diff options
Diffstat (limited to 'testing/tests/tnc/tnccs-11-supplicant')
14 files changed, 10 insertions, 87 deletions
diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/strongswan.conf index 45050f7e1..7622801ab 100644 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-supplicant/hosts/alice/etc/strongswan.conf @@ -1,6 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file libimcv { + load = random nonce sha1 sha2 md5 gmp pubkey x509 debug_level = 3 assessment_result = no plugins { diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/ipsec.conf deleted file mode 100644 index f24455975..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/ipsec.secrets deleted file mode 100644 index ddd495699..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/ipsec.secrets +++ /dev/null @@ -1 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/strongswan.conf index 71fbae695..965752b5e 100644 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/strongswan.conf @@ -1,6 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file libimcv { + load = random nonce sha1 sha2 md5 gmp pubkey x509 debug_level = 3 plugins { imc-test { diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..00ef0f516 --- /dev/null +++ b/testing/tests/tnc/tnccs-11-supplicant/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# The strongSwan IMCs are loaded by the WPA supplicant diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/ipsec.conf deleted file mode 100644 index f24455975..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/ipsec.conf +++ /dev/null @@ -1 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/ipsec.secrets deleted file mode 100644 index ddd495699..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/ipsec.secrets +++ /dev/null @@ -1 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/strongswan.conf index 4ce2769f2..ca1f7d9a5 100644 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/strongswan.conf +++ b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/strongswan.conf @@ -1,6 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file libimcv { + load = random nonce sha1 sha2 md5 gmp pubkey x509 debug_level = 3 plugins { imc-test { diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/swanctl/swanctl.conf new file mode 100644 index 000000000..00ef0f516 --- /dev/null +++ b/testing/tests/tnc/tnccs-11-supplicant/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1 @@ +# The strongSwan IMCs are loaded by the WPA supplicant diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 294964fe7..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,33 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn rw-allow - rightgroups=allow - leftsubnet=10.1.0.0/28 - also=rw-eap - auto=add - -conn rw-isolate - rightgroups=isolate - leftsubnet=10.1.0.16/28 - also=rw-eap - auto=add - -conn rw-eap - left=PH_IP_MOON - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftauth=pubkey - leftfirewall=yes - rightauth=eap-radius - rightid=*@strongswan.org - rightsendcert=never - right=%any diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/ipsec.secrets deleted file mode 100644 index e86d6aa5c..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA moonKey.pem diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/iptables.rules deleted file mode 100644 index 1eb755354..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,32 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -# allow RADIUS protocol with alice --A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT --A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT - -COMMIT diff --git a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 6e49677e4..000000000 --- a/testing/tests/tnc/tnccs-11-supplicant/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,13 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown - multiple_authentication=no - plugins { - eap-radius { - secret = gv6URkSs - server = PH_IP_ALICE - filter_id = yes - } - } -} diff --git a/testing/tests/tnc/tnccs-11-supplicant/test.conf b/testing/tests/tnc/tnccs-11-supplicant/test.conf index f23a19329..2069e4aa5 100644 --- a/testing/tests/tnc/tnccs-11-supplicant/test.conf +++ b/testing/tests/tnc/tnccs-11-supplicant/test.conf @@ -13,14 +13,17 @@ DIAGRAM="a-v-m-c-w-d.png" # Guest instances on which tcpdump is to be started # -TCPDUMPHOSTS="moon" +TCPDUMPHOSTS= # Guest instances on which IPsec is started # Used for IPsec logging purposes # -IPSECHOSTS="moon carol dave" +IPSECHOSTS="carol dave" # Guest instances on which FreeRadius is started # RADIUSHOSTS="alice" +# charon controlled by swanctl +# +SWANCTL=1 |