diff options
28 files changed, 9 insertions, 182 deletions
diff --git a/testing/tests/ikev1/xauth-id-rsa/description.txt b/testing/tests/ikev1/xauth-id-rsa-config/description.txt index 9483c8f39..feb154d49 100644 --- a/testing/tests/ikev1/xauth-id-rsa/description.txt +++ b/testing/tests/ikev1/xauth-id-rsa-config/description.txt @@ -3,6 +3,8 @@ The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certif followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b> based on user names defined by the <b>xauth_identity</b> parameter (<b>carol</b> and <b>dave</b>, respectively) and corresponding user passwords defined and stored in ipsec.secrets. +Next both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config +protocol by using the <b>leftsourceip=%config</b> parameter. <p> Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/ikev1/xauth-rsa-config/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat index e3b4edeeb..198dd3782 100644 --- a/testing/tests/ikev1/xauth-rsa-config/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat @@ -6,10 +6,10 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES -moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES -moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES -moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES -moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES +moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES +moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES +moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YES +moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.conf index 6e06e541d..ddb043278 100644 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.conf @@ -11,14 +11,15 @@ conn %default conn home left=PH_IP_CAROL + leftsourceip=%config leftcert=carolCert.pem leftid=carol@strongswan.org leftauth=pubkey leftauth2=xauth leftfirewall=yes + xauth_identity=carol right=PH_IP_MOON rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org rightauth=pubkey - xauth_identity=carol auto=add diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.secrets index 29492b5f9..29492b5f9 100644 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.secrets diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf index 5cd9bf11e..5cd9bf11e 100644 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.conf index 8c6de9a3a..69950dc6d 100644 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftauth=pubkey leftauth2=xauth leftfirewall=yes + xauth_identity=dave right=PH_IP_MOON rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.secrets index 8cf7db530..8cf7db530 100644 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.secrets diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf index 5cd9bf11e..5cd9bf11e 100644 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.conf index d9fcc27c4..d9fcc27c4 100644 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.conf diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.secrets index fef50218a..fef50218a 100644 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.secrets diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf index 5cd9bf11e..5cd9bf11e 100644 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf diff --git a/testing/tests/ikev1/xauth-id-rsa/posttest.dat b/testing/tests/ikev1/xauth-id-rsa-config/posttest.dat index 7cebd7f25..7cebd7f25 100644 --- a/testing/tests/ikev1/xauth-id-rsa/posttest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-config/posttest.dat diff --git a/testing/tests/ikev1/xauth-id-rsa/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat index 78e2d57f8..78e2d57f8 100644 --- a/testing/tests/ikev1/xauth-id-rsa/pretest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat diff --git a/testing/tests/ikev1/xauth-id-rsa/test.conf b/testing/tests/ikev1/xauth-id-rsa-config/test.conf index 70416826e..70416826e 100644 --- a/testing/tests/ikev1/xauth-id-rsa/test.conf +++ b/testing/tests/ikev1/xauth-id-rsa-config/test.conf diff --git a/testing/tests/ikev1/xauth-id-rsa/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa/evaltest.dat deleted file mode 100644 index 5b021a09a..000000000 --- a/testing/tests/ikev1/xauth-id-rsa/evaltest.dat +++ /dev/null @@ -1,16 +0,0 @@ -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES -moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES -moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES -carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES -moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES -moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf deleted file mode 100644 index 9c4d0f430..000000000 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - -conn home - left=PH_IP_DAVE - leftcert=daveCert.pem - leftid=dave@strongswan.org - leftauth=pubkey - leftauth2=xauth - leftfirewall=yes - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - rightauth=pubkey - xauth_identity=dave - auto=add diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 3c6944910..000000000 --- a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - -conn rw - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftsubnet=10.1.0.0/16 - leftauth=pubkey - leftfirewall=yes - right=%any - rightauth=pubkey - rightauth2=xauth - auto=add diff --git a/testing/tests/ikev1/xauth-rsa-config/description.txt b/testing/tests/ikev1/xauth-rsa-config/description.txt deleted file mode 100644 index 1ada58fbe..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/description.txt +++ /dev/null @@ -1,11 +0,0 @@ -The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>. -The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates -followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b> -based on user names and passwords. Next both <b>carol</b> and <b>dave</b> request a -<b>virtual IP</b> via the IKE Mode Config protocol by using the -<b>leftsourceip=%config</b> parameter. -<p> -Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically -inserts iptables-based firewall rules that let pass the tunneled traffic. -In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client -<b>alice</b> behind the gateway <b>moon</b>. diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf deleted file mode 100644 index 0eab240cd..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - -conn home - left=PH_IP_CAROL - leftsourceip=%config - leftcert=carolCert.pem - leftid=carol@strongswan.org - leftauth=pubkey - leftauth2=xauth - leftfirewall=yes - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - rightauth=pubkey - auto=add diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets deleted file mode 100644 index 4a77c3b97..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA carolKey.pem "nH5ZQEWtku0RJEZ6" - -carol@strongswan.org : XAUTH "4iChxLT3" diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 5cd9bf11e..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no -} diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets deleted file mode 100644 index 1c0248b84..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA daveKey.pem - -dave@strongswan.org : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf deleted file mode 100644 index 5cd9bf11e..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no -} diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets deleted file mode 100644 index 1ba66971a..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets +++ /dev/null @@ -1,7 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA moonKey.pem - -carol@strongswan.org : XAUTH "4iChxLT3" - -dave@strongswan.org : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 5cd9bf11e..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no -} diff --git a/testing/tests/ikev1/xauth-rsa-config/posttest.dat b/testing/tests/ikev1/xauth-rsa-config/posttest.dat deleted file mode 100644 index 7cebd7f25..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -moon::ipsec stop -carol::ipsec stop -dave::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null -dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/xauth-rsa-config/pretest.dat b/testing/tests/ikev1/xauth-rsa-config/pretest.dat deleted file mode 100644 index 78e2d57f8..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/pretest.dat +++ /dev/null @@ -1,9 +0,0 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -dave::/etc/init.d/iptables start 2> /dev/null -moon::ipsec start -carol::ipsec start -dave::ipsec start -carol::sleep 2 -carol::ipsec up home -dave::ipsec up home diff --git a/testing/tests/ikev1/xauth-rsa-config/test.conf b/testing/tests/ikev1/xauth-rsa-config/test.conf deleted file mode 100644 index 70416826e..000000000 --- a/testing/tests/ikev1/xauth-rsa-config/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-m-c-w-d.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" |