moved TNC scenarios to tnc folder
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 2 Jun 2011 22:47:20 +0000 (00:47 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 2 Jun 2011 22:47:20 +0000 (00:47 +0200)
374 files changed:
testing/tests/ikev2/rw-eap-tnc-11-radius-block/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/init.d/iptables [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius-block/test.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary.tnc [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc/log4cxx.properties [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/init.d/iptables [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/test.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/log4cxx.properties [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/log4cxx.properties [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/dummyimv.policy [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/hostscannerimv.policy [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/log4cxx.properties [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-11/test.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-block/test.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc/log4cxx.properties [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc/log4cxx.properties [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/dummyimv.policy [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/log4cxx.properties [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-fhh/test.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20-tls/test.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-20/test.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/description.txt [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/posttest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat [deleted file]
testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf [deleted file]
testing/tests/tnc/tnccs-11-fhh/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/dummyimv.policy [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/hostscannerimv.policy [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-fhh/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/eap.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/proxy.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/users [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/init.d/iptables [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/eap.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/proxy.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/users [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/init.d/iptables [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-11/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-11/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-11/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-block/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-block/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-block/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/dummyimc.file [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/dummyimc.file [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/dummyimv.policy [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-fhh/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-tls/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-20/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-dynamic/test.conf [new file with mode: 0644]

diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/description.txt b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/description.txt
deleted file mode 100644 (file)
index 350aefc..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-At the outset the gateway authenticates itself to the clients by sending an IKEv2
-<b>RSA signature</b> accompanied by a certificate.
-<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to
-the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
-The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements <b>carol</b>
-is authenticated successfully and is granted access to the subnet behind <b>moon</b> whereas 
-<b>dave</b> fails the layered EAP authentication and is rejected.
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/evaltest.dat
deleted file mode 100644 (file)
index 517ea9a..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES         
-moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
-moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/clients.conf
deleted file mode 100644 (file)
index f4e179a..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-client PH_IP_MOON1 {
-  secret    = gv6URkSs 
-  shortname = moon
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary
deleted file mode 100644 (file)
index 1a27a02..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-$INCLUDE       /usr/share/freeradius/dictionary
-$INCLUDE       /etc/raddb/dictionary.tnc
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc
deleted file mode 100644 (file)
index f295467..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-ATTRIBUTE      TNC-Status      3001    integer
-
-VALUE  TNC-Status      Access  0 
-VALUE  TNC-Status      Isolate 1
-VALUE  TNC-Status      None    2
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/eap.conf
deleted file mode 100644 (file)
index 3155636..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-eap {
-  md5 {
-  }
-  default_eap_type = ttls
-  tls {
-    private_key_file = /etc/raddb/certs/aaaKey.pem
-    certificate_file = /etc/raddb/certs/aaaCert.pem
-    CA_file = /etc/raddb/certs/strongswanCert.pem
-    cipher_list = "DEFAULT"
-    dh_file = /etc/raddb/certs/dh
-    random_file = /etc/raddb/certs/random
-  }
-  ttls {
-    default_eap_type = md5
-    use_tunneled_reply = yes
-    virtual_server = "inner-tunnel"
-    tnc_virtual_server = "inner-tunnel-second"
-  }
-}
-
-eap eap_tnc {
-      default_eap_type = tnc
-      tnc {
-      }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/proxy.conf
deleted file mode 100644 (file)
index 23cba8d..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-realm strongswan.org {
-  type     = radius
-  authhost = LOCAL
-  accthost = LOCAL
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/radiusd.conf
deleted file mode 100644 (file)
index 1143a04..0000000
+++ /dev/null
@@ -1,120 +0,0 @@
-# radiusd.conf -- FreeRADIUS server configuration file.
-
-prefix = /usr
-exec_prefix = ${prefix}
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = ${localstatedir}/log/radius
-raddbdir = ${sysconfdir}/raddb
-radacctdir = ${logdir}/radacct
-
-#  name of the running server.  See also the "-n" command-line option.
-name = radiusd
-
-#  Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = ${raddbdir}
-
-# libdir: Where to find the rlm_* modules.
-libdir = ${exec_prefix}/lib
-
-#  pidfile: Where to place the PID of the RADIUS server.
-pidfile = ${run_dir}/${name}.pid
-
-#  max_request_time: The maximum time (in seconds) to handle a request.
-max_request_time = 30
-
-#  cleanup_delay: The time to wait (in seconds) before cleaning up
-cleanup_delay = 5
-
-#  max_requests: The maximum number of requests which the server keeps
-max_requests = 1024
-
-#  listen: Make the server listen on a particular IP address, and send
-listen {
-  type = auth
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  This second "listen" section is for listening on the accounting
-#  port, too.
-#
-listen {
-  type  = acct
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  hostname_lookups: Log the names of clients or just their IP addresses
-hostname_lookups = no
-
-#  Core dumps are a bad thing.  This should only be set to 'yes'
-allow_core_dumps = no
-
-#  Regular expressions
-regular_expressions = yes
-extended_expressions = yes
-
-#  Logging section.  The various "log_*" configuration items
-log {
-  destination = files
-  file = ${logdir}/radius.log
-  syslog_facility = daemon
-  stripped_names = no
-  auth = yes 
-  auth_badpass = yes 
-  auth_goodpass = yes 
-}
-
-#  The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-#  Security considerations
-security {
-  max_attributes = 200
-  reject_delay = 1
-  status_server = yes
-}
-
-# PROXY CONFIGURATION
-proxy_requests = yes
-$INCLUDE proxy.conf
-
-# CLIENTS CONFIGURATION
-$INCLUDE clients.conf
-
-# THREAD POOL CONFIGURATION
-thread pool {
-  start_servers = 5
-  max_servers = 32
-  min_spare_servers = 3
-  max_spare_servers = 10
-  max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-modules {
-  $INCLUDE ${confdir}/modules/
-  $INCLUDE eap.conf
-  $INCLUDE sql.conf
-  $INCLUDE sql/mysql/counter.conf
-}
-
-# Instantiation
-instantiate {
-  exec
-  expr
-  expiration
-  logintime
-}
-
-# Policies
-$INCLUDE policy.conf
-
-# Include all enabled virtual hosts
-$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/default
deleted file mode 100644 (file)
index 802fcfd..0000000
+++ /dev/null
@@ -1,44 +0,0 @@
-authorize {
-  suffix
-  eap {
-    ok = return
-  }
-  files
-}
-
-authenticate {
-  eap
-}
-
-preacct {
-  preprocess
-  acct_unique
-  suffix
-  files
-}
-
-accounting {
-  detail
-  unix
-  radutmp
-  attr_filter.accounting_response
-}
-
-session {
-  radutmp
-}
-
-post-auth {
-  exec
-  Post-Auth-Type REJECT {
-    attr_filter.access_reject
-  }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-  eap
-}
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel
deleted file mode 100644 (file)
index e088fae..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-server inner-tunnel {
-
-authorize {
-       suffix
-       eap {
-               ok = return
-       }
-       files
-}
-
-authenticate {
-       eap
-}
-
-session {
-       radutmp
-}
-
-post-auth {
-       Post-Auth-Type REJECT {
-               attr_filter.access_reject
-       }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-       eap
-}
-
-} # inner-tunnel server block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
deleted file mode 100644 (file)
index 2d49612..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-server inner-tunnel-second {
-
-authorize {
-       eap_tnc {
-               ok = return
-       }
-}
-
-authenticate {
-       eap_tnc
-}
-
-session {
-       radutmp
-}
-
-post-auth {
-       Post-Auth-Type REJECT {
-               attr_filter.access_reject
-       }
-}
-
-} # inner-tunnel-second block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/raddb/users
deleted file mode 100644 (file)
index 50ccf3e..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-carol  Cleartext-Password := "Ar3etTnp"
-dave   Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/alice/etc/tnc_config
deleted file mode 100644 (file)
index a9509a7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for TNC@FHH-TNC-Server
-
-IMV "Dummy" /usr/local/lib/libdummyimv.so.0.7.0
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 9cf2b43..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index c12143c..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index f5da834..0000000
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index a5a9a68..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 998e6c2..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index c12143c..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index 621e94f..0000000
+++ /dev/null
@@ -1 +0,0 @@
-none
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index a5a9a68..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/init.d/iptables
deleted file mode 100755 (executable)
index 56587b2..0000000
+++ /dev/null
@@ -1,84 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-       before net
-       need logger
-}
-
-start() {
-       ebegin "Starting firewall"
-
-       # enable IP forwarding
-       echo 1 > /proc/sys/net/ipv4/ip_forward
-       
-       # default policy is DROP
-       /sbin/iptables -P INPUT DROP
-       /sbin/iptables -P OUTPUT DROP
-       /sbin/iptables -P FORWARD DROP
-
-       # allow esp
-       iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-       # allow IKE
-       iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-       # allow MobIKE
-       iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-       # allow crl fetch from winnetou
-       iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-       # allow RADIUS protocol with alice
-       iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
-       iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
-       # allow ssh
-       iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-       iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-       eend $?
