Adapt test configurations
authorReto Buerki <reet@codelabs.ch>
Mon, 19 Nov 2012 16:30:58 +0000 (17:30 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 17 Jan 2013 14:22:07 +0000 (15:22 +0100)
Adapt test configurations to the new Debian-based system.

457 files changed:
testing/tests/af-alg/alg-camellia/evaltest.dat
testing/tests/af-alg/rw-cert/evaltest.dat
testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat
testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat
testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat
testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat
testing/tests/ha/both-active/evaltest.dat
testing/tests/ha/both-active/posttest.dat
testing/tests/ha/both-active/pretest.dat
testing/tests/ike/rw-cert/evaltest.dat
testing/tests/ike/rw_v1-net_v2/evaltest.dat
testing/tests/ikev1/alg-3des-md5/evaltest.dat
testing/tests/ikev1/alg-blowfish/evaltest.dat
testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
testing/tests/ikev1/alg-sha256/evaltest.dat
testing/tests/ikev1/alg-sha384/evaltest.dat
testing/tests/ikev1/alg-sha512/evaltest.dat
testing/tests/ikev1/config-payload/evaltest.dat
testing/tests/ikev1/double-nat-net/evaltest.dat
testing/tests/ikev1/double-nat/evaltest.dat
testing/tests/ikev1/dynamic-initiator/evaltest.dat
testing/tests/ikev1/dynamic-initiator/posttest.dat
testing/tests/ikev1/dynamic-initiator/pretest.dat
testing/tests/ikev1/dynamic-responder/evaltest.dat
testing/tests/ikev1/dynamic-responder/posttest.dat
testing/tests/ikev1/dynamic-responder/pretest.dat
testing/tests/ikev1/dynamic-two-peers/evaltest.dat
testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat
testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat
testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat
testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat
testing/tests/ikev1/esp-alg-null/evaltest.dat
testing/tests/ikev1/host2host-cert/evaltest.dat
testing/tests/ikev1/host2host-transport/evaltest.dat
testing/tests/ikev1/ip-pool-db/evaltest.dat
testing/tests/ikev1/ip-pool/evaltest.dat
testing/tests/ikev1/nat-rw/evaltest.dat
testing/tests/ikev1/net2net-cert/evaltest.dat
testing/tests/ikev1/net2net-psk/evaltest.dat
testing/tests/ikev1/protoport-dual/evaltest.dat
testing/tests/ikev1/rw-cert-aggressive/evaltest.dat
testing/tests/ikev1/rw-cert-unity/evaltest.dat
testing/tests/ikev1/rw-cert/evaltest.dat
testing/tests/ikev1/rw-psk-aggressive/evaltest.dat
testing/tests/ikev1/rw-psk-fqdn/evaltest.dat
testing/tests/ikev1/rw-psk-ipv4/evaltest.dat
testing/tests/ikev1/virtual-ip/evaltest.dat
testing/tests/ikev1/xauth-id-psk-config/evaltest.dat
testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat
testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat
testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat
testing/tests/ikev1/xauth-psk/evaltest.dat
testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev1/xauth-rsa-eap-md5-radius/posttest.dat
testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat
testing/tests/ikev1/xauth-rsa/evaltest.dat
testing/tests/ikev2/after-2038-certs/evaltest.dat
testing/tests/ikev2/alg-3des-md5/evaltest.dat
testing/tests/ikev2/alg-aes-ccm/evaltest.dat
testing/tests/ikev2/alg-aes-ctr/evaltest.dat
testing/tests/ikev2/alg-aes-gcm/evaltest.dat
testing/tests/ikev2/alg-aes-xcbc/evaltest.dat
testing/tests/ikev2/alg-blowfish/evaltest.dat
testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
testing/tests/ikev2/alg-sha256-96/evaltest.dat
testing/tests/ikev2/alg-sha256/evaltest.dat
testing/tests/ikev2/alg-sha384/evaltest.dat
testing/tests/ikev2/alg-sha512/evaltest.dat
testing/tests/ikev2/config-payload-swapped/evaltest.dat
testing/tests/ikev2/config-payload/evaltest.dat
testing/tests/ikev2/default-keys/evaltest.dat
testing/tests/ikev2/default-keys/pretest.dat
testing/tests/ikev2/dhcp-dynamic/evaltest.dat
testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf [new file with mode: 0644]
testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf [deleted file]
testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
testing/tests/ikev2/dhcp-dynamic/posttest.dat
testing/tests/ikev2/dhcp-dynamic/pretest.dat
testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcp/dhcpd.conf [new file with mode: 0644]
testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf [deleted file]
testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
testing/tests/ikev2/dhcp-static-client-id/posttest.dat
testing/tests/ikev2/dhcp-static-client-id/pretest.dat
testing/tests/ikev2/dhcp-static-mac/evaltest.dat
testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcp/dhcpd.conf [new file with mode: 0644]
testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf [deleted file]
testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
testing/tests/ikev2/dhcp-static-mac/posttest.dat
testing/tests/ikev2/dhcp-static-mac/pretest.dat
testing/tests/ikev2/double-nat-net/evaltest.dat
testing/tests/ikev2/double-nat/evaltest.dat
testing/tests/ikev2/dynamic-initiator/evaltest.dat
testing/tests/ikev2/dynamic-two-peers/evaltest.dat
testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
testing/tests/ikev2/esp-alg-md5-128/evaltest.dat
testing/tests/ikev2/esp-alg-null/evaltest.dat
testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat
testing/tests/ikev2/farp/evaltest.dat
testing/tests/ikev2/force-udp-encaps/evaltest.dat
testing/tests/ikev2/host2host-cert/evaltest.dat
testing/tests/ikev2/host2host-swapped/evaltest.dat
testing/tests/ikev2/host2host-transport/evaltest.dat
testing/tests/ikev2/inactivity-timeout/evaltest.dat
testing/tests/ikev2/inactivity-timeout/posttest.dat
testing/tests/ikev2/inactivity-timeout/pretest.dat
testing/tests/ikev2/ip-pool-db/evaltest.dat
testing/tests/ikev2/ip-pool-wish/evaltest.dat
testing/tests/ikev2/ip-pool/evaltest.dat
testing/tests/ikev2/ip-two-pools-db/evaltest.dat
testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat
testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat
testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat
testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat
testing/tests/ikev2/ip-two-pools/evaltest.dat
testing/tests/ikev2/mobike-nat/evaltest.dat
testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/mobike-nat/pretest.dat
testing/tests/ikev2/mobike-virtual-ip/evaltest.dat
testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/mobike-virtual-ip/pretest.dat
testing/tests/ikev2/mobike/evaltest.dat
testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf
testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf
testing/tests/ikev2/mobike/posttest.dat
testing/tests/ikev2/mobike/pretest.dat
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/modules/sim_files [new file with mode: 0644]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/triplets.dat [new file with mode: 0644]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/triplets.dat [deleted file]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/posttest.dat
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat
testing/tests/ikev2/mult-auth-rsa-eap-sim-id/test.conf
testing/tests/ikev2/nat-rw-mark/description.txt
testing/tests/ikev2/nat-rw-mark/evaltest.dat
testing/tests/ikev2/nat-rw-mark/posttest.dat
testing/tests/ikev2/nat-rw-mark/pretest.dat
testing/tests/ikev2/nat-rw-psk/evaltest.dat
testing/tests/ikev2/nat-rw/evaltest.dat
testing/tests/ikev2/nat-virtual-ip/evaltest.dat
testing/tests/ikev2/net2net-cert/evaltest.dat
testing/tests/ikev2/net2net-pgp-v3/evaltest.dat
testing/tests/ikev2/net2net-pgp-v4/evaltest.dat
testing/tests/ikev2/net2net-psk-dscp/evaltest.dat
testing/tests/ikev2/net2net-psk/evaltest.dat
testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.secrets
testing/tests/ikev2/net2net-pubkey/evaltest.dat
testing/tests/ikev2/net2net-rfc3779/evaltest.dat
testing/tests/ikev2/net2net-route/evaltest.dat
testing/tests/ikev2/net2net-rsa/evaltest.dat
testing/tests/ikev2/net2net-same-nets/evaltest.dat
testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown
testing/tests/ikev2/net2net-start/evaltest.dat
testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
testing/tests/ikev2/ocsp-root-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
testing/tests/ikev2/protoport-dual/evaltest.dat
testing/tests/ikev2/protoport-route/evaltest.dat
testing/tests/ikev2/reauth-early/evaltest.dat
testing/tests/ikev2/reauth-late/evaltest.dat
testing/tests/ikev2/rw-cert/evaltest.dat
testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-dynamic/evaltest.dat
testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-md5-class-radius/posttest.dat
testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat
testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat
testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat
testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat
testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-md5-radius/posttest.dat
testing/tests/ikev2/rw-eap-md5-radius/pretest.dat
testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat
testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat
testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel [new file with mode: 0644]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel [deleted file]
testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-peap-radius/posttest.dat
testing/tests/ikev2/rw-eap-peap-radius/pretest.dat
testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/modules/sim_files [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/triplets.dat [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat [deleted file]
testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat
testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat
testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/modules/sim_files [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/triplets.dat [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat [deleted file]
testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat
testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat
testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/triplets.dat [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat [deleted file]
testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-sim-radius/posttest.dat
testing/tests/ikev2/rw-eap-sim-radius/pretest.dat
testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat
testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat
testing/tests/ikev2/rw-eap-tls-only/evaltest.dat
testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-tls-radius/posttest.dat
testing/tests/ikev2/rw-eap-tls-radius/pretest.dat
testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat
testing/tests/ikev2/rw-eap-ttls-only/pretest.dat
testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat
testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel [new file with mode: 0644]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel [deleted file]
testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-eap-ttls-radius/posttest.dat
testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat
testing/tests/ikev2/rw-hash-and-url/evaltest.dat
testing/tests/ikev2/rw-mark-in-out/description.txt
testing/tests/ikev2/rw-mark-in-out/evaltest.dat
testing/tests/ikev2/rw-mark-in-out/pretest.dat
testing/tests/ikev2/rw-pkcs8/evaltest.dat
testing/tests/ikev2/rw-psk-fqdn/evaltest.dat
testing/tests/ikev2/rw-psk-ipv4/evaltest.dat
testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
testing/tests/ikev2/rw-psk-no-idr/evaltest.dat
testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat
testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat
testing/tests/ikev2/rw-radius-accounting/evaltest.dat
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/users [deleted file]
testing/tests/ikev2/rw-radius-accounting/posttest.dat
testing/tests/ikev2/rw-radius-accounting/pretest.dat
testing/tests/ikev2/rw-whitelist/evaltest.dat
testing/tests/ikev2/shunt-policies/evaltest.dat
testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/strong-keys-certs/evaltest.dat
testing/tests/ikev2/two-certs/evaltest.dat
testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/virtual-ip/evaltest.dat
testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat
testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat
testing/tests/openssl-ikev1/alg-camellia/evaltest.dat
testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat
testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat
testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat
testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat
testing/tests/openssl-ikev2/alg-camellia/evaltest.dat
testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat
testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat
testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat
testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat
testing/tests/openssl-ikev2/rw-cert/evaltest.dat
testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
testing/tests/p2pnat/behind-same-nat/evaltest.dat
testing/tests/p2pnat/behind-same-nat/posttest.dat
testing/tests/p2pnat/behind-same-nat/pretest.dat
testing/tests/p2pnat/medsrv-psk/evaltest.dat
testing/tests/p2pnat/medsrv-psk/posttest.dat
testing/tests/p2pnat/medsrv-psk/pretest.dat
testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
testing/tests/pfkey/alg-sha384/evaltest.dat
testing/tests/pfkey/alg-sha512/evaltest.dat
testing/tests/pfkey/esp-alg-null/evaltest.dat
testing/tests/pfkey/host2host-transport/evaltest.dat
testing/tests/pfkey/nat-rw/evaltest.dat
testing/tests/pfkey/net2net-route/evaltest.dat
testing/tests/pfkey/protoport-dual/evaltest.dat
testing/tests/pfkey/protoport-route/evaltest.dat
testing/tests/pfkey/rw-cert/evaltest.dat
testing/tests/pfkey/shunt-policies/evaltest.dat
testing/tests/sql/ip-pool-db-expired/evaltest.dat
testing/tests/sql/ip-pool-db-restart/evaltest.dat
testing/tests/sql/ip-pool-db/evaltest.dat
testing/tests/sql/multi-level-ca/evaltest.dat
testing/tests/sql/net2net-cert/evaltest.dat
testing/tests/sql/net2net-psk/evaltest.dat
testing/tests/sql/net2net-route-pem/evaltest.dat
testing/tests/sql/net2net-start-pem/evaltest.dat
testing/tests/sql/rw-cert/evaltest.dat
testing/tests/sql/rw-eap-aka-rsa/evaltest.dat
testing/tests/sql/rw-psk-ipv4/evaltest.dat
testing/tests/sql/rw-psk-rsa-split/evaltest.dat
testing/tests/sql/rw-rsa-keyid/evaltest.dat
testing/tests/sql/rw-rsa/evaltest.dat
testing/tests/sql/shunt-policies/evaltest.dat
testing/tests/tnc/tnccs-11-fhh/evaltest.dat
testing/tests/tnc/tnccs-11-radius-block/evaltest.dat
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second [deleted file]
testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/users [deleted file]
testing/tests/tnc/tnccs-11-radius-block/posttest.dat
testing/tests/tnc/tnccs-11-radius-block/pretest.dat
testing/tests/tnc/tnccs-11-radius/evaltest.dat
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users [new file with mode: 0644]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/eap.conf [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/proxy.conf [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second [deleted file]
testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/users [deleted file]
testing/tests/tnc/tnccs-11-radius/posttest.dat
testing/tests/tnc/tnccs-11-radius/pretest.dat
testing/tests/tnc/tnccs-11/evaltest.dat
testing/tests/tnc/tnccs-20-block/evaltest.dat
testing/tests/tnc/tnccs-20-client-retry/evaltest.dat
testing/tests/tnc/tnccs-20-fhh/evaltest.dat
testing/tests/tnc/tnccs-20-os/evaltest.dat
testing/tests/tnc/tnccs-20-pdp/evaltest.dat
testing/tests/tnc/tnccs-20-server-retry/evaltest.dat
testing/tests/tnc/tnccs-20-tls/evaltest.dat
testing/tests/tnc/tnccs-20/evaltest.dat
testing/tests/tnc/tnccs-dynamic/evaltest.dat

index 72e3c5e..2096cb9 100644 (file)
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
 carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
 moon:: ip xfrm state::enc cbc(camellia)::YES
index f8cfb11..ba66197 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 81e413f..db5a762 100644 (file)
@@ -4,7 +4,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES
 moon:: ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 carol::ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES
 moon:: ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES
 carol::ip xfrm state::enc cbc(serpent)::YES
index 7003977..ac3b5e0 100644 (file)
@@ -4,7 +4,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES
 moon:: ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 carol::ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES
 moon:: ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES
 carol::ip xfrm state::enc cbc(twofish)::YES
index d82b68d..5f0bb3c 100644 (file)
@@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
 carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES
 moon:: ip xfrm state::enc cbc(camellia)::YES
index b545c22..2342d02 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 36d72ff..89e5f4b 100644 (file)
@@ -8,8 +8,8 @@ alice::cat /var/log/daemon.log::HA segment 1 activated::YES
 moon:: cat /var/log/daemon.log::HA segment 2 activated::YES
 alice::cat /var/log/daemon.log::handling HA CHILD_SA::YES
 moon:: cat /var/log/daemon.log::installed HA CHILD_SA::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
 carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES
 carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::YES
 dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES
index 49bf760..ea03fbd 100644 (file)
@@ -10,7 +10,7 @@ moon::ip addr del 192.168.0.5/24 dev eth0
 moon::ip addr del 10.1.0.5/16 dev eth1
 alice::ip addr del 192.168.0.5/24 dev eth1
 alice::ip addr del 10.1.0.5/16 dev eth0
-alice::/etc/init.d/net.eth1 stop
+alice::ifdown eth1
 venus::ip route del default via 10.1.0.5 dev eth0
 venus::ip route add default via 10.1.0.1 dev eth0
 moon::conntrack -F
index e2e5098..bb276f0 100644 (file)
@@ -1,6 +1,6 @@
 moon::ip addr add 192.168.0.5/24 dev eth0
 moon::ip addr add 10.1.0.5/16 dev eth1
-alice::/etc/init.d/net.eth1 start
+alice::ifup eth1
 alice::ip addr add 192.168.0.5/24 dev eth1
 alice::ip addr add 10.1.0.5/16 dev eth0
 venus::ip route del default via 10.1.0.1 dev eth0
index c8fcb23..e431ce5 100644 (file)
@@ -10,8 +10,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index f12b19e..847a2d9 100644 (file)
@@ -2,13 +2,13 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES 
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index a553ff1..abd29e9 100644 (file)
@@ -4,12 +4,12 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES
 carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES
 moon:: ip xfrm state::enc cbc(des3_ede)::YES
 carol::ip xfrm state::enc cbc(des3_ede)::YES
-moon:: ip xfrm state::auth hmac(md5)::YES
-carol::ip xfrm state::auth hmac(md5)::YES
+moon:: ip xfrm state::auth-trunc hmac(md5)::YES
+carol::ip xfrm state::auth-trunc hmac(md5)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
index 3787bdb..cd83c56 100644 (file)
@@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
 dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
 dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
 carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
index c07c176..8230ee3 100644 (file)
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
 dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 7b5640a..eba8567 100644 (file)
@@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
-moon:: ip xfrm state::auth hmac(sha256)::YES
-carol::ip xfrm state::auth hmac(sha256)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha256)::YES
+carol::ip xfrm state::auth-trunc hmac(sha256)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
index 21b3d5a..3b24217 100644 (file)
