest.dat b/testing/tests/ikev1-p-p/nat-rw/evaltest.dat
new file mode 100644
index 000000000..cfd6c11f9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/evaltest.dat
@@ -0,0 +1,17 @@
+alice::ipsec status 2> /dev/null::nat-t.*STATE_MAIN_I4.*ISAKMP SA established::YES
+venus::ipsec status 2> /dev/null::nat-t.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t.*STATE_MAIN_R3.*ISAKMP SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
+venus::ipsec status 2> /dev/null::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+alice::cat /var/log/auth.log::inserting event EVENT_NAT_T_KEEPALIVE, timeout in 5 seconds::YES
+venus::cat /var/log/auth.log::inserting event EVENT_NAT_T_KEEPALIVE, timeout in 5 seconds::YES
diff --git a/testing/tests/ikev1-p-p/nat-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1-p-p/nat-rw/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..c03e47277
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	nat_traversal=yes
+	keep_alive=5
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+		
+conn nat-t
+	left=%defaultroute
+	leftcert=aliceCert.pem
+	leftid=alice@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..c074d7b23
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	nat_traversal=yes
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn nat-t
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	leftsubnet=10.2.0.0/16
+	right=%any
+	rightsubnetwithin=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..c4c200a07
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/nat-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1-p-p/nat-rw/hosts/venus/etc/ipsec.conf
new file mode 100755
index 000000000..22b6a85fe
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/hosts/venus/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	nat_traversal=yes
+	keep_alive=5
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn nat-t
+	left=%defaultroute
+	leftcert=venusCert.pem
+	leftid=@venus.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/nat-rw/posttest.dat b/testing/tests/ikev1-p-p/nat-rw/posttest.dat
new file mode 100644
index 000000000..52572ece8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/posttest.dat
@@ -0,0 +1,8 @@
+sun::ipsec stop
+alice::ipsec stop
+venus::ipsec stop
+alice::/etc/init.d/iptables stop 2> /dev/null
+venus::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables -t nat -F
+moon::conntrack -F
diff --git a/testing/tests/ikev1-p-p/nat-rw/pretest.dat b/testing/tests/ikev1-p-p/nat-rw/pretest.dat
new file mode 100644
index 000000000..dd5259936
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/pretest.dat
@@ -0,0 +1,13 @@
+alice::/etc/init.d/iptables start 2> /dev/null
+venus::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+alice::ipsec start
+venus::ipsec start
+sun::ipsec start
+alice::sleep 5 
+alice::ipsec up nat-t
+venus::sleep 5 
+venus::ipsec up nat-t
diff --git a/testing/tests/ikev1-p-p/nat-rw/test.conf b/testing/tests/ikev1-p-p/nat-rw/test.conf
new file mode 100644
index 000000000..84317fd70
--- /dev/null
+++ b/testing/tests/ikev1-p-p/nat-rw/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1-p-p/net2net-cert/description.txt b/testing/tests/ikev1-p-p/net2net-cert/description.txt
new file mode 100644
index 000000000..7eea9192f
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-cert/description.txt
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-p/net2net-cert/evaltest.dat b/testing/tests/ikev1-p-p/net2net-cert/evaltest.dat
new file mode 100644
index 000000000..b242915a9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-cert/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-p/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/net2net-cert/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..45d555fee
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charonstart=no
+	plutodebug=control
+	crlcheckinterval=180
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn net-net 
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-p/net2net-cert/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..be7abd45b
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-cert/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	charonstart=no
+	plutodebug=control
+	crlcheckinterval=180
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev1
+
+conn net-net 
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/net2net-cert/posttest.dat b/testing/tests/ikev1-p-p/net2net-cert/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-cert/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/net2net-cert/pretest.dat b/testing/tests/ikev1-p-p/net2net-cert/pretest.dat
new file mode 100644
index 000000000..9f60760c6
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-cert/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-p/net2net-cert/test.conf b/testing/tests/ikev1-p-p/net2net-cert/test.conf
new file mode 100644
index 000000000..d9a61590f
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/description.txt b/testing/tests/ikev1-p-p/net2net-psk-fail/description.txt
new file mode 100644
index 000000000..688182be4
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/description.txt
@@ -0,0 +1,5 @@
+A connection between the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b>
+uses a wrong PSK. This makes it impossible for gateway <b>sun</b> to decrypt the
+IKEv1 message correctly. Thus <b>sun</b> returns a <b>PAYLOAD-MALFORMED</b> error
+notify which in turn cannot be decrypted by <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/evaltest.dat b/testing/tests/ikev1-p-p/net2net-psk-fail/evaltest.dat
new file mode 100644
index 000000000..14aaa5a15
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/evaltest.dat
@@ -0,0 +1,8 @@
+sun:: cat /var/log/auth.log::probable authentication failure::YES
+sun:: cat /var/log/auth.log::sending encrypted notification PAYLOAD_MALFORMED::YES
+moon::cat /var/log/auth.log::next payload type of ISAKMP Hash Payload has an unknown value::YES
