aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat6
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat6
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy1
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat8
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy1
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat6
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat10
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config2
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config2
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy1
-rw-r--r--testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config2
11 files changed, 29 insertions, 16 deletions
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat
index a02755148..f7d78d1ca 100644
--- a/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat
@@ -6,9 +6,11 @@ dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat
index f1753c208..e3c482441 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat
@@ -5,8 +5,10 @@ carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/3
dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Denied'::YES
dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'no access'::YES
moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy
new file mode 100644
index 000000000..573541ac9
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy
@@ -0,0 +1 @@
+0
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat
index bbc0603b6..c871bb6da 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat
@@ -6,9 +6,11 @@ dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YE
dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy
new file mode 100644
index 000000000..573541ac9
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy
@@ -0,0 +1 @@
+0
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat
index 737c9b9ef..d334a9b97 100644
--- a/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat
@@ -6,9 +6,11 @@ dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YE
dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat
index 2c7a2dbd7..593ac4505 100644
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat
+++ b/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat
@@ -8,14 +8,16 @@ dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP
dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
moon::cat /var/log/daemon.log::TNCCS 1.1 protocol detected dynamically::YES
moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 1::YES
-moon::cat /var/log/daemon.log::Final recommendation is 'allow' and evaluation is 'compliant'::YES
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::final recommendation is 'allow' and evaluation is 'compliant'::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
moon::cat /var/log/daemon.log::removed TNCCS Connection ID 1::YES
moon::cat /var/log/daemon.log::TNCCS 2.0 protocol detected dynamically::YES
moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 2::YES
-moon::cat /var/log/daemon.log::Final recommendation is 'isolate' and evaluation is 'non-compliant minor'::YES
-moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon::cat /var/log/daemon.log::final recommendation is 'isolate' and evaluation is 'non-compliant minor'::YES
+moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
+moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon::cat /var/log/daemon.log::removed TNCCS Connection ID 2::YES
moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config
index 3797993fa..d2fabe109 100644
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config
+++ b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config
@@ -1,4 +1,4 @@
#IMC configuration file for strongSwan client
IMC "Dummy" /usr/local/lib/libdummyimc.so
-IMC "HostScanner" /usr/local/lib/libhostscannerimc.so
+#IMC "HostScanner" /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config
index 3797993fa..d2fabe109 100644
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config
+++ b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config
@@ -1,4 +1,4 @@
#IMC configuration file for strongSwan client
IMC "Dummy" /usr/local/lib/libdummyimc.so
-IMC "HostScanner" /usr/local/lib/libhostscannerimc.so
+#IMC "HostScanner" /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy
new file mode 100644
index 000000000..d00491fd7
--- /dev/null
+++ b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy
@@ -0,0 +1 @@
+1
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config
index 67896d543..140caa98f 100644
--- a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config
+++ b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config
@@ -1,4 +1,4 @@
#IMV configuration file for strongSwan server
IMV "Dummy" /usr/local/lib/libdummyimv.so
-IMV "HostScanner" /usr/local/lib/libhostscannerimv.so
+#IMV "HostScanner" /usr/local/lib/libhostscannerimv.so
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 18:13:44 +0000