Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | testing: Fix firewall rule on alice in tnc/tnccs-20-pdp-pt-tls scenario | Tobias Brunner | 2016-06-17 | 1 | -2/+2 |
| | |||||
* | testing: Add expect-connection calls for all tests and hosts | Tobias Brunner | 2016-06-16 | 184 | -11/+236 |
| | | | | There are some exceptions (e.g. those that use auto=start or p2pnat). | ||||
* | testing: Update test scenarios for Debian jessie | Tobias Brunner | 2016-06-16 | 289 | -576/+576 |
| | | | | | | | The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t. | ||||
* | testing: Fix posttest.dat for ikev2/rw-dnssec scenario | Tobias Brunner | 2016-06-16 | 1 | -6/+6 |
| | |||||
* | testing: Update Apache config for newer Debian releases | Tobias Brunner | 2016-06-15 | 4 | -52/+64 |
| | | | | | | It is still compatible with the current release as the config in sites-available will be ignored, while conf-enabled does not exist and is not included in the main config. | ||||
* | testing: Fix scenarios that check /etc/resolv.conf | Tobias Brunner | 2016-06-13 | 3 | -6/+6 |
| | |||||
* | testing: Changed gcrypt-ikev1 scenarios to swanctl | Andreas Steffen | 2016-05-15 | 20 | -126/+148 |
| | |||||
* | testing: wait until connections are loaded | Andreas Steffen | 2016-05-15 | 98 | -89/+178 |
| | |||||
* | swanctl: Do not display rekey times for shunts | Andreas Steffen | 2016-05-05 | 1 | -0/+1 |
| | |||||
* | testing: Use reauthentication and set CHILD_SA rekey time, bytes and packets ↵ | Andreas Steffen | 2016-05-04 | 2 | -0/+8 |
| | | | | limits | ||||
* | testing: uses xauth_id in swanctl/xauth-rsa scenario | Andreas Steffen | 2016-05-04 | 4 | -6/+8 |
| | |||||
* | testing: Use absolute path of imv_policy_manager | Andreas Steffen | 2016-04-26 | 8 | -8/+9 |
| | |||||
* | testing: Added swanctl/rw-multi-ciphers-ikev1 scenario | Andreas Steffen | 2016-04-12 | 11 | -0/+238 |
| | |||||
* | testing: Added swanctl/manual_prio scenario | Andreas Steffen | 2016-04-09 | 11 | -0/+277 |
| | |||||
* | testing: Add swanctl/net2net-gw scenario | Tobias Brunner | 2016-04-09 | 11 | -0/+204 |
| | |||||
* | testing: List conntrack table on sun in ikev2/host2host-transport-connmark ↵ | Tobias Brunner | 2016-04-06 | 1 | -0/+1 |
| | | | | scenario | ||||
* | testing: Updated updown scripts in libipsec scenarios to latest version | Tobias Brunner | 2016-03-23 | 11 | -0/+341 |
| | |||||
* | Updated swanctl/rw-psk-ikev1 scenario | Andreas Steffen | 2016-03-10 | 5 | -28/+36 |
| | |||||
* | testing: Add ikev2/reauth-mbb-revoked scenario | Tobias Brunner | 2016-03-10 | 9 | -0/+105 |
| | |||||
* | testing: Added swanctl/mult-auth-rsa-eap-sim-id scenario | Andreas Steffen | 2016-03-06 | 20 | -0/+335 |
| | |||||
* | testing: Added swanctl/xauth-rsa scenario | Andreas Steffen | 2016-03-06 | 11 | -0/+211 |
| | |||||
* | testing: attr-sql is a charon plugin5.4.0dr8 | Andreas Steffen | 2016-03-05 | 11 | -42/+10 |
| | |||||
* | testing: Added swanctl/rw-psk-ikev1 scenario | Andreas Steffen | 2016-03-05 | 11 | -0/+271 |
| | |||||
* | testing: Include IKE port information in evaltests | Andreas Steffen | 2016-03-05 | 68 | -238/+221 |
| | |||||
* | testing: Add ikev2/redirect-active scenario | Tobias Brunner | 2016-03-04 | 20 | -0/+322 |
| | |||||
* | testing: Added swanctl/protoport-range scenario | Andreas Steffen | 2016-03-04 | 9 | -0/+159 |
| | |||||
* | libhydra: Remove empty unused library | Tobias Brunner | 2016-03-03 | 11 | -11/+11 |
| | |||||
* | testing: Added swanctl/shunt-policies-nat-rw | Andreas Steffen | 2016-02-28 | 12 | -0/+231 |
| | |||||
* | testing: Some minor fixes in test scenarios | Andreas Steffen | 2016-02-28 | 2 | -0/+3 |