@@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-moon:: ip xfrm state::auth hmac(sha384)::YES
-carol::ip xfrm state::auth hmac(sha384)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha384)::YES
+carol::ip xfrm state::auth-trunc hmac(sha384)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
index 7b94d21..6bdceeb 100644 (file)
@@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-moon:: ip xfrm state::auth hmac(sha512)::YES
-carol::ip xfrm state::auth hmac(sha512)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha512)::YES
+carol::ip xfrm state::auth-trunc hmac(sha512)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
index a429e9b..b46dfdd 100644 (file)
@@ -5,13 +5,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
 carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
index 05dc82d..52c5619 100644 (file)
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@
 bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
 alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
-alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
index b080482..9ddad2d 100644 (file)
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@
 bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
 alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
index f22f124..61546f4 100644 (file)
@@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
 moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol@strongswan.org.*due to uniqueness policy::YES
 moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
index 4dbf3d4..32ac12d 100644 (file)
@@ -2,8 +2,6 @@ dave::ipsec stop
 carol::ipsec stop
 dave::sleep 1
 moon::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
 dave::rm /etc/ipsec.d/certs/*
 dave::rm /etc/ipsec.d/private/*
index 9268101..9aadb2a 100644 (file)
@@ -1,6 +1,4 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
 carol::ipsec start
 dave::ipsec start
 moon::ipsec start
@@ -10,4 +8,4 @@ carol::sleep 1
 carol::iptables -D INPUT  -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT
 carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
 dave::ipsec up moon
-dave::sleep 2 
+dave::sleep 2
index f22f124..61546f4 100644 (file)
@@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
 moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol@strongswan.org.*due to uniqueness policy::YES
 moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
index 4dbf3d4..32ac12d 100644 (file)
@@ -2,8 +2,6 @@ dave::ipsec stop
 carol::ipsec stop
 dave::sleep 1
 moon::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
 dave::rm /etc/ipsec.d/certs/*
 dave::rm /etc/ipsec.d/private/*
index c0f166f..8dc744f 100644 (file)
@@ -1,6 +1,4 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
 carol::ipsec start
 dave::ipsec start
 moon::ipsec start
@@ -10,4 +8,4 @@ moon::sleep 1
 carol::iptables -D INPUT  -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT
 carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
 dave::ipsec up moon
-dave::sleep 2 
+dave::sleep 2
index 1d5ff68..82d2e73 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
index 6f7c137..6489201 100644 (file)
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128::YES
 carol::ipsec statusall 2> /dev/null::AES_CCM_12_128::YES
 carol::ip xfrm state::aead rfc4309(ccm(aes))::YES
index 9a8b468..c86f580 100644 (file)
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES
 carol::ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES
 moon:: ip xfrm state::rfc3686(ctr(aes))::YES
index 9d5fb7c..a7f52c7 100644 (file)
@@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256::YES
 carol::ipsec statusall 2> /dev/null::AES_GCM_16_256::YES
 carol::ip xfrm state::aead rfc4106(gcm(aes))::YES
index 74150fb..d5d3bc0 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
 carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
 carol::ip xfrm state::aead rfc4543(gcm(aes))::YES
index 6f5b893..b466813 100644 (file)
@@ -2,10 +2,10 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.
 moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 carol::ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES
 moon:: ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES
-carol::ip xfrm state::auth xcbc(aes)::YES
-moon:: ip xfrm state::auth xcbc(aes)::YES
+carol::ip xfrm state::auth-trunc xcbc(aes)::YES
+moon:: ip xfrm state::auth-trunc xcbc(aes)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
index 937d85e..1b9c6c2 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
 carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
 moon:: ip xfrm state::enc ecb(cipher_null)::YES
index 53e5589..3305f45 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
 sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 3021b5e..fc49e57 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
 sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
 sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 941cb34..42e3530 100644 (file)
@@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
 dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
@@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
 moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
 moon:: cat /var/log/daemon.log::assigning virtual IP::YES
index db46646..1fdc3f0 100644 (file)
@@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
 moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
 moon:: cat /var/log/daemon.log::assigning virtual IP::YES
index e0b458d..387dbae 100644 (file)
@@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES
 sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 moon:: sleep 6::no output expected::NO
-bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES
 alice::cat /var/log/daemon.log::sending keep alive::YES
 venus::cat /var/log/daemon.log::sending keep alive::YES
index c98f5d7..2b37cad 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
 sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index c98f5d7..2b37cad 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
 sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index a65460c..cf45f3b 100644 (file)
@@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
 carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index f8cfb11..ba66197 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index b6a860b..c183f48 100644 (file)
@@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
 carol::ipsec status 2> /dev/null::10.2.1.1/32 === 192.168.0.0/24 PASS::YES
 carol::ipsec status 2> /dev/null::home.*10.2.1.1/32 === 10.1.0.0/16 10.2.1.0/24::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 10.2.1.0/24 === 10.2.1.1/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index f8cfb11..ba66197 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index b545c22..2342d02 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index ef964a2..77f5488 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index d56c522..df37719 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index dd3143a..0f5df71 100644 (file)
@@ -14,12 +14,12 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::src PH_IP_CAROL1::YES
 dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::src PH_IP_DAVE1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
+moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES
+moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 02ed911..cd4ebd8 100644 (file)
@@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE
 moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 5b021a0..34c124c 100644 (file)
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 198dd37..7604a15 100644 (file)
@@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE
 moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 5b021a0..34c124c 100644 (file)
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 988a6c5..c6637cb 100644 (file)
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 0591e22..d568273 100644 (file)
@@ -5,6 +5,6 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf
new file mode 100644 (file)
index 0000000..623f429
--- /dev/null
@@ -0,0 +1,5 @@
+eap {
+  default_eap_type = md5
+  md5 {
+  }
+}
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf
new file mode 100644 (file)
index 0000000..23cba8d
--- /dev/null
@@ -0,0 +1,5 @@
+realm strongswan.org {
+  type     = radius
+  authhost = LOCAL
+  accthost = LOCAL
+}
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default
new file mode 100644 (file)
index 0000000..dd08258
--- /dev/null
@@ -0,0 +1,43 @@
+authorize {
+  suffix
+  eap {
+    ok = return
+  }
+  files
+}
+
+authenticate {
+  eap
+}
+
+preacct {
+  preprocess
+  acct_unique
+  suffix
+  files
+}
+
+accounting {
+  detail
+  unix
+  radutmp
+  attr_filter.accounting_response
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  exec
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/users b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/users
new file mode 100644 (file)
index 0000000..4fb07b9
--- /dev/null
@@ -0,0 +1 @@
+carol  Cleartext-Password := "4iChxLT3"
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/clients.conf
deleted file mode 100644 (file)
index f4e179a..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-client PH_IP_MOON1 {
-  secret    = gv6URkSs 
-  shortname = moon
-}
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/eap.conf
deleted file mode 100644 (file)
index 623f429..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-eap {
-  default_eap_type = md5
-  md5 {
-  }
-}
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf
deleted file mode 100644 (file)
index 23cba8d..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-realm strongswan.org {
-  type     = radius
-  authhost = LOCAL
-  accthost = LOCAL
-}
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf
deleted file mode 100644 (file)
index 1143a04..0000000
+++ /dev/null
@@ -1,120 +0,0 @@
-# radiusd.conf -- FreeRADIUS server configuration file.