+moon::cat /var/log/auth.log::malformed payload in packet::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::NO
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::NO
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::NO
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..c63ec2f30
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn net-net
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightsubnet=10.2.0.0/16
+	rightid=@sun.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..bc10b9c15
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx
+
+
+
+
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..e21ee9910
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn net-net
+	left=PH_IP_SUN
+	leftsubnet=10.2.0.0/16
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..be95c4d99
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+
+
+
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/posttest.dat b/testing/tests/ikev1-p-p/net2net-psk-fail/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/pretest.dat b/testing/tests/ikev1-p-p/net2net-psk-fail/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-p/net2net-psk-fail/test.conf b/testing/tests/ikev1-p-p/net2net-psk-fail/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk-fail/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-p/net2net-psk/description.txt b/testing/tests/ikev1-p-p/net2net-psk/description.txt
new file mode 100644
index 000000000..02cddbb83
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/description.txt
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK). Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-p/net2net-psk/evaltest.dat b/testing/tests/ikev1-p-p/net2net-psk/evaltest.dat
new file mode 100644
index 000000000..b242915a9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..c63ec2f30
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn net-net
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightsubnet=10.2.0.0/16
+	rightid=@sun.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..be95c4d99
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+
+
+
diff --git a/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..e21ee9910
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn net-net
+	left=PH_IP_SUN
+	leftsubnet=10.2.0.0/16
+	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.secrets
new file mode 100644
index 000000000..be95c4d99
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+
+
+
diff --git a/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/net2net-psk/posttest.dat b/testing/tests/ikev1-p-p/net2net-psk/posttest.dat
new file mode 100644
index 000000000..5a9150bc8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/net2net-psk/pretest.dat b/testing/tests/ikev1-p-p/net2net-psk/pretest.dat
new file mode 100644
index 000000000..9e40684ab
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/pretest.dat
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-p/net2net-psk/test.conf b/testing/tests/ikev1-p-p/net2net-psk/test.conf
new file mode 100644
index 000000000..f74d0f7d6
--- /dev/null
+++ b/testing/tests/ikev1-p-p/net2net-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-p/rw-cert/description.txt b/testing/tests/ikev1-p-p/rw-cert/description.txt
new file mode 100644
index 000000000..15b3822b5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/rw-cert/evaltest.dat b/testing/tests/ikev1-p-p/rw-cert/evaltest.dat
new file mode 100644
index 000000000..60f02e520
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1-p-p/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..3893b1997
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-p/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..3893b1997
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-p/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..3893b1997
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-p/rw-cert/posttest.dat b/testing/tests/ikev1-p-p/rw-cert/posttest.dat
new file mode 100644
index 000000000..126bf6005
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/posttest.dat
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/rw-cert/pretest.dat b/testing/tests/ikev1-p-p/rw-cert/pretest.dat
new file mode 100644
index 000000000..1e45f00fd
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/rw-cert/test.conf b/testing/tests/ikev1-p-p/rw-cert/test.conf
new file mode 100644
index 000000000..9cd583b16
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-cert/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/description.txt b/testing/tests/ikev1-p-p/rw-psk-fqdn/description.txt
new file mode 100644
index 000000000..47f6968ae
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1-p-p/rw-psk-fqdn/evaltest.dat
new file mode 100644
index 000000000..f55b386d8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..f6720102f
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_CAROL
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..47e31ca21
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..b78e5b703
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_DAVE
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..f6c1a22ef
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..98ca84a16
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,31 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	rightid=carol@strongswan.org
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	rightid=dave@strongswan.org
+	auto=add
+	
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e3dd0fba3
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+@moon.strongswan.org dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/posttest.dat b/testing/tests/ikev1-p-p/rw-psk-fqdn/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1-p-p/rw-psk-fqdn/pretest.dat
new file mode 100644
index 000000000..761abe274
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/rw-psk-fqdn/test.conf b/testing/tests/ikev1-p-p/rw-psk-fqdn/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-fqdn/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/description.txt b/testing/tests/ikev1-p-p/rw-psk-ipv4/description.txt
