aboutsummaryrefslogtreecommitdiffstats
path: root/testing/tests/ikev2
Commit message (Collapse)AuthorAgeFilesLines
* testing: attr-sql is a charon plugin5.4.0dr8Andreas Steffen2016-03-055-10/+0
|
* testing: Add ikev2/redirect-active scenarioTobias Brunner2016-03-0420-0/+322
|
* libhydra: Remove empty unused libraryTobias Brunner2016-03-035-5/+5
|
* testing: Increased ping interval in ikev2/trap-any scenarioAndreas Steffen2016-02-161-5/+5
|
* 128 bit default security strength requires 3072 bit prime DH groupAndreas Steffen2015-12-149-18/+18
|
* testing: Some more timing fixesAndreas Steffen2015-12-012-2/+2
|
* testing: Error messages of curl plugin have changed5.3.4rc1Andreas Steffen2015-11-133-4/+4
|
* testing: Fixed some more timing issuesAndreas Steffen2015-11-102-2/+2
|
* testing: Reduce runtime of all tests that use SQLite databases by storing ↵Tobias Brunner2015-11-0921-21/+35
| | | | them in ramfs
* testing: Fix test constraints in ikev2/rw-ntru-bliss scenarioTobias Brunner2015-11-091-4/+4
| | | | | Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemes").
* testing: Use sha3 plugin in ikev2/rw-cert scenarioAndreas Steffen2015-11-093-3/+3
|
* testing: Speed up OCSP scenariosTobias Brunner2015-11-093-4/+4
| | | | | Don't make clients wait for the TCP connections to timeout by dropping packets. By rejecting them the OCSP requests fail immediately.
* testing: Speed up ifdown calls in ikev2/mobike scenariosTobias Brunner2015-11-093-1/+13
| | | | | | ifdown calls bind's rndc, which tries to access TCP port 953 on lo. If these packets are dropped by the firewall we have to wait for the TCP connections to time out, which takes quite a while.
* testing: Avoid delays with ping by using -W and -i optionsTobias Brunner2015-11-0913-19/+19
| | | | | | With -W we reduce timeouts when we don't expect a response. With -i the interval between pings is reduced (mostly in case of auto=route where the first ping yields no reply).
* testing: Remove nearly all sleep calls from pretest and posttest scriptsTobias Brunner2015-11-09156-239/+244
| | | | | By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
* testing: Adapt tests to retransmission settings and reduce DPD delay/timeoutTobias Brunner2015-11-099-19/+15
|
* testing: BLISS CA uses SHA-3 in its CRLAndreas Steffen2015-11-036-3/+6
|
* testing: added ikev2/alg-chacha20poly1305 scenarioAndreas Steffen2015-09-019-0/+106
|
* testing: Updated environment variable documentation in updown scriptsTobias Brunner2015-08-314-4/+36
|
* testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+3
|
* testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenarioTobias Brunner2015-08-211-0/+4
|
* testing: Print triplets.dat files of clients in EAP-SIM scenariosTobias Brunner2015-08-214-0/+7
| | | | References #1078.
* testing: Add ikev2/trap-any scenarioTobias Brunner2015-08-1917-0/+181
|
* testing: Regenerated BLISS certificates due to oracle changesAndreas Steffen2015-07-276-0/+0
|
* testing: Updated loop ca certificatesAndreas Steffen2015-07-222-17/+17
|
* testing: Updated carol's certificate from research CA and dave's certificate ↵5.3.1dr1Andreas Steffen2015-04-2628-582/+582
| | | | from sales CA
* testing: Wait for DH crypto tests to completeAndreas Steffen2015-04-261-1/+1
|
* testing: Remove obsolete leftnexthop option from configsTobias Brunner2015-03-126-6/+0
|
* testing: Update modified updown scripts to the latest templateTobias Brunner2015-03-064-509/+229
| | | | | This avoids confusion and makes identifying the changes needed for each scenario easier.
* use SHA512 for moon's BLISS signatureAndreas Steffen2015-03-042-2/+3
|
* testing: Test classic public key authentication in ikev2/net2net-cert scenarioTobias Brunner2015-03-042-0/+2
|
* testing: Don't check for exact IKEv2 fragment sizeTobias Brunner2015-03-041-2/+2
| | | | | Because SHA-256 is now used for signatures the size of the two IKE_AUTH messages changed.
* testing: Update test conditions because signature schemes are now loggedTobias Brunner2015-03-0422-35/+35
| | | | | RFC 7427 signature authentication is now used between strongSwan hosts by default, which causes the actual signature schemes to get logged.
* testing: Add ikev2/rw-sig-auth scenarioTobias Brunner2015-03-0412-0/+180
|
* testing: Add ikev2/net2net-cert-sha2 scenarioTobias Brunner2015-03-049-0/+104
|
* Implemented improved BLISS-B signature algorithmAndreas Steffen2015-02-253-0/+0
|
* testing: Add a forecast test caseMartin Willi2015-02-2011-0/+152
|
* testing: Add a connmark plugin testMartin Willi2015-02-209-0/+109
| | | | | | | | | | In this test two hosts establish a transport mode connection from behind moon. sun uses the connmark plugin to distinguish the flows. This is an example that shows how one can terminate L2TP/IPsec connections from two hosts behind the same NAT. For simplification of the test, we use an SSH connection instead, but this works for any connection initiated flow that conntrack can track.
* testing: Update description and test evaluation of host2host-transport-natMartin Willi2015-02-203-9/+8
| | | | | | | | As we now reuse the reqid for identical SAs, the behavior changes for transport connections to multiple peers behind the same NAT. Instead of rejecting the SA, we now have two valid SAs active. For the reverse path, however, sun sends traffic always over the newer SA, resembling the behavior before we introduced explicit SA conflicts for different reqids.
* testing: Be a little more flexible in testing for established CHILD_SA modesMartin Willi2015-02-205-13/+13
| | | | | As we now print the reqid parameter in the CHILD_SA details, adapt the grep to still match the CHILD_SA mode and protocol.
* testing: Add a test scenario for make-before-break reauth using a virtual IPMartin Willi2015-02-209-0/+100
|
* testing: Add a test scenario for make-before-break reauth without a virtual IPMartin Willi2015-02-209-0/+97
|
* Updated RFC3779 certificates5.2.2Andreas Steffen2014-12-284-86/+86
|
* Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario5.2.2rc1Andreas Steffen2014-12-123-0/+0
|
* Updated BLISS scenario keys and certificates to new formatAndreas Steffen2014-12-126-0/+0
|
* Renewed expired certificatesAndreas Steffen2014-11-293-61/+61
|
* Created ikev2/rw-ntru-bliss scenarioAndreas Steffen2014-11-2923-0/+188
|
* testing: Add ikev2/net2net-fragmentation scenarioTobias Brunner2014-10-109-0/+116
|
* Updated revoked certificate in ikev2/ocsp-revoked scenarioAndreas Steffen2014-10-052-42/+42
|
* The critical-extension scenarios need the old private keysAndreas Steffen2014-10-052-0/+54
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 12:59:41 +0000