-}
-
-stop() {
-       ebegin "Stopping firewall"
-               for a in `cat /proc/net/ip_tables_names`; do
-                       /sbin/iptables -F -t $a
-                       /sbin/iptables -X -t $a
-       
-                       if [ $a == nat ]; then
-                               /sbin/iptables -t nat -P PREROUTING ACCEPT
-                               /sbin/iptables -t nat -P POSTROUTING ACCEPT
-                               /sbin/iptables -t nat -P OUTPUT ACCEPT
-                       elif [ $a == mangle ]; then
-                               /sbin/iptables -t mangle -P PREROUTING ACCEPT
-                               /sbin/iptables -t mangle -P INPUT ACCEPT
-                               /sbin/iptables -t mangle -P FORWARD ACCEPT
-                               /sbin/iptables -t mangle -P OUTPUT ACCEPT
-                               /sbin/iptables -t mangle -P POSTROUTING ACCEPT
-                       elif [ $a == filter ]; then
-                               /sbin/iptables -t filter -P INPUT ACCEPT
-                               /sbin/iptables -t filter -P FORWARD ACCEPT
-                               /sbin/iptables -t filter -P OUTPUT ACCEPT
-                       fi
-               done
-       eend $?
-}
-
-reload() {
-       ebegin "Flushing firewall"
-               for a in `cat /proc/net/ip_tables_names`; do
-                       /sbin/iptables -F -t $a
-                       /sbin/iptables -X -t $a
-               done;
-        eend $?
-       start
-}
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index fc8f846..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftsubnet=10.1.0.0/16
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=pubkey
-       leftfirewall=yes
-       rightauth=eap-radius
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index e86d6aa..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 4d2d305..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
-  multiple_authentication=no
-  plugins {
-    eap-radius {
-      secret = gv6URkSs 
-      server = PH_IP_ALICE
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/posttest.dat
deleted file mode 100644 (file)
index 1327521..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-alice::/etc/init.d/radiusd stop
-alice::rm /etc/raddb/sites-enabled/inner-tunnel-second
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/pretest.dat
deleted file mode 100644 (file)
index dc7d593..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second
-alice::cat /etc/raddb/sites-enabled/inner-tunnel-second
-alice::/etc/init.d/radiusd start
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius-block/test.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius-block/test.conf
deleted file mode 100644 (file)
index bb6b686..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS="alice"
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt b/testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt
deleted file mode 100644 (file)
index 69ed160..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-At the outset the gateway authenticates itself to the clients by sending an IKEv2
-<b>RSA signature</b> accompanied by a certificate.
-<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to
-the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
-The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements exchanged
-via the <b>IF-M</b> (RFC 5792 PA-TNC) protocol, the clients are connected by gateway <b>moon</b>
-to the "rw-allow" and "rw-isolate" subnets, respectively.
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius/evaltest.dat
deleted file mode 100644 (file)
index d0ea22b..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
-dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES            
-moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/clients.conf
deleted file mode 100644 (file)
index f4e179a..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-client PH_IP_MOON1 {
-  secret    = gv6URkSs 
-  shortname = moon
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary
deleted file mode 100644 (file)
index 1a27a02..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-$INCLUDE       /usr/share/freeradius/dictionary
-$INCLUDE       /etc/raddb/dictionary.tnc
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/dictionary.tnc
deleted file mode 100644 (file)
index f295467..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-ATTRIBUTE      TNC-Status      3001    integer
-
-VALUE  TNC-Status      Access  0 
-VALUE  TNC-Status      Isolate 1
-VALUE  TNC-Status      None    2
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/eap.conf
deleted file mode 100644 (file)
index 3155636..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-eap {
-  md5 {
-  }
-  default_eap_type = ttls
-  tls {
-    private_key_file = /etc/raddb/certs/aaaKey.pem
-    certificate_file = /etc/raddb/certs/aaaCert.pem
-    CA_file = /etc/raddb/certs/strongswanCert.pem
-    cipher_list = "DEFAULT"
-    dh_file = /etc/raddb/certs/dh
-    random_file = /etc/raddb/certs/random
-  }
-  ttls {
-    default_eap_type = md5
-    use_tunneled_reply = yes
-    virtual_server = "inner-tunnel"
-    tnc_virtual_server = "inner-tunnel-second"
-  }
-}
-
-eap eap_tnc {
-      default_eap_type = tnc
-      tnc {
-      }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/proxy.conf
deleted file mode 100644 (file)
index 23cba8d..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-realm strongswan.org {
-  type     = radius
-  authhost = LOCAL
-  accthost = LOCAL
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/radiusd.conf
deleted file mode 100644 (file)
index 1143a04..0000000
+++ /dev/null
@@ -1,120 +0,0 @@
-# radiusd.conf -- FreeRADIUS server configuration file.
-
-prefix = /usr
-exec_prefix = ${prefix}
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = ${localstatedir}/log/radius
-raddbdir = ${sysconfdir}/raddb
-radacctdir = ${logdir}/radacct
-
-#  name of the running server.  See also the "-n" command-line option.
-name = radiusd
-
-#  Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = ${raddbdir}
-
-# libdir: Where to find the rlm_* modules.
-libdir = ${exec_prefix}/lib
-
-#  pidfile: Where to place the PID of the RADIUS server.
-pidfile = ${run_dir}/${name}.pid
-
-#  max_request_time: The maximum time (in seconds) to handle a request.
-max_request_time = 30
-
-#  cleanup_delay: The time to wait (in seconds) before cleaning up
-cleanup_delay = 5
-
-#  max_requests: The maximum number of requests which the server keeps
-max_requests = 1024
-
-#  listen: Make the server listen on a particular IP address, and send
-listen {
-  type = auth
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  This second "listen" section is for listening on the accounting
-#  port, too.
-#
-listen {
-  type  = acct
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  hostname_lookups: Log the names of clients or just their IP addresses
-hostname_lookups = no
-
-#  Core dumps are a bad thing.  This should only be set to 'yes'
-allow_core_dumps = no
-
-#  Regular expressions
-regular_expressions = yes
-extended_expressions = yes
-
-#  Logging section.  The various "log_*" configuration items
-log {
-  destination = files
-  file = ${logdir}/radius.log
-  syslog_facility = daemon
-  stripped_names = no
-  auth = yes 
-  auth_badpass = yes 
-  auth_goodpass = yes 
-}
-
-#  The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-#  Security considerations
-security {
-  max_attributes = 200
-  reject_delay = 1
-  status_server = yes
-}
-
-# PROXY CONFIGURATION
-proxy_requests = yes
-$INCLUDE proxy.conf
-
-# CLIENTS CONFIGURATION
-$INCLUDE clients.conf
-
-# THREAD POOL CONFIGURATION
-thread pool {
-  start_servers = 5
-  max_servers = 32
-  min_spare_servers = 3
-  max_spare_servers = 10
-  max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-modules {
-  $INCLUDE ${confdir}/modules/
-  $INCLUDE eap.conf
-  $INCLUDE sql.conf
-  $INCLUDE sql/mysql/counter.conf
-}
-
-# Instantiation
-instantiate {
-  exec
-  expr
-  expiration
-  logintime
-}
-
-# Policies
-$INCLUDE policy.conf
-
-# Include all enabled virtual hosts
-$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/default
deleted file mode 100644 (file)
index 802fcfd..0000000
+++ /dev/null
@@ -1,44 +0,0 @@
-authorize {
-  suffix
-  eap {
-    ok = return
-  }
-  files
-}
-
-authenticate {
-  eap
-}
-
-preacct {
-  preprocess
-  acct_unique
-  suffix
-  files
-}
-
-accounting {
-  detail
-  unix
-  radutmp
-  attr_filter.accounting_response
-}
-
-session {
-  radutmp
-}
-
-post-auth {
-  exec
-  Post-Auth-Type REJECT {
-    attr_filter.access_reject
-  }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-  eap
-}
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel
deleted file mode 100644 (file)
index e088fae..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-server inner-tunnel {
-
-authorize {
-       suffix
-       eap {
-               ok = return
-       }
-       files
-}
-
-authenticate {
-       eap
-}
-
-session {
-       radutmp
-}
-
-post-auth {
-       Post-Auth-Type REJECT {
-               attr_filter.access_reject
-       }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-       eap
-}
-
-} # inner-tunnel server block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
deleted file mode 100644 (file)
index f91bccc..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-server inner-tunnel-second {
-
-authorize {
-       eap_tnc {
-               ok = return
-       }
-}
-
-authenticate {
-       eap_tnc
-}
-
-session {
-       radutmp
-}
-
-post-auth {
-       if (control:TNC-Status == "Access") {
-               update reply {
-                       Tunnel-Type := ESP 
-                       Filter-Id := "allow"
-               }
-       }
-       elsif (control:TNC-Status == "Isolate") {
-               update reply {
-                       Tunnel-Type := ESP 
-                       Filter-Id := "isolate"  
-               }
-       }
-
-       Post-Auth-Type REJECT {
-               attr_filter.access_reject
-       }
-}
-
-} # inner-tunnel-second block
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/raddb/users
deleted file mode 100644 (file)
index 50ccf3e..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-carol  Cleartext-Password := "Ar3etTnp"
-dave   Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/strongswan.conf
deleted file mode 100644 (file)
index 323bc37..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-libimcv {
-  debug_level = 3 
-  plugins {
-    imv-test {
-      rounds = 1 
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc/log4cxx.properties
deleted file mode 100644 (file)
index 2bdc6e4..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config
deleted file mode 100644 (file)
index 1bd0757..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for TNC@FHH-TNC-Server
-
-IMV "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index a639b04..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index f6dc2dc..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = allow
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index a39922d..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 5da78b4..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       rightauth=pubkey
-       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 0a132ca..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = isolate
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index a39922d..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/init.d/iptables
deleted file mode 100755 (executable)
index 56587b2..0000000
+++ /dev/null
@@ -1,84 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-       before net
-       need logger
-}
-
-start() {
-       ebegin "Starting firewall"
-
-       # enable IP forwarding
-       echo 1 > /proc/sys/net/ipv4/ip_forward
-       
-       # default policy is DROP
-       /sbin/iptables -P INPUT DROP
-       /sbin/iptables -P OUTPUT DROP
-       /sbin/iptables -P FORWARD DROP
-
-       # allow esp
-       iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-       # allow IKE
-       iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-       # allow MobIKE
-       iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-       # allow crl fetch from winnetou
-       iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-       iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-       # allow RADIUS protocol with alice
-       iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
-       iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
-
-       # allow ssh
-       iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-       iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-       eend $?