-
-prefix = /usr
-exec_prefix = ${prefix}
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = ${localstatedir}/log/radius
-raddbdir = ${sysconfdir}/raddb
-radacctdir = ${logdir}/radacct
-
-#  name of the running server.  See also the "-n" command-line option.
-name = radiusd
-
-#  Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = ${raddbdir}
-
-# libdir: Where to find the rlm_* modules.
-libdir = ${exec_prefix}/lib
-
-#  pidfile: Where to place the PID of the RADIUS server.
-pidfile = ${run_dir}/${name}.pid
-
-#  max_request_time: The maximum time (in seconds) to handle a request.
-max_request_time = 30
-
-#  cleanup_delay: The time to wait (in seconds) before cleaning up
-cleanup_delay = 5
-
-#  max_requests: The maximum number of requests which the server keeps
-max_requests = 1024
-
-#  listen: Make the server listen on a particular IP address, and send
-listen {
-  type = auth
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  This second "listen" section is for listening on the accounting
-#  port, too.
-#
-listen {
-  type  = acct
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  hostname_lookups: Log the names of clients or just their IP addresses
-hostname_lookups = no
-
-#  Core dumps are a bad thing.  This should only be set to 'yes'
-allow_core_dumps = no
-
-#  Regular expressions
-regular_expressions = yes
-extended_expressions = yes
-
-#  Logging section.  The various "log_*" configuration items
-log {
-  destination = files
-  file = ${logdir}/radius.log
-  syslog_facility = daemon
-  stripped_names = no
-  auth = yes 
-  auth_badpass = yes 
-  auth_goodpass = yes 
-}
-
-#  The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-#  Security considerations
-security {
-  max_attributes = 200
-  reject_delay = 1
-  status_server = yes
-}
-
-# PROXY CONFIGURATION
-proxy_requests = yes
-$INCLUDE proxy.conf
-
-# CLIENTS CONFIGURATION
-$INCLUDE clients.conf
-
-# THREAD POOL CONFIGURATION
-thread pool {
-  start_servers = 5
-  max_servers = 32
-  min_spare_servers = 3
-  max_spare_servers = 10
-  max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-modules {
-  $INCLUDE ${confdir}/modules/
-  $INCLUDE eap.conf
-  $INCLUDE sql.conf
-  $INCLUDE sql/mysql/counter.conf
-}
-
-# Instantiation
-instantiate {
-  exec
-  expr
-  expiration
-  logintime
-}
-
-# Policies
-$INCLUDE policy.conf
-
-# Include all enabled virtual hosts
-$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default
deleted file mode 100644 (file)
index 802fcfd..0000000
+++ /dev/null
@@ -1,44 +0,0 @@
-authorize {
-  suffix
-  eap {
-    ok = return
-  }
-  files
-}
-
-authenticate {
-  eap
-}
-
-preacct {
-  preprocess
-  acct_unique
-  suffix
-  files
-}
-
-accounting {
-  detail
-  unix
-  radutmp
-  attr_filter.accounting_response
-}
-
-session {
-  radutmp
-}
-
-post-auth {
-  exec
-  Post-Auth-Type REJECT {
-    attr_filter.access_reject
-  }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-  eap
-}
-
diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/users
deleted file mode 100644 (file)
index 4fb07b9..0000000
+++ /dev/null
@@ -1 +0,0 @@
-carol  Cleartext-Password := "4iChxLT3"
index 920d6a2..6c3d145 100644 (file)
@@ -1,5 +1,5 @@
 moon::ipsec stop
 carol::ipsec stop
-alice::/etc/init.d/radiusd stop
+alice::killall radiusd
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
index 280d62e..c9b389e 100644 (file)
@@ -1,6 +1,6 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
-alice::/etc/init.d/radiusd start 
+alice::radiusd
 moon::ipsec start
 carol::ipsec start
 carol::sleep 1
index 988a6c5..c6637cb 100644 (file)
@@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
 moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 3efaa5a..427aa74 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 
index a553ff1..abd29e9 100644 (file)
@@ -4,12 +4,12 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES
 carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES
 moon:: ip xfrm state::enc cbc(des3_ede)::YES
 carol::ip xfrm state::enc cbc(des3_ede)::YES
-moon:: ip xfrm state::auth hmac(md5)::YES
-carol::ip xfrm state::auth hmac(md5)::YES
+moon:: ip xfrm state::auth-trunc hmac(md5)::YES
+carol::ip xfrm state::auth-trunc hmac(md5)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
index e2cf773..5a14b98 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES
 moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES
index 177e0ea..6a5203a 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES
 moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES
index 39f8b1c..ce27fcc 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES
 moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES
index 7a98745..f110183 100644 (file)
@@ -4,11 +4,11 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
-moon:: ip xfrm state::auth xcbc(aes)::YES
-carol::ip xfrm state::auth xcbc(aes)::YES
+moon:: ip xfrm state::auth-trunc xcbc(aes)::YES
+carol::ip xfrm state::auth-trunc xcbc(aes)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
 
index a458f02..f76522c 100644 (file)
@@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
 dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES
 dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES
 carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
index 0acd6d2..5e4ab98 100644 (file)
@@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES
 dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
 dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 4bbc82d..6c4e237 100644 (file)
@@ -6,10 +6,10 @@ moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES
 carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES
-moon:: ip xfrm state::auth hmac(sha256)::YES
-carol::ip xfrm state::auth hmac(sha256)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha256)::YES
+carol::ip xfrm state::auth-trunc hmac(sha256)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
index 7b5640a..eba8567 100644 (file)
@@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
-moon:: ip xfrm state::auth hmac(sha256)::YES
-carol::ip xfrm state::auth hmac(sha256)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha256)::YES
+carol::ip xfrm state::auth-trunc hmac(sha256)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
index 21b3d5a..3b24217 100644 (file)
@@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-moon:: ip xfrm state::auth hmac(sha384)::YES
-carol::ip xfrm state::auth hmac(sha384)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha384)::YES
+carol::ip xfrm state::auth-trunc hmac(sha384)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
index 7b94d21..6bdceeb 100644 (file)
@@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
 carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
 carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-moon:: ip xfrm state::auth hmac(sha512)::YES
-carol::ip xfrm state::auth hmac(sha512)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha512)::YES
+carol::ip xfrm state::auth-trunc hmac(sha512)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
index 3c41a59..b6a1c96 100644 (file)
@@ -3,13 +3,13 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
index a429e9b..b46dfdd 100644 (file)
@@ -5,13 +5,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
 carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
index 1c206ff..4df2d1e 100644 (file)
@@ -4,6 +4,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES
 moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index 88f9a2c..54da473 100644 (file)
@@ -10,9 +10,10 @@ moon::rm /etc/ipsec.d/private/*
 moon::rm /etc/ipsec.d/certs/*
 moon::rm /etc/ipsec.d/cacerts/*
 moon::ipsec start
-moon::sleep 5 
+moon::sleep 5
 moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der
 moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der
-moon::ipsec reload 
-carol::ipsec reload 
+moon::ipsec reload
+carol::ipsec reload
+carol::sleep 1
 carol::ipsec up home
index 4b0ddac..252c030 100644 (file)
@@ -1,11 +1,11 @@
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES
@@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::arp reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::arp reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf
new file mode 100644 (file)
index 0000000..7a17850
--- /dev/null
@@ -0,0 +1,14 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option domain-name          "strongswan.org";
+  option domain-name-servers   PH_IP_VENUS;
+  option netbios-name-servers  PH_IP_ALICE;
+  option routers               PH_IP_MOON1;
