aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/tnc/tnccs-11-radius-pts/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/tnc/tnccs-11-radius-pts/hosts')
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.conf23
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf23
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.conf23
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.secrets3
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf27
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/swanctl/swanctl.conf35
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.conf33
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.secrets3
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf10
-rw-r--r--testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/swanctl/swanctl.conf53
12 files changed, 159 insertions, 112 deletions
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index e9152e0d8..000000000
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- charondebug="tnc 3, imc 3"
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn home
- left=PH_IP_CAROL
- leftid=carol@strongswan.org
- leftauth=eap
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- rightauth=pubkey
- aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
- auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 74942afda..000000000
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
index 3520fd5c8..978cc6659 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/strongswan.conf
@@ -1,21 +1,26 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-1.1
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ tnc = 3
+ imc = 3
}
}
-}
-
-libimcv {
plugins {
- imc-test {
- command = allow
+ eap-tnc {
+ protocol = tnccs-1.1
}
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..1516ad726
--- /dev/null
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = eap
+ aaa_id = aaa.strongswan.org
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-ecp256
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+secrets {
+
+ eap {
+ id = carol@strongswan.org
+ secret = "Ar3etTnp"
+ }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 25589bcf1..000000000
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- charondebug="tnc 3, imc 3"
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn home
- left=PH_IP_DAVE
- leftid=dave@strongswan.org
- leftauth=eap
- leftfirewall=yes
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- rightauth=pubkey
- aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
- auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index 5496df7ad..000000000
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
index e8706082e..0bc6e3525 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/strongswan.conf
@@ -1,26 +1,27 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = openssl curl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = random nonce openssl pem pkcs1 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
-
retransmit_tries = 5
- plugins {
- eap-tnc {
- protocol = tnccs-1.1
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
+ syslog {
+ auth {
+ default = 0
+ }
+ daemon {
+ tnc = 3
+ imc = 3
}
}
-}
-
-libimcv {
plugins {
- imc-test {
- command = allow
- }
- imc-scanner {
- push_info = no
+ eap-tnc {
+ protocol = tnccs-1.1
}
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..07b35dcb9
--- /dev/null
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = eap
+ aaa_id = aaa.strongswan.org
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-ecp256
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+secrets {
+
+ eap {
+ id = dave@strongswan.org
+ secret = "W7R0g3do"
+ }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 294964fe7..000000000
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
-
-conn rw-allow
- rightgroups=allow
- leftsubnet=10.1.0.0/28
- also=rw-eap
- auto=add
-
-conn rw-isolate
- rightgroups=isolate
- leftsubnet=10.1.0.16/28
- also=rw-eap
- auto=add
-
-conn rw-eap
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftauth=pubkey
- leftfirewall=yes
- rightauth=eap-radius
- rightid=*@strongswan.org
- rightsendcert=never
- right=%any
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index e86d6aa5c..000000000
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
index 6e49677e4..387236ebc 100644
--- a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/strongswan.conf
@@ -1,12 +1,18 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = random nonce openssl pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-radius updown
+
multiple_authentication=no
+
+ start-scripts {
+ creds = /usr/local/sbin/swanctl --load-creds
+ conns = /usr/local/sbin/swanctl --load-conns
+ }
plugins {
eap-radius {
secret = gv6URkSs
- server = PH_IP_ALICE
+ server = 10.1.0.10
filter_id = yes
}
}
diff --git a/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100644
index 000000000..096eb7b5a
--- /dev/null
+++ b/testing/tests/tnc/tnccs-11-radius-pts/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,53 @@
+connections {
+
+ rw-allow {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ id = moon.strongswan.org
+ certs = moonCert.pem
+ }
+ remote {
+ auth = eap-radius
+ id = *@strongswan.org
+ groups = allow
+ }
+ children {
+ rw-allow {
+ local_ts = 10.1.0.0/28
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-ecp256
+ }
+ }
+ version = 2
+ send_certreq = no
+ proposals = aes128-sha256-ecp256
+ }
+
+ rw-isolate {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = eap-radius
+ id = *@strongswan.org
+ groups = isolate
+ }
+ children {
+ rw-isolate {
+ local_ts = 10.1.0.16/28
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm16-ecp256
+ }
+ }
+ version = 2
+ send_certreq = no
+ proposals = aes128-sha256-ecp256
+ }
+}