-}
-
-stop() {
-       ebegin "Stopping firewall"
-               for a in `cat /proc/net/ip_tables_names`; do
-                       /sbin/iptables -F -t $a
-                       /sbin/iptables -X -t $a
-       
-                       if [ $a == nat ]; then
-                               /sbin/iptables -t nat -P PREROUTING ACCEPT
-                               /sbin/iptables -t nat -P POSTROUTING ACCEPT
-                               /sbin/iptables -t nat -P OUTPUT ACCEPT
-                       elif [ $a == mangle ]; then
-                               /sbin/iptables -t mangle -P PREROUTING ACCEPT
-                               /sbin/iptables -t mangle -P INPUT ACCEPT
-                               /sbin/iptables -t mangle -P FORWARD ACCEPT
-                               /sbin/iptables -t mangle -P OUTPUT ACCEPT
-                               /sbin/iptables -t mangle -P POSTROUTING ACCEPT
-                       elif [ $a == filter ]; then
-                               /sbin/iptables -t filter -P INPUT ACCEPT
-                               /sbin/iptables -t filter -P FORWARD ACCEPT
-                               /sbin/iptables -t filter -P OUTPUT ACCEPT
-                       fi
-               done
-       eend $?
-}
-
-reload() {
-       ebegin "Flushing firewall"
-               for a in `cat /proc/net/ip_tables_names`; do
-                       /sbin/iptables -F -t $a
-                       /sbin/iptables -X -t $a
-               done;
-        eend $?
-       start
-}
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 33dcdcf..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=pubkey
-       leftfirewall=yes
-       rightauth=eap-radius
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index e86d6aa..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index f4e456b..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
-  multiple_authentication=no
-  plugins {
-    eap-radius {
-      secret = gv6URkSs 
-      server = PH_IP_ALICE
-      filter_id = yes
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius/posttest.dat
deleted file mode 100644 (file)
index 86bd89d..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-alice::killall radiusd
-alice::rm /etc/raddb/sites-enabled/inner-tunnel-second
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat
deleted file mode 100644 (file)
index b663661..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second
-alice::cat /etc/raddb/sites-enabled/inner-tunnel-second
-alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd
-alice::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::LEAK_DETECTIVE_DISABLE=1 ipsec start
-dave::LEAK_DETECTIVE_DISABLE=1 ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/test.conf b/testing/tests/ikev2/rw-eap-tnc-11-radius/test.conf
deleted file mode 100644 (file)
index 2a52df2..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS="alice"
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/description.txt b/testing/tests/ikev2/rw-eap-tnc-11/description.txt
deleted file mode 100644 (file)
index 4b4808c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-11/evaltest.dat
deleted file mode 100644 (file)
index f7d78d1..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index c19192d..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index c12143c..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index f5da834..0000000
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc/log4cxx.properties
deleted file mode 100644 (file)
index b1c6941..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index d2fabe1..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"            /usr/local/lib/libdummyimc.so
-#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 7d5ea8b..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index c12143c..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index c20b5e5..0000000
+++ /dev/null
@@ -1 +0,0 @@
-isolate
\ No newline at end of file
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc/log4cxx.properties
deleted file mode 100644 (file)
index b1c6941..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index d2fabe1..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"            /usr/local/lib/libdummyimc.so
-#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 50514c9..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=eap-ttls
-       leftfirewall=yes
-       rightauth=eap-ttls
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 2e277cc..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index f8700d3..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644 (file)
index d00491f..0000000
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/hostscannerimv.policy b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/hostscannerimv.policy
deleted file mode 100644 (file)
index d8215dd..0000000
+++ /dev/null
@@ -1,40 +0,0 @@
-#FTP - File Transfer Protocol
-TCP 20 = whatever
-TCP 21 = close
-
-#SSH - Secure Shell
-TCP 22 = whatever
-
-#Telnet
-TCP 23 = close
-
-#E-Mail
-#
-#SMTP - Simple Mail Transfer Protocol
-TCP  25 = close
-TCP 587 = close
-#POP3 - Post Office Protocol version 3
-TCP 110 = close
-TCP 995 = close
-
-#DNS - Domain Name System
-UDP 53 = close
-TCP 53 = close
-
-#BOOTP/DHCP - Bootstrap Protocol /
-#Dynamic Host Configuration Protocol 
-UDP 67 = close
-#UDP 68 = open
-UDP 68 = whatever
-
-#www - World Wide Web
-#HTTP - Hypertext Transfer Protocol
-TCP  80 = close
-#HTTPS - Hypertext Transfer Protocol Secure
-TCP 443 = close
-
-#examples
-TCP 8080 = close
-TCP 5223 = whatever
-UDP 4444 = close
-UDP  631 = whatever
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc/log4cxx.properties
deleted file mode 100644 (file)
index 122d798..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMV] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMV] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-11/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index 140caa9..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy"            /usr/local/lib/libdummyimv.so
-#IMV "HostScanner"     /usr/local/lib/libhostscannerimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-11/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-11/pretest.dat
deleted file mode 100644 (file)
index 9896b1e..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-11/test.conf b/testing/tests/ikev2/rw-eap-tnc-11/test.conf
deleted file mode 100644 (file)
index e28b825..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/description.txt b/testing/tests/ikev2/rw-eap-tnc-20-block/description.txt
deleted file mode 100644 (file)
index c7422aa..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements
-<b>carol</b> is authenticated successfully and is granted access to the subnet behind
-<b>moon</b> whereas <b>dave</b> fails the layered EAP authentication and is rejected.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20-block/evaltest.dat
deleted file mode 100644 (file)
index e3c4824..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Denied'::YES
-dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'no access'::YES
-moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index c19192d..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 1a39b8c..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-    tnc-imc {
-      preferred_language = de, en
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index f5da834..0000000
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index a5a9a68..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 7d5ea8b..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index eb70077..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-    tnc-imc {
-      preferred_language = ru, fr, en
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index 621e94f..0000000
+++ /dev/null
@@ -1 +0,0 @@
-none
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index a5a9a68..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 6747b4a..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftsubnet=10.1.0.0/16
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=eap-ttls
-       leftfirewall=yes
-       rightauth=eap-ttls
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 2e277cc..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 20caf8e..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-    tnc-imv {
-      recommendation_policy = all
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644 (file)
index 573541a..0000000
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-block/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index ac436a3..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy" /usr/local/lib/libdummyimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-20-block/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-20-block/pretest.dat
deleted file mode 100644 (file)
index ce897d1..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-block/test.conf b/testing/tests/ikev2/rw-eap-tnc-20-block/test.conf
deleted file mode 100644 (file)
index e28b825..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/description.txt b/testing/tests/ikev2/rw-eap-tnc-20-fhh/description.txt
deleted file mode 100644 (file)
index 796b8d2..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>. Th Dummy IMC and IMV from the TNC@FHH project is
-used which communicate with a proprietary protocol. 
