aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/ikev1
Commit message (Collapse)AuthorAgeFilesLines
* testing: Configure logging via syslog in strongswan.confTobias Brunner2017-11-1516-27/+49
| | | | | Globally configure logging in strongswan.conf.testing and replace all charondebug statements with strongswan.conf settings.
* testing: make curve25519 the default DH groupAndreas Steffen2016-11-14171-299/+210
|
* mgf1: Refactored MGF1 as an XOFAndreas Steffen2016-09-215-5/+6
|
* testing: Add ikev1/net2net-esn scenarioTobias Brunner2016-06-299-0/+117
|
* testing: Add expect-connection calls for all tests and hostsTobias Brunner2016-06-1618-0/+23
| | | | There are some exceptions (e.g. those that use auto=start or p2pnat).
* testing: Update test scenarios for Debian jessieTobias Brunner2016-06-1649-84/+84
| | | | | | | The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t.
* testing: Fix scenarios that check /etc/resolv.confTobias Brunner2016-06-132-4/+4
|
* testing: wait until connections are loadedAndreas Steffen2016-05-1537-26/+61
|
* testing: attr-sql is a charon plugin5.4.0dr8Andreas Steffen2016-03-051-2/+0
|
* libhydra: Remove empty unused libraryTobias Brunner2016-03-031-1/+1
|
* ikev1: Log successful authentication with signature schemeThomas Egerer2016-02-012-2/+2
| | | | | | Output is now identical to that of the IKEv2 pubkey authenticator. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAsTobias Brunner2015-12-214-8/+8
|
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-143-6/+6
|
* testing: Fixed another timing issueAndreas Steffen2015-11-131-1/+1
|
* testing: Fixed some more timing issuesAndreas Steffen2015-11-107-6/+7
|
* testing: Reduce runtime of all tests that use SQLite databases by storing ↵Tobias Brunner2015-11-094-4/+7
| | | | them in ramfs
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-0960-80/+91
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
* testing: Adapt tests to retransmission settings and reduce DPD delay/timeoutTobias Brunner2015-11-097-16/+12
|
* testing: Updated environment variable documentation in updown scriptsTobias Brunner2015-08-311-1/+9
|
* testing: Updated carol's certificate from research CA and dave's certificate ↵5.3.1dr1Andreas Steffen2015-04-2612-249/+249
| | | | from sales CA
* testing: Don't check for exact IKEv1 fragment sizeMartin Willi2015-03-101-2/+2
| | | | | Similar to 7a9c0d51, the exact packet size depends on many factors we don't want to consider in this test case.
* testing: Update modified updown scripts to the latest templateTobias Brunner2015-03-061-43/+50
| | | | | This avoids confusion and makes identifying the changes needed for each scenario easier.
* testing: Be a little more flexible in testing for established CHILD_SA modesMartin Willi2015-02-203-8/+8
| | | | | As we now print the reqid parameter in the CHILD_SA details, adapt the grep to still match the CHILD_SA mode and protocol.
* Increased check size du to INITIAL_CONTACT notifyAndreas Steffen2014-11-291-1/+1
|
* testing: Update ikev1/net2net-fragmentation scenarioTobias Brunner2014-10-101-2/+2
|
* testing: Update carols certificate in several test casesTobias Brunner2014-10-034-86/+86
|
* configure: Load fetcher plugins after crypto base pluginsMartin Willi2014-09-24100-101/+101
| | | | | | | | | | Some fetcher plugins (such as curl) might build upon OpenSSL to implement HTTPS fetching. As we set (and can't unset) threading callbacks in our openssl plugin, we must ensure that OpenSSL functions don't get called after openssl plugin unloading. We achieve that by loading curl and all other fetcher plugins after the base crypto plugins, including openssl.
* testing: Run 'conntrack -F' before all test scenariosTobias Brunner2014-04-025-8/+1
| | | | This prevents failures due to remaining conntrack entries.
* Merged libstrongswan options into charon sectionAndreas Steffen2014-03-1546-95/+16
|
* strongswan.conf is not needed on RADIUS server aliceAndreas Steffen2014-03-152-0/+2
|
* testing: Use installed SQL schema instead of local copyTobias Brunner2014-02-121-2/+2
|
* Fixed description of ikev1/rw-ntru-psk scenarioAndreas Steffen2014-02-121-1/+1
|
* Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenariosAndreas Steffen2014-02-1223-0/+302
|
* testing: Add an IKEv1 host2host AH transport mode test caseMartin Willi2013-10-119-0/+89
|
* testing: Add an IKEv1 net2net AH test caseMartin Willi2013-10-119-0/+102
|
* Added ikev1/config-payload-push scenarioAndreas Steffen2013-09-0711-0/+161
|
* testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radiusMartin Willi2013-07-291-1/+1
| | | | | As eap-radius now provides its own XAuth backend and eap-radius is loaded before xauth-eap, we have to enforce the exact XAuth backend to use.
* testing: add a testcase for plain XAuth RADIUS authenticationMartin Willi2013-07-2916-0/+209
|
* Added charon.initiator_only option which causes charon to ignore IKE ↵Andreas Steffen2013-04-1411-0/+132
| | | | initiation requests by peers
* added ikev1/net2net-fragmentation scenario5.0.3dr1Andreas Steffen2013-02-129-0/+122
|
* Updated comments in test.conf of all testsTobias Brunner2013-01-1748-145/+145
|
* Renamed $UMLHOSTS to $VIRTHOSTSTobias Brunner2013-01-1748-96/+96
|
* No need to enable ip_forward in pretest filesReto Buerki2013-01-179-12/+0
| | | | It is enabled by default now.
* added ikev1/nat-virtual-ip scenarioAndreas Steffen2013-01-1711-0/+328
|
* converted all ikev1 iptables scenariosAndreas Steffen2013-01-1779-270/+290
|
* Adapt test configurationsReto Buerki2013-01-1752-224/+91
| | | | Adapt test configurations to the new Debian-based system.
* do not enable integrity and crypto tests in ikev1/rw-cert-unity scenarioAndreas Steffen2012-09-212-8/+0
|
* Add a simple test case for the unity plugin, featuring both includes and ↵Martin Willi2012-09-189-0/+113
| | | | excludes
* ikev1 hybrid authentication does not need client certificatesAndreas Steffen2012-09-124-6/+0
|
* adapted ip-pool evaltestsAndreas Steffen2012-09-101-3/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 05:21:48 +0000