tteras/strongswan - tteras' strongSwan tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	testing: Add expect-connection calls for all tests and hosts	Tobias Brunner	2016-06-16	1	-2/+3
\| \| \| \|	There are some exceptions (e.g. those that use auto=start or p2pnat).
*	testing: Update test scenarios for Debian jessie	Tobias Brunner	2016-06-16	1	-1/+1
\| \| \| \| \| \| \|	The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t.
*	testing: Include IKE port information in evaltests	Andreas Steffen	2016-03-05	1	-2/+2
\|
*	Fix of the mutual TNC measurement use case	Andreas Steffen	2016-02-16	4	-8/+11
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches is continued until the IKEv2 responder acting as a TNC server has also finished its TNC measurements. In the past if these measurements in the other direction were correct the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication successful and the IPsec connection was established even though the TNC measurement verification on the EAP peer side failed. The fix adds an "allow" group membership on each endpoint if the corresponding TNC measurements of the peer are successful. By requiring a "allow" group membership in the IKEv2 connection definition the IPsec connection succeeds only if the TNC measurements on both sides are valid.
*	testing: Converted tnc scenarios to swanctl	Andreas Steffen	2015-12-11	10	-61/+109
\|
*	testing: Remove nearly all sleep calls from pretest and posttest scripts	Tobias Brunner	2015-11-09	1	-1/+1
\| \| \| \| \|	By consistently using the `expect-connection` helper we can avoid pretty much all previously needed calls to sleep.
*	Added tnc/tnccs-20-pt-tls scenario	Andreas Steffen	2015-03-27	11	-0/+153