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20-fhh/evaltest.dat
deleted file mode 100644 (file)
index 737c9b9..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 847ca2e..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index b2aa280..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index f5da834..0000000
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc/log4cxx.properties
deleted file mode 100644 (file)
index b1c6941..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index 3ef7809..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"    /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index f0ad472..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index b2aa280..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index c20b5e5..0000000
+++ /dev/null
@@ -1 +0,0 @@
-isolate
\ No newline at end of file
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc/log4cxx.properties
deleted file mode 100644 (file)
index b1c6941..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index 8eee806..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"     /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 9eec484..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-       charondebug="tnc 3, imv 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=eap-ttls
-       leftfirewall=yes
-       rightauth=eap-ttls
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 2e277cc..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index b76c1cd..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644 (file)
index d00491f..0000000
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/hostscannerimv.policy
deleted file mode 100644 (file)
index d8215dd..0000000
+++ /dev/null
@@ -1,40 +0,0 @@
-#FTP - File Transfer Protocol
-TCP 20 = whatever
-TCP 21 = close
-
-#SSH - Secure Shell
-TCP 22 = whatever
-
-#Telnet
-TCP 23 = close
-
-#E-Mail
-#
-#SMTP - Simple Mail Transfer Protocol
-TCP  25 = close
-TCP 587 = close
-#POP3 - Post Office Protocol version 3
-TCP 110 = close
-TCP 995 = close
-
-#DNS - Domain Name System
-UDP 53 = close
-TCP 53 = close
-
-#BOOTP/DHCP - Bootstrap Protocol /
-#Dynamic Host Configuration Protocol 
-UDP 67 = close
-#UDP 68 = open
-UDP 68 = whatever
-
-#www - World Wide Web
-#HTTP - Hypertext Transfer Protocol
-TCP  80 = close
-#HTTPS - Hypertext Transfer Protocol Secure
-TCP 443 = close
-
-#examples
-TCP 8080 = close
-TCP 5223 = whatever
-UDP 4444 = close
-UDP  631 = whatever
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc/log4cxx.properties
deleted file mode 100644 (file)
index 122d798..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# Set root logger level to DEBUG and its appenders to A1 and A2.
-log4j.rootLogger=DEBUG, A1, A2
-
-# A1 is set to be a ConsoleAppender.
-log4j.appender.A1=org.apache.log4j.ConsoleAppender
-log4j.appender.A1.layout=org.apache.log4j.PatternLayout
-log4j.appender.A1.layout.ConversionPattern=--[IMV] %m%n
-
-# A2 is set to be a SyslogAppender
-log4j.appender.A2=org.apache.log4j.net.SyslogAppender
-log4j.appender.A2.Facility=DAEMON
-log4j.appender.A2.SyslogHost=localhost
-log4j.appender.A2.Threshold=DEBUG
-log4j.appender.A2.layout=org.apache.log4j.PatternLayout
-log4j.appender.A2.layout.ConversionPattern=--[IMV] %m%n
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-fhh/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index fa4324e..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy"    /usr/local/lib/libdummyimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-20-fhh/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-20-fhh/pretest.dat
deleted file mode 100644 (file)
index 76ad91f..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::cat /etc/tnc/dummyimv.policy
-moon::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
-carol::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start 
-dave::LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start 
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-fhh/test.conf b/testing/tests/ikev2/rw-eap-tnc-20-fhh/test.conf
deleted file mode 100644 (file)
index e28b825..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/description.txt b/testing/tests/ikev2/rw-eap-tnc-20-tls/description.txt
deleted file mode 100644 (file)
index 54590a9..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>,
-both ends doing certificate-based EAP-TLS authentication only.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20-tls/evaltest.dat
deleted file mode 100644 (file)
index c871bb6..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES              
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 1b62742..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index b2aa280..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index f5da834..0000000
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index a5a9a68..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 54c06b1..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index b2aa280..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index c20b5e5..0000000
+++ /dev/null
@@ -1 +0,0 @@
-isolate
\ No newline at end of file
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index a5a9a68..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy" /usr/local/lib/libdummyimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 50514c9..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=eap-ttls
-       leftfirewall=yes
-       rightauth=eap-ttls
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 2e277cc..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 04a243c..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      request_peer_auth = yes
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644 (file)
index 573541a..0000000
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20-tls/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index ac436a3..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy" /usr/local/lib/libdummyimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-20-tls/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-20-tls/pretest.dat
deleted file mode 100644 (file)
index ce897d1..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20-tls/test.conf b/testing/tests/ikev2/rw-eap-tnc-20-tls/test.conf
deleted file mode 100644 (file)
index e28b825..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/description.txt b/testing/tests/ikev2/rw-eap-tnc-20/description.txt
deleted file mode 100644 (file)
index 410ccca..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate using the <b>RFC 5792 PA-TNC</b>
-protocol.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat
deleted file mode 100644 (file)
index 737c9b9..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 847ca2e..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 7ee4cbc..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
-
-imc-test {
-  command = allow
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index d3d574c..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index f0ad472..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 79f166d..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
-
-imc-test {
-  command = isolate
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index d3d574c..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 9eec484..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-       charondebug="tnc 3, imv 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=eap-ttls
-       leftfirewall=yes
-       rightauth=eap-ttls
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 2e277cc..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 2bc6bec..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
-
-imv-test {
-  rounds = 1
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index 0b5ff57..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-20/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-20/pretest.dat
deleted file mode 100644 (file)
index 208f9da..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-moon::ipsec start
-carol::ipsec start 
-dave::ipsec start 
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-20/test.conf b/testing/tests/ikev2/rw-eap-tnc-20/test.conf
deleted file mode 100644 (file)
index e28b825..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/description.txt b/testing/tests/ikev2/rw-eap-tnc-dynamic/description.txt
deleted file mode 100644 (file)
index 21e9bc6..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of TNC client <b>carol</b> via the <b>TNCCS 1.1 </b> client-server interface and of
-TNC client <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface. TNC server
-<b>moon</b> dynamically detects which version of the IF-TNCCS protocol is used.
-<p>
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
-respectively.
-</p>
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-dynamic/evaltest.dat
deleted file mode 100644 (file)
index 593ac45..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::TNCCS 1.1 protocol detected dynamically::YES
-moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 1::YES
-moon::cat /var/log/daemon.log::final recommendation is 'allow' and evaluation is 'compliant'::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::removed TNCCS Connection ID 1::YES
-moon::cat /var/log/daemon.log::TNCCS 2.0 protocol detected dynamically::YES
-moon::cat /var/log/daemon.log::assigned TNCCS Connection ID 2::YES
-moon::cat /var/log/daemon.log::final recommendation is 'isolate' and evaluation is 'non-compliant minor'::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::removed TNCCS Connection ID 2::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index c19192d..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 6a12318..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-1.1
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index f5da834..0000000
+++ /dev/null
@@ -1 +0,0 @@
-allow
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index d2fabe1..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"            /usr/local/lib/libdummyimc.so
-#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 7d5ea8b..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index b2aa280..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index 33945dc..0000000
+++ /dev/null
@@ -1 +0,0 @@
-isolate
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index d2fabe1..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Dummy"            /usr/local/lib/libdummyimc.so
-#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 50514c9..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-       charondebug="tls 2, tnc 3"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=eap-ttls
-       leftfirewall=yes
-       rightauth=eap-ttls
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 2e277cc..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index a1a4a47..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnccs-20 tnccs-dynamic tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-dynamic
-    }
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc/dummyimv.policy
deleted file mode 100644 (file)
index d00491f..0000000
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-dynamic/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index 140caa9..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Dummy"            /usr/local/lib/libdummyimv.so
-#IMV "HostScanner"     /usr/local/lib/libhostscannerimv.so
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-dynamic/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-dynamic/pretest.dat
deleted file mode 100644 (file)
index ce897d1..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::cat /etc/tnc/dummyimc.file
-dave::cat /etc/tnc/dummyimc.file
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf b/testing/tests/ikev2/rw-eap-tnc-dynamic/test.conf
deleted file mode 100644 (file)
index e28b825..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
diff --git a/testing/tests/tnc/tnccs-11-fhh/description.txt b/testing/tests/tnc/tnccs-11-fhh/description.txt
new file mode 100644 (file)
index 0000000..2b7545f
--- /dev/null
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+using EAP-TTLS authentication only with the gateway presenting a server certificate and
+the clients doing EAP-MD5 password-based authentication.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
+The Dummy IMC and IMV from the TNC@FHH project are used which communicate over a proprietary protocol.
