ikev2/rw-eap-tnc-11-radius scenario now uses a PA-TNC IMC/IMV pair
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 2 Jun 2011 10:36:27 +0000 (12:36 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 2 Jun 2011 10:36:27 +0000 (12:36 +0200)
13 files changed:
testing/tests/ikev2/rw-eap-tnc-11-radius/description.txt
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/strongswan.conf
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc/log4cxx.properties [new file with mode: 0644]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc_config
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/strongswan.conf
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc_config
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/strongswan.conf
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc/dummyimc.file [deleted file]
testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc_config
testing/tests/ikev2/rw-eap-tnc-11-radius/pretest.dat

index 7eebd3d..69ed160 100644 (file)
@@ -6,5 +6,6 @@ the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate.
 The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>.
 In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
 health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface.
-<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
-clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
+<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements exchanged
+via the <b>IF-M</b> (RFC 5792 PA-TNC) protocol, the clients are connected by gateway <b>moon</b>
+to the "rw-allow" and "rw-isolate" subnets, respectively.
index e79fe2c..323bc37 100644 (file)
@@ -1 +1,10 @@
 # /etc/strongswan.conf - strongSwan configuration file
+
+libimcv {
+  debug_level = 3 
+  plugins {
+    imv-test {
+      rounds = 1 
+    }
+  }
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc/log4cxx.properties b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/alice/etc/tnc/log4cxx.properties
new file mode 100644 (file)
index 0000000..2bdc6e4
--- /dev/null
@@ -0,0 +1,15 @@
+# Set root logger level to DEBUG and its appenders to A1 and A2.
+log4j.rootLogger=DEBUG, A1, A2
+
+# A1 is set to be a ConsoleAppender.
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=[FHH] %m%n
+
+# A2 is set to be a SyslogAppender
+log4j.appender.A2=org.apache.log4j.net.SyslogAppender
+log4j.appender.A2.Facility=DAEMON
+log4j.appender.A2.SyslogHost=localhost
+log4j.appender.A2.Threshold=DEBUG
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=[FHH] %m%n
index a9509a7..1bd0757 100644 (file)
@@ -1,3 +1,3 @@
 #IMV configuration file for TNC@FHH-TNC-Server
 
-IMV "Dummy" /usr/local/lib/libdummyimv.so.0.7.0
+IMV "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
index f9a508a..a639b04 100755 (executable)
@@ -2,7 +2,7 @@
 
 config setup
        plutostart=no
-       charondebug="tnc 3"
+       charondebug="tnc 3, imc 3"
 
 conn %default
        ikelifetime=60m
index c12143c..f6dc2dc 100644 (file)
@@ -4,3 +4,11 @@ charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
   multiple_authentication=no
 }
+
+libimcv {
+  plugins {
+    imc-test {
+      command = allow
+    }
+  }
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/carol/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index f5da834..0000000
+++ /dev/null
@@ -1 +0,0 @@
-allow
index a5a9a68..a39922d 100644 (file)
@@ -1,3 +1,3 @@
 #IMC configuration file for strongSwan client 
 
-IMC "Dummy" /usr/local/lib/libdummyimc.so
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
index 74e0d1a..5da78b4 100755 (executable)
@@ -2,7 +2,7 @@
 
 config setup
        plutostart=no
-       charondebug="tnc 3"
+       charondebug="tnc 3, imc 3"
 
 conn %default
        ikelifetime=60m
index c12143c..0a132ca 100644 (file)
@@ -4,3 +4,11 @@ charon {
   load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown
   multiple_authentication=no
 }
+
+libimcv {
+  plugins {
+    imc-test {
+      command = isolate
+    }
+  }
+}
diff --git a/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-11-radius/hosts/dave/etc/tnc/dummyimc.file
deleted file mode 100644 (file)
index c20b5e5..0000000
+++ /dev/null
@@ -1 +0,0 @@
-isolate
\ No newline at end of file
index a5a9a68..a39922d 100644 (file)
@@ -1,3 +1,3 @@
 #IMC configuration file for strongSwan client 
 
-IMC "Dummy" /usr/local/lib/libdummyimc.so
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
index 56136f0..b663661 100644 (file)
@@ -3,7 +3,7 @@ carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
 alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second
 alice::cat /etc/raddb/sites-enabled/inner-tunnel-second
-alice::LEAK_DETECTIVE_DISABLE=1 radiusd
+alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd
 alice::cat /etc/tnc_config
 carol::cat /etc/tnc_config
 dave::cat /etc/tnc_config