diff options
11 files changed, 16 insertions, 21 deletions
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt b/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt index 9abe6298c..191011747 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt @@ -2,8 +2,8 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b> The authentication is based on Pre-Shared Keys (<b>PSK</b>) followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b> based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a -<b>virtual IP</b> via the IKE Mode Config protocol by using the -<b>leftsourceip=%modeconfig</b> parameter. +<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%modeconfig</b> +parameter. The virtual IP addresses are registered under the users' XAUTH identity. <p> Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat b/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat index 15dd054a0..4552cfe61 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat @@ -1,11 +1,9 @@ carol::cat /var/log/auth.log::extended authentication was successful::YES dave::cat /var/log/auth.log::extended authentication was successful::YES -moon::cat /var/log/auth.log::carol.*extended authentication was successful::YES -moon::cat /var/log/auth.log::dave.*extended authentication was successful::YES +moon::ipsec leases rw 10.3.0.1::carol::YES +moon::ipsec leases rw 10.3.0.2::dave::YES carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES -moon::ipsec status::dave.*STATE_QUICK_R2.*IPsec SA established::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf index 747f4b6bf..aa0ae1289 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf @@ -21,4 +21,5 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + xauth_identity=carol auto=add diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets index d2bba2f4c..e5adf3e8e 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets @@ -6,4 +6,4 @@ carol@strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21 carol@strongswan.org @sun.strongswan.org : PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5 -: XAUTH carol "4iChxLT3" +carol : XAUTH "4iChxLT3" diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf index 85e5f1aee..dbd431cc2 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp random + load = sha1 sha2 md5 aes des hmac gmp random xauth } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf index 0193c0512..0243f5afb 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf @@ -21,4 +21,5 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + xauth_identity=dave auto=add diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets index 0690d9cde..25e8c2796 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets @@ -2,4 +2,4 @@ : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL -: XAUTH dave "ryftzG4A" +dave : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf index 85e5f1aee..dbd431cc2 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp random + load = sha1 sha2 md5 aes des hmac gmp random xauth } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf index 98598b04c..4206f8916 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf @@ -13,17 +13,12 @@ conn %default keyingtries=1 authby=xauthpsk xauth=server + +conn rw left=PH_IP_MOON leftid=@moon.strongswan.org leftsubnet=10.1.0.0/16 leftfirewall=yes right=%any + rightsourceip=10.3.0.0/24 auto=add - -conn carol - rightid=carol@strongswan.org - rightsourceip=PH_IP_CAROL1 - -conn dave - rightid=dave@strongswan.org - rightsourceip=PH_IP_DAVE1 diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets index 1ea69f998..20d8e0269 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets @@ -2,6 +2,6 @@ @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL -: XAUTH carol "4iChxLT3" +carol : XAUTH "4iChxLT3" -: XAUTH dave "ryftzG4A" +dave : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf index 85e5f1aee..dbd431cc2 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp random + load = sha1 sha2 md5 aes des hmac gmp random xauth } # pluto uses optimized DH exponent sizes (RFC 3526) |