+<p>
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
+clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
+respectively.
+
diff --git a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat
new file mode 100644 (file)
index 0000000..a027551
--- /dev/null
@@ -0,0 +1,19 @@
+carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
+dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
+dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
+moon::cat /var/log/daemon.log::added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
+moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ca55d84
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c12143c
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/dummyimc.file
new file mode 100644 (file)
index 0000000..f5da834
--- /dev/null
@@ -0,0 +1 @@
+allow
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc/log4cxx.properties
new file mode 100644 (file)
index 0000000..b1c6941
--- /dev/null
@@ -0,0 +1,15 @@
+# Set root logger level to DEBUG and its appenders to A1 and A2.
+log4j.rootLogger=DEBUG, A1, A2
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
+
+# A2 is set to be a SyslogAppender
+log4j.appender.A2=org.apache.log4j.net.SyslogAppender
+log4j.appender.A2.Facility=DAEMON
+log4j.appender.A2.SyslogHost=localhost
+log4j.appender.A2.Threshold=DEBUG
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-fhh/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..d2fabe1
--- /dev/null
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Dummy"            /usr/local/lib/libdummyimc.so
+#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..93807bb
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..5496df7
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c12143c
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/dummyimc.file
new file mode 100644 (file)
index 0000000..c20b5e5
--- /dev/null
@@ -0,0 +1 @@
+isolate
\ No newline at end of file
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc/log4cxx.properties
new file mode 100644 (file)
index 0000000..b1c6941
--- /dev/null
@@ -0,0 +1,15 @@
+# Set root logger level to DEBUG and its appenders to A1 and A2.
+log4j.rootLogger=DEBUG, A1, A2
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=--[IMC] %m%n
+
+# A2 is set to be a SyslogAppender
+log4j.appender.A2=org.apache.log4j.net.SyslogAppender
+log4j.appender.A2.Facility=DAEMON
+log4j.appender.A2.SyslogHost=localhost
+log4j.appender.A2.Threshold=DEBUG
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=--[IMC] %m%n
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-fhh/hosts/dave/etc/tnc_config
new file mode 100644 (file)
index 0000000..d2fabe1
--- /dev/null
@@ -0,0 +1,4 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Dummy"            /usr/local/lib/libdummyimc.so
+#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..32c3357
--- /dev/null
@@ -0,0 +1,36 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+       charondebug="tnc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw-allow
+       rightgroups=allow
+       leftsubnet=10.1.0.0/28
+       also=rw-eap
+       auto=add
+
+conn rw-isolate
+       rightgroups=isolate
+       leftsubnet=10.1.0.16/28
+       also=rw-eap
+       auto=add
+
+conn rw-eap
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftauth=eap-ttls
+       leftfirewall=yes
+       rightauth=eap-ttls
+       rightid=*@strongswan.org
+       rightsendcert=never
+       right=%any
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..2e277cc
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : EAP "Ar3etTnp"
+dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f8700d3
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown
+  multiple_authentication=no
+  plugins {
+    eap-ttls {
+      phase2_method = md5
+      phase2_piggyback = yes
+      phase2_tnc = yes
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/dummyimv.policy b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/dummyimv.policy
new file mode 100644 (file)
index 0000000..d00491f
--- /dev/null
@@ -0,0 +1 @@
+1
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/hostscannerimv.policy b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/hostscannerimv.policy
new file mode 100644 (file)
index 0000000..d8215dd
--- /dev/null
@@ -0,0 +1,40 @@
+#FTP - File Transfer Protocol
+TCP 20 = whatever
+TCP 21 = close
+
+#SSH - Secure Shell
+TCP 22 = whatever
+
+#Telnet
+TCP 23 = close
+
+#E-Mail
+#
+#SMTP - Simple Mail Transfer Protocol
+TCP  25 = close
+TCP 587 = close
+#POP3 - Post Office Protocol version 3
+TCP 110 = close
+TCP 995 = close
+
+#DNS - Domain Name System
+UDP 53 = close
+TCP 53 = close
+
+#BOOTP/DHCP - Bootstrap Protocol /
+#Dynamic Host Configuration Protocol 
+UDP 67 = close
+#UDP 68 = open
+UDP 68 = whatever
+
+#www - World Wide Web
+#HTTP - Hypertext Transfer Protocol
+TCP  80 = close
+#HTTPS - Hypertext Transfer Protocol Secure
+TCP 443 = close
+
+#examples
+TCP 8080 = close
+TCP 5223 = whatever
+UDP 4444 = close
+UDP  631 = whatever
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc/log4cxx.properties
new file mode 100644 (file)
index 0000000..122d798
--- /dev/null
@@ -0,0 +1,15 @@
+# Set root logger level to DEBUG and its appenders to A1 and A2.
+log4j.rootLogger=DEBUG, A1, A2
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=--[IMV] %m%n
+
+# A2 is set to be a SyslogAppender
+log4j.appender.A2=org.apache.log4j.net.SyslogAppender
+log4j.appender.A2.Facility=DAEMON
+log4j.appender.A2.SyslogHost=localhost
+log4j.appender.A2.Threshold=DEBUG
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=--[IMV] %m%n
diff --git a/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-11-fhh/hosts/moon/etc/tnc_config
new file mode 100644 (file)
index 0000000..140caa9
--- /dev/null
@@ -0,0 +1,4 @@
+#IMV configuration file for strongSwan server 
+
+IMV "Dummy"            /usr/local/lib/libdummyimv.so
+#IMV "HostScanner"     /usr/local/lib/libhostscannerimv.so
diff --git a/testing/tests/tnc/tnccs-11-fhh/posttest.dat b/testing/tests/tnc/tnccs-11-fhh/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11-fhh/pretest.dat b/testing/tests/tnc/tnccs-11-fhh/pretest.dat
new file mode 100644 (file)
index 0000000..c7a30ee
--- /dev/null
@@ -0,0 +1,15 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::cat /etc/tnc_config
+carol::cat /etc/tnc_config
+dave::cat /etc/tnc_config
+carol::cat /etc/tnc/dummyimc.file
+dave::cat /etc/tnc/dummyimc.file
+moon::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
+carol::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
+dave::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/tnc/tnccs-11-fhh/test.conf b/testing/tests/tnc/tnccs-11-fhh/test.conf
new file mode 100644 (file)
index 0000000..e28b825
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# UML instances on which FreeRadius is started
+#
+RADIUSHOSTS=
+
diff --git a/testing/tests/tnc/tnccs-11-radius-block/description.txt b/testing/tests/tnc/tnccs-11-radius-block/description.txt
new file mode 100644 (file)
index 0000000..1064064
--- /dev/null
@@ -0,0 +1,13 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the clients by sending an IKEv2
+<b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to
+the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
+The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
+The IMC and IMV communicate using the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+<p>
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements <b>carol</b>
+is authenticated successfully and is granted access to the subnet behind <b>moon</b> whereas 
+<b>dave</b> fails the layered EAP authentication and is rejected.
