diff options
Diffstat (limited to 'testing/tests')
14 files changed, 0 insertions, 214 deletions
diff --git a/testing/tests/ikev2/dynamic-responder/description.txt b/testing/tests/ikev2/dynamic-responder/description.txt deleted file mode 100644 index 881d3324c..000000000 --- a/testing/tests/ikev2/dynamic-responder/description.txt +++ /dev/null @@ -1,13 +0,0 @@ -The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that the remote end -is defined symbolically by <b>right=<hostname></b>. The ipsec starter resolves the -fully-qualified hostname into the current IP address via a DNS lookup (simulated by an -/etc/hosts entry). Since the peer IP addresses are expected to change over time, the option -<b>rightallowany=yes</b> will allow an IKE_SA rekeying to arrive from an arbitrary -IP address under the condition that the peer identity remains unchanged. When this happens -the old tunnel is replaced by an IPsec connection to the new origin. -<p> -In this scenario <b>moon</b> first initiates a tunnel to <b>carol</b>. After some time -the responder <b>carol</b> suddenly changes her IP address and restarts the connection to -<b>moon</b> without deleting the old tunnel first (simulated by iptables blocking IKE packets -to and from <b>carol</b> and starting the connection from host <b>dave</b> using -<b>carol</b>'s identity). diff --git a/testing/tests/ikev2/dynamic-responder/evaltest.dat b/testing/tests/ikev2/dynamic-responder/evaltest.dat deleted file mode 100644 index 9d050ecde..000000000 --- a/testing/tests/ikev2/dynamic-responder/evaltest.dat +++ /dev/null @@ -1,10 +0,0 @@ -carol::ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES -dave:: ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES -carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES -dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES -moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES -moon:: cat /var/log/daemon.log::destroying duplicate IKE_SA for.*carol@strongswan.org.*received INITIAL_CONTACT::YES -moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES -alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/dynamic-responder/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dynamic-responder/hosts/carol/etc/ipsec.conf deleted file mode 100644 index 6fca045f6..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn moon - left=%any - leftsourceip=%config - leftcert=carolCert.pem - leftid=carol@strongswan.org - leftfirewall=yes - right=%moon.strongswan.org - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/ikev2/dynamic-responder/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dynamic-responder/hosts/carol/etc/strongswan.conf deleted file mode 100644 index bad10ca43..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no -} diff --git a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.conf deleted file mode 100644 index 6fca045f6..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn moon - left=%any - leftsourceip=%config - leftcert=carolCert.pem - leftid=carol@strongswan.org - leftfirewall=yes - right=%moon.strongswan.org - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add diff --git a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem deleted file mode 100644 index 6c41df9c7..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh -cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx -6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ -Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V -Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G -I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov -x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5 -tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL -MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz -d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u -b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul -GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7 -ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr -F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ -L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK -ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k -Rf5Z0GOR ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem deleted file mode 100644 index 41a139954..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429 - -mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq -i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH -jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx -m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce -pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq -J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf -dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB -h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC -/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY -EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV -pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe -sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz -kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk -gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja -OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53 -D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM -bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo -BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx -7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB -UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs -H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB -y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA -zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty -AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6 -nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J ------END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.secrets deleted file mode 100644 index 6a2aea811..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA carolKey.pem "nH5ZQEWtku0RJEZ6" diff --git a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/strongswan.conf deleted file mode 100644 index bad10ca43..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/dave/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no -} diff --git a/testing/tests/ikev2/dynamic-responder/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dynamic-responder/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 2e5f01a06..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn carol - left=%any - leftsubnet=10.1.0.0/16 - leftcert=moonCert.pem - leftid=@moon.strongswan.org - leftfirewall=yes - right=%carol.strongswan.org - rightid=carol@strongswan.org - rightsourceip=PH_IP_CAROL1 - auto=add diff --git a/testing/tests/ikev2/dynamic-responder/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dynamic-responder/hosts/moon/etc/strongswan.conf deleted file mode 100644 index bad10ca43..000000000 --- a/testing/tests/ikev2/dynamic-responder/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown -} - -libstrongswan { - dh_exponent_ansi_x9_42 = no -} diff --git a/testing/tests/ikev2/dynamic-responder/posttest.dat b/testing/tests/ikev2/dynamic-responder/posttest.dat deleted file mode 100644 index 4dbf3d4a4..000000000 --- a/testing/tests/ikev2/dynamic-responder/posttest.dat +++ /dev/null @@ -1,9 +0,0 @@ -dave::ipsec stop -carol::ipsec stop -dave::sleep 1 -moon::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null -dave::/etc/init.d/iptables stop 2> /dev/null -dave::rm /etc/ipsec.d/certs/* -dave::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev2/dynamic-responder/pretest.dat b/testing/tests/ikev2/dynamic-responder/pretest.dat deleted file mode 100644 index c0f166ff4..000000000 --- a/testing/tests/ikev2/dynamic-responder/pretest.dat +++ /dev/null @@ -1,13 +0,0 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -dave::/etc/init.d/iptables start 2> /dev/null -carol::ipsec start -dave::ipsec start -moon::ipsec start -moon::sleep 2 -moon::ipsec up carol -moon::sleep 1 -carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT -carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT -dave::ipsec up moon -dave::sleep 2 diff --git a/testing/tests/ikev2/dynamic-responder/test.conf b/testing/tests/ikev2/dynamic-responder/test.conf deleted file mode 100644 index 1a8f2a4e0..000000000 --- a/testing/tests/ikev2/dynamic-responder/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice moon carol winnetou dave" - -# Corresponding block diagram -# -DIAGRAM="a-m-c-w-d.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon alice" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol dave" |