+  option broadcast-address     10.1.255.255;
+  next-server                  PH_IP_VENUS;
+
+  range 10.1.0.50 10.1.0.60;
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
deleted file mode 100644 (file)
index 2176af7..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-# dhcpd configuration file
-
-ddns-update-style none;
-
-subnet 10.1.0.0 netmask 255.255.0.0 {
-  option domain-name          "strongswan.org";
-  option domain-name-servers   10.1.0.20;
-  option netbios-name-servers  10.1.0.10;
-  option routers               10.1.0.1;
-  option broadcast-address     10.1.255.255;
-  next-server                  10.1.0.20;
-
-  range 10.1.0.50 10.1.0.60;
-}
index 2d35dfd..ec8c945 100644 (file)
@@ -1,7 +1,7 @@
 interface=eth0
 dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
-dhcp-option=option:router,10.1.0.1
-dhcp-option=option:dns-server,10.1.0.20
-dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:router,PH_IP_MOON1
+dhcp-option=option:dns-server,PH_IP_VENUS
+dhcp-option=option:netbios-ns,PH_IP_ALICE
 dhcp-option=option:domain-name,strongswan.org
 log-dhcp
index 1f54875..24986c6 100644 (file)
@@ -2,7 +2,7 @@ moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
 venus::cat /var/state/dhcp/dhcpd.leases
-venus::/etc/init.d/dhcpd stop 2> /dev/null
+venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
index bd36b4f..60729fc 100644 (file)
@@ -1,12 +1,12 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
-venus::cat /etc/dhcpd.conf
-venus::/etc/init.d/dhcpd start 2> /dev/null
+venus::cat /etc/dhcp/dhcpd.conf
+venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
 carol::ipsec start
 dave::ipsec start
 moon::ipsec start
-carol::sleep 2 
+carol::sleep 2
 carol::ipsec up home
 dave::ipsec up home
 carol::sleep 1
index 830094c..efb7b89 100644 (file)
@@ -1,11 +1,11 @@
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
@@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcp/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcp/dhcpd.conf
new file mode 100644 (file)
index 0000000..334ea30
--- /dev/null
@@ -0,0 +1,24 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option domain-name            "strongswan.org";
+  option domain-name-servers     PH_IP_VENUS;
+  option netbios-name-servers    PH_IP_ALICE;
+  option routers                 PH_IP_MOON1;
+  option broadcast-address       10.1.255.255;
+  next-server                    PH_IP_VENUS;
+
+  range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+  option dhcp-client-identifier "carol@strongswan.org";
+  fixed-address                  10.1.0.30;
+}
+
+host dave {
+  option dhcp-client-identifier "dave@strongswan.org";
+  fixed-address                  10.1.0.40;
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
deleted file mode 100644 (file)
index 44ee681..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# dhcpd configuration file
-
-ddns-update-style none;
-
-subnet 10.1.0.0 netmask 255.255.0.0 {
-  option domain-name            "strongswan.org";
-  option domain-name-servers     10.1.0.20;
-  option netbios-name-servers    10.1.0.10;
-  option routers                 10.1.0.1;
-  option broadcast-address       10.1.255.255;
-  next-server                    10.1.0.20;
-
-  range 10.1.0.50 10.1.0.60;
-}
-
-host carol {
-  option dhcp-client-identifier "carol@strongswan.org";
-  fixed-address                  10.1.0.30;
-}
-
-host dave {
-  option dhcp-client-identifier "dave@strongswan.org";
-  fixed-address                  10.1.0.40;
-}
-
index 5672236..aca2259 100644 (file)
@@ -2,8 +2,8 @@ interface=eth0
 dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
 dhcp-host=id:carol@strongswan.org,10.1.0.30
 dhcp-host=id:dave@strongswan.org,10.1.0.40
-dhcp-option=option:router,10.1.0.1
-dhcp-option=option:dns-server,10.1.0.20
-dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:router,PH_IP_MOON1
+dhcp-option=option:dns-server,PH_IP_VENUS
+dhcp-option=option:netbios-ns,PH_IP_ALICE
 dhcp-option=option:domain-name,strongswan.org
 log-dhcp
index e1aadc6..497e908 100644 (file)
@@ -1,7 +1,7 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-venus::/etc/init.d/dhcpd stop 2> /dev/null
+venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
index bd36b4f..60729fc 100644 (file)
@@ -1,12 +1,12 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
-venus::cat /etc/dhcpd.conf
-venus::/etc/init.d/dhcpd start 2> /dev/null
+venus::cat /etc/dhcp/dhcpd.conf
+venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
 carol::ipsec start
 dave::ipsec start
 moon::ipsec start
-carol::sleep 2 
+carol::sleep 2
 carol::ipsec up home
 dave::ipsec up home
 carol::sleep 1
index 830094c..efb7b89 100644 (file)
@@ -1,11 +1,11 @@
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES
@@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcp/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcp/dhcpd.conf
new file mode 100644 (file)
index 0000000..cdade2f
--- /dev/null
@@ -0,0 +1,24 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option domain-name          "strongswan.org";
+  option domain-name-servers   PH_IP_VENUS;
+  option netbios-name-servers  PH_IP_ALICE;
+  option routers               PH_IP_MOON1;
+  option broadcast-address     10.1.255.255;
+  next-server                  PH_IP_VENUS;
+
+  range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+  hardware ethernet            7a:a7:8f:fc:db:3b;
+  fixed-address                10.1.0.30;
+}
+
+host dave {
+  hardware ethernet            7a:a7:35:78:bc:85;
+  fixed-address                10.1.0.40;
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
deleted file mode 100644 (file)
index 20666f7..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# dhcpd configuration file
-
-ddns-update-style none;
-
-subnet 10.1.0.0 netmask 255.255.0.0 {
-  option domain-name          "strongswan.org";
-  option domain-name-servers   10.1.0.20;
-  option netbios-name-servers  10.1.0.10;
-  option routers               10.1.0.1;
-  option broadcast-address     10.1.255.255;
-  next-server                  10.1.0.20;
-
-  range 10.1.0.50 10.1.0.60;
-}
-
-host carol {
-  hardware ethernet            7a:a7:8f:fc:db:3b;
-  fixed-address                10.1.0.30;
-}
-
-host dave {
-  hardware ethernet            7a:a7:35:78:bc:85;
-  fixed-address                10.1.0.40;
-}
-
index e372908..61d31a0 100644 (file)
@@ -2,8 +2,8 @@ interface=eth0
 dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
 dhcp-host=7a:a7:8f:fc:db:3b,10.1.0.30
 dhcp-host=7a:a7:35:78:bc:85,10.1.0.40
-dhcp-option=option:router,10.1.0.1
-dhcp-option=option:dns-server,10.1.0.20
-dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:router,PH_IP_MOON1
+dhcp-option=option:dns-server,PH_IP_VENUS
+dhcp-option=option:netbios-ns,PH_IP_ALICE
 dhcp-option=option:domain-name,strongswan.org
 log-dhcp
index e1aadc6..497e908 100644 (file)
@@ -1,7 +1,7 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-venus::/etc/init.d/dhcpd stop 2> /dev/null
+venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
index bd36b4f..60729fc 100644 (file)
@@ -1,12 +1,12 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
-venus::cat /etc/dhcpd.conf
-venus::/etc/init.d/dhcpd start 2> /dev/null
+venus::cat /etc/dhcp/dhcpd.conf
+venus::/etc/init.d/isc-dhcp-server start 2> /dev/null
 carol::ipsec start
 dave::ipsec start
 moon::ipsec start
-carol::sleep 2 
+carol::sleep 2
 carol::ipsec up home
 dave::ipsec up home
 carol::sleep 1
index 05dc82d..52c5619 100644 (file)
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@
 bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
 alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
-alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
index b080482..9ddad2d 100644 (file)
@@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@
 bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
 alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
index 9d050ec..3db70be 100644 (file)
@@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
 moon:: cat /var/log/daemon.log::destroying duplicate IKE_SA for.*carol@strongswan.org.*received INITIAL_CONTACT::YES
 moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
index 1d5ff68..82d2e73 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
index 74150fb..d5d3bc0 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
 carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
 carol::ip xfrm state::aead rfc4543(gcm(aes))::YES
index a66edc5..3665399 100644 (file)
@@ -2,10 +2,10 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
 carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES
-moon:: ip xfrm state::auth hmac(md5)::YES
-carol::ip xfrm state::auth hmac(md5)::YES
+moon:: ip xfrm state::auth-trunc hmac(md5)::YES
+carol::ip xfrm state::auth-trunc hmac(md5)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
index 937d85e..1b9c6c2 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
 carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
 moon:: ip xfrm state::enc ecb(cipher_null)::YES
index 52c27cb..00c3536 100644 (file)
@@ -2,10 +2,10 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
 carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES
-moon:: ip xfrm state::auth hmac(sha1)::YES
-carol::ip xfrm state::auth hmac(sha1)::YES
+moon:: ip xfrm state::auth-trunc hmac(sha1)::YES
+carol::ip xfrm state::auth-trunc hmac(sha1)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 204::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 204::YES
index 21b10d1..cc94130 100644 (file)
@@ -1,11 +1,11 @@
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
@@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::ARP, Reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
 alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
 alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
 alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
index d7fe707..36af646 100644 (file)
@@ -3,6 +3,6 @@ sun::  ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@
 alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
 alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES
-alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES
+alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > alice.strongswan.org.*: UDP::YES
index 53e5589..3305f45 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
 sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 53e5589..3305f45 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
 sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 3021b5e..fc49e57 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su
 sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
 sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index dceceae..221c593 100644 (file)
@@ -1,8 +1,8 @@
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES
 carol::sleep 15::NO
 carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES
 moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO
 carol::ipsec status 2> /dev/null::home.*INSTALLED::NO
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::NO
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::NO
index 94a4006..6ca9c5b 100644 (file)
@@ -1,4 +1,3 @@
 moon::ipsec stop
 carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
+carol::iptables-restore < /etc/iptables.flush
index 3c3df01..b949aae 100644 (file)
@@ -1,7 +1,6 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
+carol::iptables-restore < /etc/iptables.rules
 moon::ipsec start
 carol::ipsec start
-carol::sleep 1 
+carol::sleep 1
 carol::ipsec up home
 carol::sleep 1
index 941cb34..42e3530 100644 (file)
@@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
 dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
@@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
 moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
 moon:: cat /var/log/daemon.log::assigning virtual IP::YES
index fd15d52..44310cd 100644 (file)
@@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org.::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
 moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
 moon:: cat /var/log/daemon.log::assigning virtual IP::YES
index db46646..8ea7960 100644 (file)
@@ -3,19 +3,19 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
 dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
 dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
 dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES
 moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
 moon:: cat /var/log/daemon.log::assigning virtual IP::YES
 moon:: ipsec leases 10.3.0.0/28 2> /dev/null::2/14, 2 online::YES
-moon:: ipsec leases 10.3.0.0/28 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
-moon:: ipsec leases 10.3.0.0/28 10.3.0.2 2> /dev/null::dave@strongswan.org::YES
+moon:: ipsec leases 10.3.0.0/28 PH_IP_CAROL1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec leases 10.3.0.0/28 PH_IP_DAVE1 2> /dev/null::dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP
index fd0413d..fdc3d4d 100644 (file)
@@ -28,10 +28,10 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/res
 dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES
 alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES
 venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES
-alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
-dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES
+alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES
+dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES
 alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
 alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
 dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 3b09b32..0d7a364 100644 (file)
@@ -13,8 +13,8 @@ moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*
 moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
 alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
 carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
index 7a0c1ed..0bf3500 100644 (file)
@@ -5,5 +5,5 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
 carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES
 carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES
 carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
index fafe030..bb20cae 100644 (file)
@@ -1,5 +1,4 @@
 alice::ip -6 route del default via fec1:\:1
 carol::ipsec stop
-moon::echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
 moon::ipsec stop
 moon::conntrack -F
index f97ff54..04139ba 100644 (file)
@@ -1,5 +1,4 @@
 alice::ip -6 route add default via fec1:\:1
-moon::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 moon::ipsec start
 carol::ipsec start
 carol::sleep 2
index 5de62e4..fad3781 100644 (file)
@@ -10,12 +10,12 @@ moon:: cat /var/log/daemon.log::adding virtual IP address pool.*10.4.0.0/28::YES
 moon:: cat /var/log/daemon.log::adding virtual IP address pool.*10.3.0.0/28::YES
 moon:: ipsec leases 10.3.0.0/28 2> /dev/null::1/14, 1 online::YES
 moon:: ipsec leases 10.4.0.0/28 2> /dev/null::1/14, 1 online::YES
-moon:: ipsec leases 10.3.0.0/28 10.3.0.1 2> /dev/null::carol@strongswan.org::YES
+moon:: ipsec leases 10.3.0.0/28 PH_IP_CAROL1 2> /dev/null::carol@strongswan.org::YES
 moon:: ipsec leases 10.4.0.0/28 10.4.0.1 2> /dev/null::alice@strongswan.org::YES
-carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
 alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
 carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
index aded7a0..c71e3f7 100644 (file)
@@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::
 sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
 alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
 sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-alice::/etc/init.d/net.eth1 stop::No output expected::NO
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ifdown eth1::No output expected::NO
 alice::sleep 1::No output expected::NO
 alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
 sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES
 alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
 sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
 sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
 moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP.*seq=0x2::YES
index efbce1f..ffb7f56 100644 (file)
@@ -10,7 +10,7 @@ conn %default
        keyexchange=ikev2
 
 conn mobike
-       left=PH_IP_ALICE1
+       left=192.168.0.50
        leftsourceip=%config
        leftcert=aliceCert.pem
        leftid=alice@strongswan.org
index 08c2be9..ec7e523 100644 (file)
@@ -1,4 +1,4 @@
-alice::/etc/init.d/net.eth1 start
+alice::ifup eth1
 alice::/etc/init.d/iptables start 2> /dev/null
 sun::/etc/init.d/iptables start 2> /dev/null
 moon::conntrack -F
@@ -7,6 +7,6 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-
 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
 alice::ipsec start
 sun::ipsec start
-alice::sleep 2 
+alice::sleep 2
 alice::ipsec up mobike
 alice::sleep 1
index c4c7b0b..17593ef 100644 (file)
@@ -1,15 +1,15 @@
-alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES
 alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
 sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-alice::/etc/init.d/net.eth1 stop::No output expected::NO
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ifdown eth1::No output expected::NO
 alice::sleep 1::No output expected::NO
 alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
 sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
 alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES
 sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
 sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
 moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP.*seq=0x2::YES
index efbce1f..ffb7f56 100644 (file)
@@ -10,7 +10,7 @@ conn %default
        keyexchange=ikev2
 
 conn mobike
-       left=PH_IP_ALICE1
+       left=192.168.0.50
        leftsourceip=%config
        leftcert=aliceCert.pem
        leftid=alice@strongswan.org
index eeee6ff..2b0c8ae 100644 (file)
@@ -14,7 +14,7 @@ conn mobike
        leftcert=sunCert.pem
        leftid=@sun.strongswan.org
        leftsubnet=10.2.0.0/16
-       right=PH_IP_ALICE1
+       right=192.168.0.50
        rightsourceip=10.3.0.3
        rightid=alice@strongswan.org
        auto=add
index 6666e77..1ae84d9 100644 (file)
@@ -1,10 +1,10 @@
-alice::/etc/init.d/net.eth1 start
+alice::ifup eth1
 alice::/etc/init.d/iptables start 2> /dev/null
 sun::/etc/init.d/iptables start 2> /dev/null
 moon::echo 1 > /proc/sys/net/ipv4/ip_forward
 sun::ip route add 10.1.0.0/16 via PH_IP_MOON
 alice::ipsec start
 sun::ipsec start
-alice::sleep 2 
+alice::sleep 2
 alice::ipsec up mobike
 alice::sleep 1
index ebf5ad4..e346404 100644 (file)
@@ -1,15 +1,15 @@
-alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES
-sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES
-alice::ipsec statusall 2> /dev/null::PH_IP_ALICE1/32 === 10.2.0.0/16::YES
-sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE1/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-alice::/etc/init.d/net.eth1 stop::No output expected::NO
+alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::YES
+sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES
+alice::ipsec statusall 2> /dev/null::192.168.0.50/32 === 10.2.0.0/16::YES
+sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === 192.168.0.50/32::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+alice::ifdown eth1::No output expected::NO
 alice::sleep 1::No output expected::NO
 alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES
 sun::  ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES
 alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES
 sun::  ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES
 sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES
 moon::tcpdump::alice.strongswan.org.*sun.strongswan.org: ESP.*seq=0x2::YES
index 66cbce7..95683fd 100644 (file)
@@ -10,7 +10,7 @@ conn %default
        keyexchange=ikev2
 
 conn mobike
-       left=PH_IP_ALICE1
+       left=192.168.0.50
        leftcert=aliceCert.pem
        leftid=alice@strongswan.org
        right=PH_IP_SUN
index f3fa920..f769310 100644 (file)
@@ -14,6 +14,6 @@ conn mobike
        leftcert=sunCert.pem
        leftid=@sun.strongswan.org
        leftsubnet=10.2.0.0/16
-       right=PH_IP_ALICE1
+       right=192.168.0.50
        rightid=alice@strongswan.org
        auto=add
index 32fdf00..e71b349 100644 (file)
@@ -1,5 +1,3 @@
 alice::ipsec stop
 sun::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
 sun::ip route del 10.1.0.0/16 via PH_IP_MOON
index 6666e77..12f05d8 100644 (file)
@@ -1,10 +1,7 @@
-alice::/etc/init.d/net.eth1 start
-alice::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+alice::ifup eth1
 sun::ip route add 10.1.0.0/16 via PH_IP_MOON
 alice::ipsec start
 sun::ipsec start
-alice::sleep 2 
+alice::sleep 2
 alice::ipsec up mobike
 alice::sleep 1
index 4a72b43..65a003d 100644 (file)
@@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES
 moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES
 moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001@strongswan.org::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA signature successful::YES
@@ -18,4 +18,4 @@ moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 22806012345600
 moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO
 dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
 dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/eap.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/eap.conf
new file mode 100644 (file)
index 0000000..7d80239
--- /dev/null
@@ -0,0 +1,5 @@
+eap {
+  default_eap_type = sim
+  sim {
+  }
+}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/modules/sim_files b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/modules/sim_files
new file mode 100644 (file)
index 0000000..10c26aa
--- /dev/null
@@ -0,0 +1,3 @@
+sim_files {
+       simtriplets = "/etc/freeradius/triplets.dat"
+}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/proxy.conf
new file mode 100644 (file)
index 0000000..23cba8d
--- /dev/null
@@ -0,0 +1,5 @@
+realm strongswan.org {
+  type     = radius
+  authhost = LOCAL
+  accthost = LOCAL
+}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/sites-available/default
new file mode 100644 (file)
index 0000000..91425f8
--- /dev/null
@@ -0,0 +1,61 @@
+authorize {
+  preprocess
+  chap
+  mschap
+  sim_files
+  suffix
+  eap {
+    ok = return
+  }
+  unix
+  files
+  expiration
+  logintime
+  pap
+}
+
+authenticate {
+  Auth-Type PAP {
+    pap
+  }
+  Auth-Type CHAP {
+    chap
+  }
+  Auth-Type MS-CHAP {
+    mschap
+  }
+  unix
+  eap
+}
+
+preacct {
+  preprocess
+  acct_unique
+  suffix
+  files
+}
+
+accounting {
+  detail
+  unix
+  radutmp
+  attr_filter.accounting_response
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  exec
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/triplets.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/triplets.dat
new file mode 100644 (file)
index 0000000..aaabab8
--- /dev/null
@@ -0,0 +1,6 @@
+228060123456001,30000000000000000000000000000000,30112233,305566778899AABB
+228060123456001,31000000000000000000000000000000,31112233,315566778899AABB
+228060123456001,32000000000000000000000000000000,32112233,325566778899AABB
+228060123456002,33000000000000000000000000000000,33112233,335566778899AABB
+228060123456002,34000000000000000000000000000000,34112233,345566778899AABB
+228060123456002,35000000000000000000000000000000,35112233,355566778899AABB
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/users b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/users
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/clients.conf
deleted file mode 100644 (file)
index f4e179a..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-client PH_IP_MOON1 {
-  secret    = gv6URkSs 
-  shortname = moon
-}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/eap.conf
deleted file mode 100644 (file)
index a202042..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-eap {
-  default_eap_type = sim 
-  sim {
-  }
-}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/proxy.conf
deleted file mode 100644 (file)
index 23cba8d..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-realm strongswan.org {
-  type     = radius
-  authhost = LOCAL
-  accthost = LOCAL
-}
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/radiusd.conf
deleted file mode 100644 (file)
index d77b818..0000000
+++ /dev/null
@@ -1,123 +0,0 @@
-# radiusd.conf -- FreeRADIUS server configuration file.
-
-prefix = /usr
-exec_prefix = ${prefix}
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = ${localstatedir}/log/radius
-raddbdir = ${sysconfdir}/raddb
-radacctdir = ${logdir}/radacct
-
-#  name of the running server.  See also the "-n" command-line option.
-name = radiusd
-
-#  Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = ${raddbdir}
-
-# libdir: Where to find the rlm_* modules.
-libdir = ${exec_prefix}/lib
-
-#  pidfile: Where to place the PID of the RADIUS server.
-pidfile = ${run_dir}/${name}.pid
-
-#  max_request_time: The maximum time (in seconds) to handle a request.
-max_request_time = 30
-
-#  cleanup_delay: The time to wait (in seconds) before cleaning up
-cleanup_delay = 5
-
-#  max_requests: The maximum number of requests which the server keeps
-max_requests = 1024
-
-#  listen: Make the server listen on a particular IP address, and send
-listen {
-  type = auth
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  This second "listen" section is for listening on the accounting
-#  port, too.