diff --git a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat
new file mode 100644 (file)
index 0000000..517ea9a
--- /dev/null
@@ -0,0 +1,14 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES
+dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES
+dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES         
+moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES
+moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf
new file mode 100644 (file)
index 0000000..f4e179a
--- /dev/null
@@ -0,0 +1,4 @@
+client PH_IP_MOON1 {
+  secret    = gv6URkSs 
+  shortname = moon
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary
new file mode 100644 (file)
index 0000000..1a27a02
--- /dev/null
@@ -0,0 +1,2 @@
+$INCLUDE       /usr/share/freeradius/dictionary
+$INCLUDE       /etc/raddb/dictionary.tnc
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc
new file mode 100644 (file)
index 0000000..f295467
--- /dev/null
@@ -0,0 +1,5 @@
+ATTRIBUTE      TNC-Status      3001    integer
+
+VALUE  TNC-Status      Access  0 
+VALUE  TNC-Status      Isolate 1
+VALUE  TNC-Status      None    2
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/eap.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/eap.conf
new file mode 100644 (file)
index 0000000..3155636
--- /dev/null
@@ -0,0 +1,25 @@
+eap {
+  md5 {
+  }
+  default_eap_type = ttls
+  tls {
+    private_key_file = /etc/raddb/certs/aaaKey.pem
+    certificate_file = /etc/raddb/certs/aaaCert.pem
+    CA_file = /etc/raddb/certs/strongswanCert.pem
+    cipher_list = "DEFAULT"
+    dh_file = /etc/raddb/certs/dh
+    random_file = /etc/raddb/certs/random
+  }
+  ttls {
+    default_eap_type = md5
+    use_tunneled_reply = yes
+    virtual_server = "inner-tunnel"
+    tnc_virtual_server = "inner-tunnel-second"
+  }
+}
+
+eap eap_tnc {
+      default_eap_type = tnc
+      tnc {
+      }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/proxy.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/proxy.conf
new file mode 100644 (file)
index 0000000..23cba8d
--- /dev/null
@@ -0,0 +1,5 @@
+realm strongswan.org {
+  type     = radius
+  authhost = LOCAL
+  accthost = LOCAL
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf
new file mode 100644 (file)
index 0000000..1143a04
--- /dev/null
@@ -0,0 +1,120 @@
+# radiusd.conf -- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = ${prefix}
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = ${localstatedir}/log/radius
+raddbdir = ${sysconfdir}/raddb
+radacctdir = ${logdir}/radacct
+
+#  name of the running server.  See also the "-n" command-line option.
+name = radiusd
+
+#  Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run/radiusd
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+#  pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+#  max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+#  cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+#  max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+#  listen: Make the server listen on a particular IP address, and send
+listen {
+  type = auth
+  ipaddr = PH_IP_ALICE 
+  port = 0
+}
+
+#  This second "listen" section is for listening on the accounting
+#  port, too.
+#
+listen {
+  type  = acct
+  ipaddr = PH_IP_ALICE 
+  port = 0
+}
+
+#  hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+#  Core dumps are a bad thing.  This should only be set to 'yes'
+allow_core_dumps = no
+
+#  Regular expressions
+regular_expressions = yes
+extended_expressions = yes
+
+#  Logging section.  The various "log_*" configuration items
+log {
+  destination = files
+  file = ${logdir}/radius.log
+  syslog_facility = daemon
+  stripped_names = no
+  auth = yes 
+  auth_badpass = yes 
+  auth_goodpass = yes 
+}
+
+#  The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+#  Security considerations
+security {
+  max_attributes = 200
+  reject_delay = 1
+  status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+  start_servers = 5
+  max_servers = 32
+  min_spare_servers = 3
+  max_spare_servers = 10
+  max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+modules {
+  $INCLUDE ${confdir}/modules/
+  $INCLUDE eap.conf
+  $INCLUDE sql.conf
+  $INCLUDE sql/mysql/counter.conf
+}
+
+# Instantiation
+instantiate {
+  exec
+  expr
+  expiration
+  logintime
+}
+
+# Policies
+$INCLUDE policy.conf
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default
new file mode 100644 (file)
index 0000000..802fcfd
--- /dev/null
@@ -0,0 +1,44 @@
+authorize {
+  suffix
+  eap {
+    ok = return
+  }
+  files
+}
+
+authenticate {
+  eap
+}
+
+preacct {
+  preprocess
+  acct_unique
+  suffix
+  files
+}
+
+accounting {
+  detail
+  unix
+  radutmp
+  attr_filter.accounting_response
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  exec
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
+
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel
new file mode 100644 (file)
index 0000000..e088fae
--- /dev/null
@@ -0,0 +1,32 @@
+server inner-tunnel {
+
+authorize {
+       suffix
+       eap {
+               ok = return
+       }
+       files
+}
+
+authenticate {
+       eap
+}
+
+session {
+       radutmp
+}
+
+post-auth {
+       Post-Auth-Type REJECT {
+               attr_filter.access_reject
+       }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+       eap
+}
+
+} # inner-tunnel server block
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
new file mode 100644 (file)
index 0000000..2d49612
--- /dev/null
@@ -0,0 +1,23 @@
+server inner-tunnel-second {
+
+authorize {
+       eap_tnc {
+               ok = return
+       }
+}
+
+authenticate {
+       eap_tnc
+}
+
+session {
+       radutmp
+}
+
+post-auth {
+       Post-Auth-Type REJECT {
+               attr_filter.access_reject
+       }
+}
+
+} # inner-tunnel-second block
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/users b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/users
new file mode 100644 (file)
index 0000000..50ccf3e
--- /dev/null
@@ -0,0 +1,2 @@
+carol  Cleartext-Password := "Ar3etTnp"
+dave   Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..62bcbff
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+libimcv {
+  debug_level = 3 
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc/log4cxx.properties
new file mode 100644 (file)
index 0000000..2bdc6e4
--- /dev/null
@@ -0,0 +1,15 @@
+# Set root logger level to DEBUG and its appenders to A1 and A2.
+log4j.rootLogger=DEBUG, A1, A2
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n
+
+# A2 is set to be a SyslogAppender
+log4j.appender.A2=org.apache.log4j.net.SyslogAppender
+log4j.appender.A2.Facility=DAEMON
+log4j.appender.A2.SyslogHost=localhost
+log4j.appender.A2.Threshold=DEBUG
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/tnc_config
new file mode 100644 (file)
index 0000000..5028bc8
--- /dev/null
@@ -0,0 +1,3 @@
+#IMV configuration file for strongSwan client 
+
+IMV "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..a639b04
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       rightauth=pubkey
+       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f6dc2dc
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = allow
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-block/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..a39922d
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..5da78b4
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       rightauth=pubkey
+       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..5496df7
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c12143c
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius-block/hosts/dave/etc/tnc_config
new file mode 100644 (file)
index 0000000..a39922d
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/init.d/iptables b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/init.d/iptables
new file mode 100755 (executable)
index 0000000..56587b2
--- /dev/null
@@ -0,0 +1,84 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+       before net
+       need logger
+}
+
+start() {
+       ebegin "Starting firewall"
+
+       # enable IP forwarding
+       echo 1 > /proc/sys/net/ipv4/ip_forward
+       
+       # default policy is DROP
+       /sbin/iptables -P INPUT DROP
+       /sbin/iptables -P OUTPUT DROP
+       /sbin/iptables -P FORWARD DROP
+
+       # allow esp
+       iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+       # allow IKE
+       iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+       # allow MobIKE
+       iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+       # allow crl fetch from winnetou
+       iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+       # allow RADIUS protocol with alice
+       iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+       iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+       # allow ssh
+       iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+       iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+       eend $?
+}
+
+stop() {
+       ebegin "Stopping firewall"
+               for a in `cat /proc/net/ip_tables_names`; do
+                       /sbin/iptables -F -t $a
+                       /sbin/iptables -X -t $a
+       
+                       if [ $a == nat ]; then
+                               /sbin/iptables -t nat -P PREROUTING ACCEPT
+                               /sbin/iptables -t nat -P POSTROUTING ACCEPT
+                               /sbin/iptables -t nat -P OUTPUT ACCEPT
+                       elif [ $a == mangle ]; then
+                               /sbin/iptables -t mangle -P PREROUTING ACCEPT
+                               /sbin/iptables -t mangle -P INPUT ACCEPT
+                               /sbin/iptables -t mangle -P FORWARD ACCEPT
+                               /sbin/iptables -t mangle -P OUTPUT ACCEPT
+                               /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+                       elif [ $a == filter ]; then
+                               /sbin/iptables -t filter -P INPUT ACCEPT
+                               /sbin/iptables -t filter -P FORWARD ACCEPT
+                               /sbin/iptables -t filter -P OUTPUT ACCEPT
+                       fi
+               done
+       eend $?
+}
+
+reload() {
+       ebegin "Flushing firewall"
+               for a in `cat /proc/net/ip_tables_names`; do
+                       /sbin/iptables -F -t $a
+                       /sbin/iptables -X -t $a
+               done;
+        eend $?
