testing: Add scenarios that use a CA with two intermediate CA certificates
[strongswan.git] / testing / tests / tkm / multi-level-ca / evaltest.dat
1 moon::  swanctl --list-sas --raw 2> /dev/null::conn1.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*conn1.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.100/32]::YES
2 moon::  swanctl --list-sas --raw 2> /dev/null::conn2.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*conn2.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.1/32] remote-ts=\[192.168.0.200/32]::YES
3 carol::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*host-host.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.100/32] remote-ts=\[192.168.0.1/32]::YES
4 dave:: swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*host-host.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.200/32] remote-ts=\[192.168.0.1/32]::YES
5 carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES
6 dave::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_.eq=1::YES
7 carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
8 carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
9 dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
10 dave::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
11 moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES
12 moon::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.1 <-> 192.168.0.100 \]::YES
13 moon::cat /tmp/tkm.log::Adding policy \[ 2, 192.168.0.1 <-> 192.168.0.200 \]::YES
14 moon::cat /tmp/tkm.log::Linked CC context 1 with CA certificate 2::YES
15 moon::cat /tmp/tkm.log::Linked CC context 1 with CA certificate 1::YES
16 moon::cat /tmp/tkm.log::Certificate chain of CC context 1 is valid::2
17 moon::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES
18 moon::cat /tmp/tkm.log::Authentication of ISA context 2 successful::YES
19 moon::cat /tmp/tkm.log::Adding ESA \[ 1, 192.168.0.1 <-> 192.168.0.100, SPI_in.*, SPI_out.*, soft 30, hard 60 \]::YES