new file mode 100644
index 000000000..b4aaa6a6a
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1-p-p/rw-psk-ipv4/evaltest.dat
new file mode 100644
index 000000000..f55b386d8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..0d2a5d2c4
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..18a074472
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..781157a6b
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_DAVE
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..e989540e9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..f65978118
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	auto=add
+	
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..0cd102226
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+192.168.0.1 192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..f9a03fef5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/posttest.dat b/testing/tests/ikev1-p-p/rw-psk-ipv4/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1-p-p/rw-psk-ipv4/pretest.dat
new file mode 100644
index 000000000..761abe274
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/rw-psk-ipv4/test.conf b/testing/tests/ikev1-p-p/rw-psk-ipv4/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/rw-psk-ipv4/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/description.txt b/testing/tests/ikev1-p-p/xauth-id-psk-config/description.txt
new file mode 100644
index 000000000..fc417e416
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%config</b>
+parameter. The virtual IP addresses are registered under the users' XAUTH identity. 
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1-p-p/xauth-id-psk-config/evaltest.dat
new file mode 100644
index 000000000..2dd42424c
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/evaltest.dat
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave::YES
+moon:: cat /var/log/auth.log::assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/auth.log::assigning virtual IP 10.3.0.2 to peer::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..38d8275ea
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	xauth_identity=carol
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..547bc1f5c
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,9 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 @dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq
+
+192.168.0.100 @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.100 @sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..f15001a90
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..7fdbf9c66
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	xauth_identity=dave
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..25e8c2796
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..f15001a90
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..b15f72e85
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	rightsourceip=10.3.0.0/24
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..20d8e0269
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..6dab4fe28
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth attr kernel-netlink
+  dns1 = 192.168.0.150
+  dns2 = 10.1.0.20
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/posttest.dat b/testing/tests/ikev1-p-p/xauth-id-psk-config/posttest.dat
new file mode 100644
index 000000000..f90d222b5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/posttest.dat
@@ -0,0 +1,8 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/pretest.dat b/testing/tests/ikev1-p-p/xauth-id-psk-config/pretest.dat
new file mode 100644
index 000000000..95a6be131
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/xauth-id-psk-config/test.conf b/testing/tests/ikev1-p-p/xauth-id-psk-config/test.conf
new file mode 100644
index 000000000..75510b295
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-psk-config/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/description.txt b/testing/tests/ikev1-p-p/xauth-id-rsa/description.txt
new file mode 100644
index 000000000..9483c8f39
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names defined by the <b>xauth_identity</b> parameter (<b>carol</b> and <b>dave</b>,
+respectively) and corresponding user passwords defined and stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/evaltest.dat b/testing/tests/ikev1-p-p/xauth-id-rsa/evaltest.dat
new file mode 100644
index 000000000..1a054e865
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/evaltest.dat
@@ -0,0 +1,19 @@
+carol::ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+dave:: ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..5b46d7524
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	xauth_identity=carol
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..29492b5f9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..04916a941
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	xauth_identity=dave
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..8cf7db530
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..fcd98ac34
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..fef50218a
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/posttest.dat b/testing/tests/ikev1-p-p/xauth-id-rsa/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/pretest.dat b/testing/tests/ikev1-p-p/xauth-id-rsa/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/xauth-id-rsa/test.conf b/testing/tests/ikev1-p-p/xauth-id-rsa/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-id-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/xauth-psk/description.txt b/testing/tests/ikev1-p-p/xauth-psk/description.txt
new file mode 100644
index 000000000..0ac2043c2
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/description.txt
@@ -0,0 +1,9 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/xauth-psk/evaltest.dat b/testing/tests/ikev1-p-p/xauth-psk/evaltest.dat
