updated ikev1/xauth-rsa scenario to xauth plugin
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 18 May 2010 14:52:12 +0000 (16:52 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 18 May 2010 14:54:25 +0000 (16:54 +0200)
testing/tests/ikev1/xauth-rsa/description.txt
testing/tests/ikev1/xauth-rsa/evaltest.dat
testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets
testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets
testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets
testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]

index 0cdaba1..a9b76b6 100644 (file)
@@ -1,7 +1,9 @@
 The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
 The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
 followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
-based on user names and passwords.
+based on user names equal to the <b>IKEv1 identity</b> (<b>carol@strongswan.org</b> and
+<b>dave@strongswan.org</b>, respectively) and corresponding user passwords defined and
+stored in ipsec.secrets.
 <p>
 Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
 inserts iptables-based firewall rules that let pass the tunneled traffic.
index e1dc6b5..7860430 100644 (file)
@@ -1,5 +1,7 @@
 carol::cat /var/log/auth.log::extended authentication was successful::YES
 dave::cat /var/log/auth.log::extended authentication was successful::YES
+moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
+moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
 moon::cat /var/log/auth.log::extended authentication was successful::YES
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
index 48fd260..4a77c3b 100644 (file)
@@ -2,4 +2,4 @@
 
 : RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
 
-: XAUTH carol "4iChxLT3" 
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..556f76c
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..556f76c
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
index ffbb13e..f79a81a 100644 (file)
@@ -1,7 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       plutodebug="control"
+       plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
        charonstart=no
index 8d41919..1ba6697 100644 (file)
@@ -2,6 +2,6 @@
 
 : RSA moonKey.pem
 
-: XAUTH carol "4iChxLT3"
+carol@strongswan.org : XAUTH "4iChxLT3"
 
-: XAUTH dave  "ryftzG4A"
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..556f76c
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}