Cleaned configuration files in PT-TLS client scenario
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 22 Aug 2013 15:24:20 +0000 (17:24 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 22 Aug 2013 15:24:20 +0000 (17:24 +0200)
testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.conf
testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.secrets
testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.conf
testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.secrets
testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql [new file with mode: 0644]
testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules [deleted file]
testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-pt-tls/test.conf

index 5956373..4a41e7e 100644 (file)
@@ -1,23 +1,3 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
-config setup
-       charondebug="tnc 3, imc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       rightauth=pubkey
-       eap_identity=carol
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-       auto=add
+# the PT-TLS client reads its configuration via the command line
index 23d79cf..d2f6378 100644 (file)
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-carol : EAP "Ar3etTnp"
+# the PT-TLS client loads its secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/carol/etc/ipsec.sql
new file mode 100644 (file)
index 0000000..805c8bf
--- /dev/null
@@ -0,0 +1,4 @@
+/* strongSwan SQLite database */
+
+/* configuration is read from the command line */
+/* credentials are read from the command line */
index 8c27c78..4a41e7e 100644 (file)
@@ -1,23 +1,3 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
-config setup
-       charondebug="tnc 3, imc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       rightauth=pubkey
-       eap_identity=dave
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-       auto=add
+# the PT-TLS client reads its configuration via the command line
index 02e0c99..d2f6378 100644 (file)
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-dave : EAP "W7R0g3do"
+# the PT-TLS client loads its secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-pt-tls/hosts/dave/etc/ipsec.sql
new file mode 100644 (file)
index 0000000..805c8bf
--- /dev/null
@@ -0,0 +1,4 @@
+/* strongSwan SQLite database */
+
+/* configuration is read from the command line */
+/* credentials are read from the command line */
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index 02ada56..0000000
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=pubkey
-       leftfirewall=yes
-       rightauth=eap-radius
-       rightsendcert=never
-       right=%any
-       eap_identity=%any
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index e86d6aa..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/iptables.rules
deleted file mode 100644 (file)
index 1eb7553..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow esp
--A INPUT  -i eth0 -p 50 -j ACCEPT
--A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-# allow IKE
--A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-# allow MobIKE
--A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
--A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-# allow ssh
--A INPUT  -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-# allow RADIUS protocol with alice
--A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
--A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pt-tls/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index d329518..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown
-  multiple_authentication=no
-  plugins {
-    eap-radius {
-      secret = gv6URkSs
-      #server = PH_IP6_ALICE 
-      server = PH_IP_ALICE
-      filter_id = yes
-    }
-  }
-}
index ad9bf83..0887e4d 100644 (file)
@@ -18,7 +18,7 @@ TCPDUMPHOSTS="moon"
 # Guest instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol dave alice"
+IPSECHOSTS="carol dave alice"
 
 # Guest instances on which FreeRadius is started
 #