+       start
+}
+
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..fc8f846
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw-eap
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftauth=pubkey
+       leftfirewall=yes
+       rightauth=eap-radius
+       rightid=*@strongswan.org
+       rightsendcert=never
+       right=%any
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e86d6aa
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..4d2d305
--- /dev/null
@@ -0,0 +1,12 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
+  multiple_authentication=no
+  plugins {
+    eap-radius {
+      secret = gv6URkSs 
+      server = PH_IP_ALICE
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat
new file mode 100644 (file)
index 0000000..86bd89d
--- /dev/null
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+alice::killall radiusd
+alice::rm /etc/raddb/sites-enabled/inner-tunnel-second
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat
new file mode 100644 (file)
index 0000000..49cc2e2
--- /dev/null
@@ -0,0 +1,13 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second
+alice::cat /etc/raddb/sites-enabled/inner-tunnel-second
+alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd
+moon::ipsec start
+carol::LEAK_DETECTIVE_DISABLE=1 ipsec start
+dave::LEAK_DETECTIVE_DISABLE=1 ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/tnc/tnccs-11-radius-block/test.conf b/testing/tests/tnc/tnccs-11-radius-block/test.conf
new file mode 100644 (file)
index 0000000..bb6b686
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# UML instances on which FreeRadius is started
+#
+RADIUSHOSTS="alice"
+
diff --git a/testing/tests/tnc/tnccs-11-radius/description.txt b/testing/tests/tnc/tnccs-11-radius/description.txt
new file mode 100644 (file)
index 0000000..2d66d3e
--- /dev/null
@@ -0,0 +1,12 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the clients by sending an IKEv2
+<b>RSA signature</b> accompanied by a certificate.
+<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to
+the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
+The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
+The IMC and IMV communicate using the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+<p>
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the clients
+are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
diff --git a/testing/tests/tnc/tnccs-11-radius/evaltest.dat b/testing/tests/tnc/tnccs-11-radius/evaltest.dat
new file mode 100644 (file)
index 0000000..d0ea22b
--- /dev/null
@@ -0,0 +1,19 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
+dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
+dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
+dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
+moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES            
+moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
+moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
+moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf
new file mode 100644 (file)
index 0000000..f4e179a
--- /dev/null
@@ -0,0 +1,4 @@
+client PH_IP_MOON1 {
+  secret    = gv6URkSs 
+  shortname = moon
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary
new file mode 100644 (file)
index 0000000..1a27a02
--- /dev/null
@@ -0,0 +1,2 @@
+$INCLUDE       /usr/share/freeradius/dictionary
+$INCLUDE       /etc/raddb/dictionary.tnc
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc
new file mode 100644 (file)
index 0000000..f295467
--- /dev/null
@@ -0,0 +1,5 @@
+ATTRIBUTE      TNC-Status      3001    integer
+
+VALUE  TNC-Status      Access  0 
+VALUE  TNC-Status      Isolate 1
+VALUE  TNC-Status      None    2
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/eap.conf
new file mode 100644 (file)
index 0000000..3155636
--- /dev/null
@@ -0,0 +1,25 @@
+eap {
+  md5 {
+  }
+  default_eap_type = ttls
+  tls {
+    private_key_file = /etc/raddb/certs/aaaKey.pem
+    certificate_file = /etc/raddb/certs/aaaCert.pem
+    CA_file = /etc/raddb/certs/strongswanCert.pem
+    cipher_list = "DEFAULT"
+    dh_file = /etc/raddb/certs/dh
+    random_file = /etc/raddb/certs/random
+  }
+  ttls {
+    default_eap_type = md5
+    use_tunneled_reply = yes
+    virtual_server = "inner-tunnel"
+    tnc_virtual_server = "inner-tunnel-second"
+  }
+}
+
+eap eap_tnc {
+      default_eap_type = tnc
+      tnc {
+      }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/proxy.conf
new file mode 100644 (file)
index 0000000..23cba8d
--- /dev/null
@@ -0,0 +1,5 @@
+realm strongswan.org {
+  type     = radius
+  authhost = LOCAL
+  accthost = LOCAL
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf
new file mode 100644 (file)
index 0000000..1143a04
--- /dev/null
@@ -0,0 +1,120 @@
+# radiusd.conf -- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = ${prefix}
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = ${localstatedir}/log/radius
+raddbdir = ${sysconfdir}/raddb
+radacctdir = ${logdir}/radacct
+
+#  name of the running server.  See also the "-n" command-line option.
+name = radiusd
+
+#  Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run/radiusd
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+#  pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+#  max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+#  cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+#  max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+#  listen: Make the server listen on a particular IP address, and send
+listen {
+  type = auth
+  ipaddr = PH_IP_ALICE 
+  port = 0
+}
+
+#  This second "listen" section is for listening on the accounting
+#  port, too.
+#
+listen {
+  type  = acct
+  ipaddr = PH_IP_ALICE 
+  port = 0
+}
+
+#  hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+#  Core dumps are a bad thing.  This should only be set to 'yes'
+allow_core_dumps = no
+
+#  Regular expressions
+regular_expressions = yes
+extended_expressions = yes
+
+#  Logging section.  The various "log_*" configuration items
+log {
+  destination = files
+  file = ${logdir}/radius.log
+  syslog_facility = daemon
+  stripped_names = no
+  auth = yes 
+  auth_badpass = yes 
+  auth_goodpass = yes 
+}
+
+#  The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+#  Security considerations
+security {
+  max_attributes = 200
+  reject_delay = 1
+  status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+  start_servers = 5
+  max_servers = 32
+  min_spare_servers = 3
+  max_spare_servers = 10
+  max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+modules {
+  $INCLUDE ${confdir}/modules/
+  $INCLUDE eap.conf
+  $INCLUDE sql.conf
+  $INCLUDE sql/mysql/counter.conf
+}
+
+# Instantiation
+instantiate {
+  exec
+  expr
+  expiration
+  logintime
+}
+
+# Policies
+$INCLUDE policy.conf
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default
new file mode 100644 (file)
index 0000000..802fcfd
--- /dev/null
@@ -0,0 +1,44 @@
+authorize {
+  suffix
+  eap {
+    ok = return
+  }
+  files
+}
+
+authenticate {
+  eap
+}
+
+preacct {
+  preprocess
+  acct_unique
+  suffix
+  files
+}
+
+accounting {
+  detail
+  unix
+  radutmp
+  attr_filter.accounting_response
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  exec
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
+
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel
new file mode 100644 (file)
index 0000000..e088fae
--- /dev/null
@@ -0,0 +1,32 @@
+server inner-tunnel {
+
+authorize {
+       suffix
+       eap {
+               ok = return
+       }
+       files
+}
+
+authenticate {
+       eap
+}
+
+session {
+       radutmp
+}
+
+post-auth {
+       Post-Auth-Type REJECT {
+               attr_filter.access_reject
+       }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+       eap
+}
+
+} # inner-tunnel server block
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second
new file mode 100644 (file)
index 0000000..f91bccc
--- /dev/null
@@ -0,0 +1,36 @@
+server inner-tunnel-second {
+
+authorize {
+       eap_tnc {
+               ok = return
+       }
+}
+
+authenticate {
+       eap_tnc
+}
+
+session {
+       radutmp
+}
+
+post-auth {
+       if (control:TNC-Status == "Access") {
+               update reply {
+                       Tunnel-Type := ESP 
+                       Filter-Id := "allow"
+               }
+       }
+       elsif (control:TNC-Status == "Isolate") {
+               update reply {
+                       Tunnel-Type := ESP 
+                       Filter-Id := "isolate"  
+               }
+       }
+
+       Post-Auth-Type REJECT {
+               attr_filter.access_reject
+       }
+}
+
+} # inner-tunnel-second block
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/users b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/users
new file mode 100644 (file)
index 0000000..50ccf3e
--- /dev/null
@@ -0,0 +1,2 @@
+carol  Cleartext-Password := "Ar3etTnp"
+dave   Cleartext-Password := "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..323bc37
--- /dev/null
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+libimcv {
+  debug_level = 3 
+  plugins {
+    imv-test {
+      rounds = 1 
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc/log4cxx.properties
new file mode 100644 (file)
index 0000000..2bdc6e4
--- /dev/null
@@ -0,0 +1,15 @@
+# Set root logger level to DEBUG and its appenders to A1 and A2.
+log4j.rootLogger=DEBUG, A1, A2
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n
+
+# A2 is set to be a SyslogAppender
+log4j.appender.A2=org.apache.log4j.net.SyslogAppender
+log4j.appender.A2.Facility=DAEMON
+log4j.appender.A2.SyslogHost=localhost
+log4j.appender.A2.Threshold=DEBUG
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/tnc_config
new file mode 100644 (file)
index 0000000..1bd0757
--- /dev/null
@@ -0,0 +1,3 @@
+#IMV configuration file for TNC@FHH-TNC-Server
+
+IMV "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..a639b04
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       rightauth=pubkey
+       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f6dc2dc
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = allow
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..a39922d
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..5da78b4
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       rightauth=pubkey
+       aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..5496df7
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0a132ca
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = isolate
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11-radius/hosts/dave/etc/tnc_config
new file mode 100644 (file)
index 0000000..a39922d
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/init.d/iptables b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/init.d/iptables
new file mode 100755 (executable)
index 0000000..56587b2
--- /dev/null
@@ -0,0 +1,84 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+       before net
+       need logger
+}
+
+start() {
+       ebegin "Starting firewall"
+
+       # enable IP forwarding
+       echo 1 > /proc/sys/net/ipv4/ip_forward
+       
+       # default policy is DROP
+       /sbin/iptables -P INPUT DROP
+       /sbin/iptables -P OUTPUT DROP
+       /sbin/iptables -P FORWARD DROP
+
+       # allow esp
+       iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+       # allow IKE
+       iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+       # allow MobIKE
+       iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+       # allow crl fetch from winnetou
+       iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+       iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+       # allow RADIUS protocol with alice
+       iptables -A INPUT  -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT
+       iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT
+
+       # allow ssh
+       iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+       iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+       eend $?