new file mode 100644
index 000000000..9c49f6e8d
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/evaltest.dat
@@ -0,0 +1,19 @@
+carol::ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+dave:: ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
+moon:: cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..1c7d7002e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_CAROL
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..a899783bd
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..58cc78ee8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..782c160c9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+
+conn home
+	left=PH_IP_DAVE
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c8506152
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..58cc78ee8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..595e6588c
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthpsk
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftid=moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..ae45ea03e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org %any : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..58cc78ee8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-psk/posttest.dat b/testing/tests/ikev1-p-p/xauth-psk/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/xauth-psk/pretest.dat b/testing/tests/ikev1-p-p/xauth-psk/pretest.dat
new file mode 100644
index 000000000..95a6be131
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/xauth-psk/test.conf b/testing/tests/ikev1-p-p/xauth-psk/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-psk/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/description.txt b/testing/tests/ikev1-p-p/xauth-rsa-config/description.txt
new file mode 100644
index 000000000..1ada58fbe
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next both <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the
+<b>leftsourceip=%config</b> parameter.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/evaltest.dat b/testing/tests/ikev1-p-p/xauth-rsa-config/evaltest.dat
new file mode 100644
index 000000000..a05bd9ea9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/evaltest.dat
@@ -0,0 +1,24 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::carol.*extended authentication was successful::YES
+moon:: cat /var/log/auth.log::dave.*extended authentication was successful::YES
+moon:: cat /var/log/auth.log::rw-carol.*assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/auth.log::rw-dave.*assigning virtual IP 10.3.0.2 to peer::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..89bc7a416
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..4a77c3b97
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..5caf0a10b
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c0248b84
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..4a0022caa
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,30 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug="control"
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
+
+conn rw-carol
+	rightid=carol@strongswan.org
+	rightsourceip=PH_IP_CAROL1
+
+conn rw-dave
+	rightid=dave@strongswan.org
+	rightsourceip=PH_IP_DAVE1
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..1ba66971a
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/posttest.dat b/testing/tests/ikev1-p-p/xauth-rsa-config/posttest.dat
new file mode 100644
index 000000000..f90d222b5
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/posttest.dat
@@ -0,0 +1,8 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/pretest.dat b/testing/tests/ikev1-p-p/xauth-rsa-config/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/xauth-rsa-config/test.conf b/testing/tests/ikev1-p-p/xauth-rsa-config/test.conf
new file mode 100644
index 000000000..75510b295
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa-config/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/description.txt b/testing/tests/ikev1-p-p/xauth-rsa/description.txt
new file mode 100644
index 000000000..a9b76b618
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names equal to the <b>IKEv1 identity</b> (<b>carol@strongswan.org</b> and
+<b>dave@strongswan.org</b>, respectively) and corresponding user passwords defined and
+stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/evaltest.dat b/testing/tests/ikev1-p-p/xauth-rsa/evaltest.dat
new file mode 100644
index 000000000..3ddfea4ac
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/evaltest.dat
@@ -0,0 +1,19 @@
+carol::ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+dave:: ipsec status 2> /dev/null::STATE_XAUTH_I2.*sent XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol@strongswan.org::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave@strongswan.org::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644
index 000000000..fc37f75e9
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..4a77c3b97
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644
index 000000000..30ba81850
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644
index 000000000..1c0248b84
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644
index 000000000..fcd98ac34
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutodebug=control
+	crlcheckinterval=180
+	charonstart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=xauthrsasig
+	xauth=server
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..1ba66971a
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dcea6ea09
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/posttest.dat b/testing/tests/ikev1-p-p/xauth-rsa/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/pretest.dat b/testing/tests/ikev1-p-p/xauth-rsa/pretest.dat
new file mode 100644
index 000000000..78e2d57f8
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-p/xauth-rsa/test.conf b/testing/tests/ikev1-p-p/xauth-rsa/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1-p-p/xauth-rsa/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"