| | |||||
* | testing: Added swanctl/protoport-dual scenario | Andreas Steffen | 2016-02-28 | 9 | -0/+142 |
| | |||||
* | testing: converted af-alg scenarios to swanctl | Andreas Steffen | 2016-02-26 | 25 | -149/+198 |
| | |||||
* | testing: Use absolute path to the _updown script in SQL scenarios | Tobias Brunner | 2016-02-17 | 47 | -55/+55 |
| | | | | | | /usr/local/sbin is not included in PATH set by the charon init script and since the ipsec script is obsolete when using swanctl it makes sense to change this anyway. | ||||
* | testing: Increased ping interval in ikev2/trap-any scenario | Andreas Steffen | 2016-02-16 | 1 | -5/+5 |
| | |||||
* | Corrected the description of the swanctl/dhcp-dynamic scenario | Andreas Steffen | 2016-02-16 | 1 | -1/+1 |
| | |||||
* | Fix of the mutual TNC measurement use case | Andreas Steffen | 2016-02-16 | 15 | -8/+214 |
| | | | | | | | | | | | | | | | | | If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches is continued until the IKEv2 responder acting as a TNC server has also finished its TNC measurements. In the past if these measurements in the other direction were correct the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication successful and the IPsec connection was established even though the TNC measurement verification on the EAP peer side failed. The fix adds an "allow" group membership on each endpoint if the corresponding TNC measurements of the peer are successful. By requiring a "allow" group membership in the IKEv2 connection definition the IPsec connection succeeds only if the TNC measurements on both sides are valid. | ||||
* | testing: Added swanctl/dhcp-dynamic scenario | Andreas Steffen | 2016-02-03 | 15 | -0/+279 |
| | |||||
* | ikev1: Log successful authentication with signature scheme | Thomas Egerer | 2016-02-01 | 3 | -6/+6 |
| | | | | | | Output is now identical to that of the IKEv2 pubkey authenticator. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> | ||||
* | testing: Don't attempt to start the daemon twice in ha/active-passive scenario | Tobias Brunner | 2016-02-01 | 1 | -1/+0 |
| | |||||
* | testing: Added swanctl/config-payload scenario | Andreas Steffen | 2016-01-14 | 12 | -0/+219 |
| | |||||
* | testing: Use include statement in swanctl/rw-pubkey-keyid scenario | Andreas Steffen | 2016-01-14 | 3 | -30/+19 |
| | |||||
* | testing: swanctl/rw-pubkey-anon uses anonymous public keys in remote access ↵ | Andreas Steffen | 2016-01-09 | 20 | -0/+297 |
| | | | | scenario | ||||
* | testing: added swanctl scenarios net2net-pubkey, rw-pubkey-keyid and rw-dnssec | Andreas Steffen | 2016-01-09 | 55 | -0/+824 |
| | |||||
* | testing: Fixed description of swanctl/frags-iv4 scenario | Andreas Steffen | 2016-01-09 | 1 | -4/+4 |
| | |||||
* | testing: Change sql scenarios to swanctl | Andreas Steffen | 2016-01-03 | 172 | -379/+422 |
| | |||||
* | testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs | Tobias Brunner | 2015-12-21 | 4 | -8/+8 |
| | |||||
* | testing: Fixed description in swanctl/rw-ntru-bliss scenario | Andreas Steffen | 2015-12-18 | 1 | -1/+1 |
| | |||||
* | testing: Added swanctl/rw-ntru-bliss scenario | Andreas Steffen | 2015-12-17 | 20 | -0/+214 |
| | |||||
* | 128 bit default security strength requires 3072 bit prime DH group | Andreas Steffen | 2015-12-14 | 30 | -64/+64 |
| | |||||
* | testing: swanctl/rw-cert scenario tests password-protected RSA key | Andreas Steffen | 2015-12-12 | 2 | -0/+38 |
| | |||||
* | Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit ↵ | Andreas Steffen | 2015-12-12 | 46 | -237/+83 |
| | | | | security |