aboutsummaryrefslogtreecommitdiffstats
path: root/testing
diff options
context:
space:
mode:
Diffstat (limited to 'testing')
-rw-r--r--testing/tests/libipsec/net2net-3des/evaltest.dat10
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf24
-rw-r--r--testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf17
-rwxr-xr-xtesting/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf29
-rw-r--r--testing/tests/libipsec/net2net-3des/posttest.dat5
-rw-r--r--testing/tests/libipsec/net2net-3des/pretest.dat10
-rw-r--r--testing/tests/libipsec/net2net-3des/test.conf4
10 files changed, 102 insertions, 67 deletions
diff --git a/testing/tests/libipsec/net2net-3des/evaltest.dat b/testing/tests/libipsec/net2net-3des/evaltest.dat
index 9365a8f44..36c0ee781 100644
--- a/testing/tests/libipsec/net2net-3des/evaltest.dat
+++ b/testing/tests/libipsec/net2net-3des/evaltest.dat
@@ -1,11 +1,5 @@
-moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
-sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
-moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-moon::ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
-sun:: ipsec statusall 2> /dev/null::net-net\[1].*3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
-moon::ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
-sun:: ipsec statusall 2> /dev/null::net-net[{]1}.*3DES_CBC/HMAC_SHA1_96::YES
+moon:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
+sun::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org.*nat-remote=yes nat-any=yes encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96 prf-alg=PRF_HMAC_SHA1 dh-group=MODP_2048.*child-sas.*net-net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP encap=yes.*encr-alg=3DES_CBC integ-alg=HMAC_SHA1_96.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES]
sun::tcpdump::IP moon.strongswan.org.\(4500\|ipsec-nat-t\) > sun.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
sun::tcpdump::IP sun.strongswan.org.\(4500\|ipsec-nat-t\) > moon.strongswan.org.\(4500\|ipsec-nat-t\): UDP-encap: ESP::YES
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 141b4a3ed..000000000
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp2048!
- esp=3des-sha1-modp2048!
- mobike=no
-
-conn net-net
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftsubnet=10.1.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_SUN
- rightid=@sun.strongswan.org
- rightsubnet=10.2.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
index 467da3ac9..9cee7d91e 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,19 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..fe2a4dd75
--- /dev/null
+++ b/testing/tests/libipsec/net2net-3des/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.1
+ remote_addrs = 192.168.0.2
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = sun.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.1.0.0/16
+ remote_ts = 10.2.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = 3des-sha1-modp2048
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = 3des-sha1-modp2048
+ }
+}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
deleted file mode 100644
index 0108a04a3..000000000
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- ike=3des-sha1-modp2048!
- esp=3des-sha1-modp2048!
- mobike=no
-
-conn net-net
- left=PH_IP_SUN
- leftcert=sunCert.pem
- leftid=@sun.strongswan.org
- leftsubnet=10.2.0.0/16
- leftupdown=/etc/updown
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
- rightsubnet=10.1.0.0/16
- auto=add
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
index 467da3ac9..9cee7d91e 100644
--- a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,19 @@
# /etc/strongswan.conf - strongSwan configuration file
-charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-libipsec kernel-netlink socket-default updown
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+
+ syslog {
+ daemon {
+ default = 1
+ }
+ auth {
+ default = 0
+ }
+ }
multiple_authentication = no
}
diff --git a/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..54c35b3e1
--- /dev/null
+++ b/testing/tests/libipsec/net2net-3des/hosts/sun/etc/swanctl/swanctl.conf
@@ -0,0 +1,29 @@
+connections {
+
+ gw-gw {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ net-net {
+ local_ts = 10.2.0.0/16
+ remote_ts = 10.1.0.0/16
+
+ updown = /etc/updown
+ esp_proposals = 3des-sha1-modp2048
+ }
+ }
+ version = 2
+ mobike = no
+ proposals = 3des-sha1-modp2048
+ }
+}
diff --git a/testing/tests/libipsec/net2net-3des/posttest.dat b/testing/tests/libipsec/net2net-3des/posttest.dat
index 1f7aa73a1..755f0e5f8 100644
--- a/testing/tests/libipsec/net2net-3des/posttest.dat
+++ b/testing/tests/libipsec/net2net-3des/posttest.dat
@@ -1,4 +1,5 @@
-moon::ipsec stop
-sun::ipsec stop
+moon::swanctl --terminate --ike gw-gw 2> /dev/null
+moon::systemctl stop strongswan-swanctl
+sun::systemctl stop strongswan-swanctl
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/libipsec/net2net-3des/pretest.dat b/testing/tests/libipsec/net2net-3des/pretest.dat
index bcc2cb04d..9440ddab0 100644
--- a/testing/tests/libipsec/net2net-3des/pretest.dat
+++ b/testing/tests/libipsec/net2net-3des/pretest.dat
@@ -1,7 +1,7 @@
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
-sun::ipsec start
-moon::ipsec start
-sun::expect-connection net-net
-moon::expect-connection net-net
-moon::ipsec up net-net
+moon::systemctl start strongswan-swanctl
+sun::systemctl start strongswan-swanctl
+moon::expect-connection gw-gw
+sun::expect-connection gw-gw
+moon::swanctl --initiate --child net-net 2> /dev/null
diff --git a/testing/tests/libipsec/net2net-3des/test.conf b/testing/tests/libipsec/net2net-3des/test.conf
index 646b8b3e6..07a3b247a 100644
--- a/testing/tests/libipsec/net2net-3des/test.conf
+++ b/testing/tests/libipsec/net2net-3des/test.conf
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="sun"
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
+
+# charon controlled by swanctl
+#
+SWANCTL=1