+}
+
+stop() {
+       ebegin "Stopping firewall"
+               for a in `cat /proc/net/ip_tables_names`; do
+                       /sbin/iptables -F -t $a
+                       /sbin/iptables -X -t $a
+       
+                       if [ $a == nat ]; then
+                               /sbin/iptables -t nat -P PREROUTING ACCEPT
+                               /sbin/iptables -t nat -P POSTROUTING ACCEPT
+                               /sbin/iptables -t nat -P OUTPUT ACCEPT
+                       elif [ $a == mangle ]; then
+                               /sbin/iptables -t mangle -P PREROUTING ACCEPT
+                               /sbin/iptables -t mangle -P INPUT ACCEPT
+                               /sbin/iptables -t mangle -P FORWARD ACCEPT
+                               /sbin/iptables -t mangle -P OUTPUT ACCEPT
+                               /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+                       elif [ $a == filter ]; then
+                               /sbin/iptables -t filter -P INPUT ACCEPT
+                               /sbin/iptables -t filter -P FORWARD ACCEPT
+                               /sbin/iptables -t filter -P OUTPUT ACCEPT
+                       fi
+               done
+       eend $?
+}
+
+reload() {
+       ebegin "Flushing firewall"
+               for a in `cat /proc/net/ip_tables_names`; do
+                       /sbin/iptables -F -t $a
+                       /sbin/iptables -X -t $a
+               done;
+        eend $?
+       start
+}
+
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..33dcdcf
--- /dev/null
@@ -0,0 +1,35 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw-allow
+       rightgroups=allow
+       leftsubnet=10.1.0.0/28
+       also=rw-eap
+       auto=add
+
+conn rw-isolate
+       rightgroups=isolate
+       leftsubnet=10.1.0.16/28
+       also=rw-eap
+       auto=add
+
+conn rw-eap
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftauth=pubkey
+       leftfirewall=yes
+       rightauth=eap-radius
+       rightid=*@strongswan.org
+       rightsendcert=never
+       right=%any
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e86d6aa
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11-radius/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f4e456b
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown
+  multiple_authentication=no
+  plugins {
+    eap-radius {
+      secret = gv6URkSs 
+      server = PH_IP_ALICE
+      filter_id = yes
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11-radius/posttest.dat b/testing/tests/tnc/tnccs-11-radius/posttest.dat
new file mode 100644 (file)
index 0000000..86bd89d
--- /dev/null
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+alice::killall radiusd
+alice::rm /etc/raddb/sites-enabled/inner-tunnel-second
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat
new file mode 100644 (file)
index 0000000..b5d2842
--- /dev/null
@@ -0,0 +1,16 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second
+alice::cat /etc/raddb/sites-enabled/inner-tunnel-second
+alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd
+alice::cat /etc/tnc_config
+carol::cat /etc/tnc_config
+dave::cat /etc/tnc_config
+moon::ipsec start
+carol::LEAK_DETECTIVE_DISABLE=1 ipsec start
+dave::LEAK_DETECTIVE_DISABLE=1 ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/tnc/tnccs-11-radius/test.conf b/testing/tests/tnc/tnccs-11-radius/test.conf
new file mode 100644 (file)
index 0000000..2a52df2
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# UML instances on which FreeRadius is started
+#
+RADIUSHOSTS="alice"
+
diff --git a/testing/tests/tnc/tnccs-11/description.txt b/testing/tests/tnc/tnccs-11/description.txt
new file mode 100644 (file)
index 0000000..d6a3ba2
--- /dev/null
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+using EAP-TTLS authentication only with the gateway presenting a server certificate and
+the clients doing EAP-MD5 password-based authentication.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
+The IMC and IMV communicate using the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+<p>
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
+clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
+respectively.
+
diff --git a/testing/tests/tnc/tnccs-11/evaltest.dat b/testing/tests/tnc/tnccs-11/evaltest.dat
new file mode 100644 (file)
index 0000000..a027551
--- /dev/null
@@ -0,0 +1,19 @@
+carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
+dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES
+dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
+moon::cat /var/log/daemon.log::added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
+moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+
diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..105fcbe
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f6dc2dc
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = allow
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-11/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..a39922d
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..97f322c
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..5496df7
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0a132ca
--- /dev/null
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
+  multiple_authentication=no
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = isolate
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-11/hosts/dave/etc/tnc_config
new file mode 100644 (file)
index 0000000..a39922d
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..997db0d
--- /dev/null
@@ -0,0 +1,36 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+       charondebug="tnc 3, imv 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw-allow
+       rightgroups=allow
+       leftsubnet=10.1.0.0/28
+       also=rw-eap
+       auto=add
+
+conn rw-isolate
+       rightgroups=isolate
+       leftsubnet=10.1.0.16/28
+       also=rw-eap
+       auto=add
+
+conn rw-eap
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftauth=eap-ttls
+       leftfirewall=yes
+       rightauth=eap-ttls
+       rightid=*@strongswan.org
+       rightsendcert=never
+       right=%any
diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-11/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..2e277cc
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : EAP "Ar3etTnp"
+dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..4565c2d
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown
+  multiple_authentication=no
+  plugins {
+    eap-ttls {
+      phase2_method = md5
+      phase2_piggyback = yes
+      phase2_tnc = yes
+    }
+  }
+}
+
+libimcv {
+  plugins {
+    imv-test {
+      rounds = 1
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-11/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-11/hosts/moon/etc/tnc_config
new file mode 100644 (file)
index 0000000..5028bc8
--- /dev/null
@@ -0,0 +1,3 @@
+#IMV configuration file for strongSwan client 
+
+IMV "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
diff --git a/testing/tests/tnc/tnccs-11/posttest.dat b/testing/tests/tnc/tnccs-11/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-11/pretest.dat b/testing/tests/tnc/tnccs-11/pretest.dat
new file mode 100644 (file)
index 0000000..dd729cb
--- /dev/null
@@ -0,0 +1,13 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::cat /etc/tnc_config
+carol::cat /etc/tnc_config
+dave::cat /etc/tnc_config
+moon::LEAK_DETECTIVE_DISABLE=1 ipsec start
+carol::LEAK_DETECTIVE_DISABLE=1 ipsec start
+dave::LEAK_DETECTIVE_DISABLE=1 ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/tnc/tnccs-11/test.conf b/testing/tests/tnc/tnccs-11/test.conf
new file mode 100644 (file)
index 0000000..e28b825
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# UML instances on which FreeRadius is started
+#
+RADIUSHOSTS=
+
diff --git a/testing/tests/tnc/tnccs-20-block/description.txt b/testing/tests/tnc/tnccs-20-block/description.txt
new file mode 100644 (file)
index 0000000..d240d57
--- /dev/null
@@ -0,0 +1,12 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+using EAP-TTLS authentication only with the gateway presenting a server certificate and
+the clients doing EAP-MD5 password-based authentication.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b> client-server interface
+compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate using the <b>IF-M</b>
+protocol defined by <b>RFC 5792 PA-TNC</b>.
+<p>
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements
+<b>carol</b> is authenticated successfully and is granted access to the subnet behind
+<b>moon</b> whereas <b>dave</b> fails the layered EAP authentication and is rejected.
+</p>
diff --git a/testing/tests/tnc/tnccs-20-block/evaltest.dat b/testing/tests/tnc/tnccs-20-block/evaltest.dat
new file mode 100644 (file)
index 0000000..f1753c2
--- /dev/null
@@ -0,0 +1,12 @@
+carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES
+dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Denied'::YES
+dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
+dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
+moon::cat /var/log/daemon.log::added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES 
+moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..105fcbe
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 3"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c25ff96
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
+  multiple_authentication=no
+  plugins {
+    eap-tnc {
+      protocol = tnccs-2.0
+    }
+    tnc-imc {
+      preferred_language = de, en
+    }
+  }
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = allow
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..a39922d