diff options
Diffstat (limited to 'testing')
13 files changed, 131 insertions, 2 deletions
diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index 97390a610..41b1b46dc 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -149,12 +149,18 @@ if [ "$USE_EAP_SIM" = "yes" ] then echo -n " --enable-eap-sim" >> $INSTALLSHELL echo -n " --enable-eap-sim-file" >> $INSTALLSHELL - fi +fi if [ "$USE_EAP_MD5" = "yes" ] then echo -n " --enable-eap-md5" >> $INSTALLSHELL - fi +fi + +if [ "$USE_EAP_MSCHAPV2" = "yes" ] +then + echo -n " --enable-md4" >> $INSTALLSHELL + echo -n " --enable-eap-mschapv2" >> $INSTALLSHELL +fi if [ "$USE_EAP_IDENTITY" = "yes" ] then @@ -191,6 +197,11 @@ then echo -n " --enable-leak-detective" >> $INSTALLSHELL fi +if [ "$USE_LOAD_TESTS" = "yes" ] +then + echo -n " --enable-load-tests" >> $INSTALLSHELL +fi + echo "" >> $INSTALLSHELL echo "make" >> $INSTALLSHELL echo "make install" >> $INSTALLSHELL diff --git a/testing/testing.conf b/testing/testing.conf index dae3fc8e7..cbb28ad66 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -41,6 +41,7 @@ USE_LDAP="yes" USE_EAP_AKA="yes" USE_EAP_SIM="yes" USE_EAP_MD5="yes" +USE_EAP_MSCHAPV2="yes" USE_EAP_IDENTITY="yes" USE_SQL="yes" USE_MEDIATION="yes" diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt b/testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt new file mode 100644 index 000000000..df7041a97 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/description.txt @@ -0,0 +1,8 @@ +The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. +<b>carol</b> uses the <i>Extensible Authentication Protocol</i> +in association with the <i>Microsoft CHAP version 2</i> protocol +(<b>EAP-MSCHAPV2</b>) to authenticate against the gateway. This protocol is used +e.g. by the Windows 7 Agile VPN client. +In addition to her IKEv2 identity <b>PH_IP_CAROL</b>, roadwarrior <b>carol</b> +uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> +to authenticate itself against <b>carol</b>. diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat new file mode 100644 index 000000000..d8708d122 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/evaltest.dat @@ -0,0 +1,11 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::using EAP identity.*carol::YES +moon::cat /var/log/daemon.log::authentication of 'PH_IP_CAROL' with EAP successful::YES +moon::ipsec statusall::rw-eap.*ESTABLISHED::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES + + diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..ec09a3375 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + authby=eap + +conn home + left=PH_IP_CAROL + leftnexthop=%direct + leftfirewall=yes + eap_identity=carol + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..44ba3fa25 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +carol : EAP "Ar3etTnp01qlpOgb" diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..26ccc84ce --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md4 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmschapv2 eapidentity updown +} diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..57a89966a --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + authby=rsasig + eap=mschapv2 + eap_identity=%identity + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftcert=moonCert.pem + leftfirewall=yes + rightid=%any + rightsendcert=never + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..3868b62f4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,5 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem + +carol : EAP "Ar3etTnp01qlpOgb" diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..26ccc84ce --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md4 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink fips-prf eapmschapv2 eapidentity updown +} diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat b/testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat b/testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat new file mode 100644 index 000000000..ed5498bfe --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/pretest.dat @@ -0,0 +1,7 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf b/testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf new file mode 100644 index 000000000..2bd21499b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-mschapv2-rsa/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice carol moon" + +# Corresponding block diagram +# +DIAGRAM="a-m-c.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" |