-#
-listen {
-  type  = acct
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  hostname_lookups: Log the names of clients or just their IP addresses
-hostname_lookups = no
-
-#  Core dumps are a bad thing.  This should only be set to 'yes'
-allow_core_dumps = no
-
-#  Regular expressions
-regular_expressions = yes
-extended_expressions = yes
-
-#  Logging section.  The various "log_*" configuration items
-log {
-  destination = files
-  file = ${logdir}/radius.log
-  syslog_facility = daemon
-  stripped_names = no
-  auth = yes 
-  auth_badpass = yes 
-  auth_goodpass = yes 
-}
-
-#  The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-#  Security considerations
-security {
-  max_attributes = 200
-  reject_delay = 1
-  status_server = yes
-}
-
-# PROXY CONFIGURATION
-proxy_requests = yes
-$INCLUDE proxy.conf
-
-# CLIENTS CONFIGURATION
-$INCLUDE clients.conf
-
-# THREAD POOL CONFIGURATION
-thread pool {
-  start_servers = 5
-  max_servers = 32
-  min_spare_servers = 3
-  max_spare_servers = 10
-  max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-modules {
-  $INCLUDE ${confdir}/modules/
-  $INCLUDE eap.conf
-  $INCLUDE sql.conf
-  $INCLUDE sql/mysql/counter.conf
-  sim_files {
-    simtriplets = "/etc/raddb/triplets.dat"
-  }
-}
-
-# Instantiation
-instantiate {
-  exec
-  expr
-  expiration
-  logintime
-}
-
-# Policies
-$INCLUDE policy.conf
-
-# Include all enabled virtual hosts
-$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/sites-available/default
deleted file mode 100644 (file)
index dfceb03..0000000
+++ /dev/null
@@ -1,62 +0,0 @@
-authorize {
-  preprocess
-  chap
-  mschap
-  sim_files
-  suffix
-  eap {
-    ok = return
-  }
-  unix
-  files
-  expiration
-  logintime
-  pap
-}
-
-authenticate {
-  Auth-Type PAP {
-    pap
-  }
-  Auth-Type CHAP {
-    chap
-  }
-  Auth-Type MS-CHAP {
-    mschap
-  }
-  unix
-  eap
-}
-
-preacct {
-  preprocess
-  acct_unique
-  suffix
-  files
-}
-
-accounting {
-  detail
-  unix
-  radutmp
-  attr_filter.accounting_response
-}
-
-session {
-  radutmp
-}
-
-post-auth {
-  exec
-  Post-Auth-Type REJECT {
-    attr_filter.access_reject
-  }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-  eap
-}
-
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/triplets.dat
deleted file mode 100644 (file)
index 002ee94..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
-228060123456001,30000000000000000000000000000000,30112233,305566778899AABB
-228060123456001,31000000000000000000000000000000,31112233,315566778899AABB
-228060123456001,32000000000000000000000000000000,32112233,325566778899AABB
-228060123456002,33000000000000000000000000000000,33112233,335566778899AABB
-228060123456002,34000000000000000000000000000000,34112233,345566778899AABB
-228060123456002,35000000000000000000000000000000,35112233,355566778899AABB
-
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/users b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/users
deleted file mode 100644 (file)
index e69de29..0000000
index dbe5601..6a4da66 100644 (file)
@@ -1,7 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-alice::/etc/init.d/radiusd stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
+alice::killall radiusd
index b3fd4cb..2d54c60 100644 (file)
@@ -1,11 +1,8 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-alice::cat /etc/raddb/clients.conf
-alice::cat /etc/raddb/eap.conf
-alice::cat /etc/raddb/proxy.conf
-alice::cat /etc/raddb/triplets.dat
-alice::/etc/init.d/radiusd start
+alice::cat /etc/freeradius/clients.conf
+alice::cat /etc/freeradius/eap.conf
+alice::cat /etc/freeradius/proxy.conf
+alice::cat /etc/freeradius/triplets.dat
+alice::radiusd
 moon::ipsec start
 carol::ipsec start
 dave::ipsec start
index 7041682..1cdb0b5 100644 (file)
@@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon"
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol dave"
+
+# UML instances on which FreeRadius is started
+#
+RADIUSHOSTS="alice"
index 2a93d11..b8074e6 100644 (file)
@@ -1,7 +1,7 @@
 The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
 tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
 Since both roadwarriors possess the same 10.1.0.0/25 subnet, gateway <b>sun</b> uses Source NAT
-after ESP decryption to map these subnets to 10.3.0.10 and 10.3.0.20, respectively.
+after ESP decryption to map these subnets to PH_IP_CAROL10 and PH_IP_DAVE10, respectively.
 <p/>
 In order to differentiate between the tunnels to <b>alice</b> and <b>venus</b>, respectively,
 <b>XFRM marks</b> are defined for both the inbound and outbound IPsec SAs and policies using
index db9e969..bb8e856 100644 (file)
@@ -6,13 +6,13 @@ sun::  ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@
 sun::  ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
 sun::  ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES
 sun::  ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.4510.*: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.4520.*: UDP::YES
-bob::tcpdump::10.3.0.10 > bob.strongswan.org: ICMP echo request::YES
-bob::tcpdump::10.3.0.20 > bob.strongswan.org: ICMP echo request::YES
-bob::tcpdump::bob.strongswan.org > 10.3.0.10: ICMP echo reply::YES
-bob::tcpdump::bob.strongswan.org > 10.3.0.20: ICMP echo reply::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4510.*: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4520.*: UDP::YES
+bob::tcpdump::PH_IP_CAROL10 > bob.strongswan.org: ICMP echo request::YES
+bob::tcpdump::PH_IP_DAVE10 > bob.strongswan.org: ICMP echo request::YES
+bob::tcpdump::bob.strongswan.org > PH_IP_CAROL10: ICMP echo reply::YES
+bob::tcpdump::bob.strongswan.org > PH_IP_DAVE10: ICMP echo reply::YES
index 89d5f53..2636ae8 100644 (file)
@@ -5,7 +5,8 @@ venus::ipsec stop
 alice::/etc/init.d/iptables stop 2> /dev/null
 venus::/etc/init.d/iptables stop 2> /dev/null
 sun::/etc/init.d/iptables stop 2> /dev/null
-moon::iptables -t nat -F
+moon::iptables-restore < /etc/iptables.flush
 moon::conntrack -F
+sun::iptables-restore < /etc/iptables.flush
 sun::conntrack -F
 sun::rm /etc/mark_updown
index 3ed13d5..17c7762 100644 (file)
@@ -1,21 +1,20 @@
 sun::/etc/init.d/iptables start 2> /dev/null
 alice::/etc/init.d/iptables start 2> /dev/null
 venus::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON
 moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 500  -j SNAT --to PH_IP_MOON:510
 moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_VENUS -p udp --sport 500  -j SNAT --to PH_IP_MOON:520
 moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 4500 -j SNAT --to PH_IP_MOON:4510
 moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_VENUS -p udp --sport 4500 -j SNAT --to PH_IP_MOON:4520
-sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3.0.10
-sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20
-sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 10
-sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 20
+sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to PH_IP_CAROL10
+sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to PH_IP_DAVE10
+sun::iptables -t mangle -A PREROUTING -d PH_IP_CAROL10 -j MARK --set-mark 10
+sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 20
 sun::ipsec start
 alice::ipsec start
 venus::ipsec start
-alice::sleep 2 
+alice::sleep 2
 alice::ipsec up nat-t
-venus::sleep 2 
+venus::sleep 2
 venus::ipsec up nat-t
 venus::sleep 2
index 051db97..6ec29c7 100644 (file)
@@ -3,7 +3,7 @@ venus::ipsec status 2> /dev/null::nat-t.*INSTALLED. TUNNEL, ESP in UDP::YES
 sun::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 sun::  ipsec status 2> /dev/null::nat-t.*\[PH_IP_ALICE\]::YES
 sun::  ipsec status 2> /dev/null::nat-t.*\[PH_IP_VENUS\]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES
index e0b458d..387dbae 100644 (file)
@@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES
 sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 moon:: sleep 6::no output expected::NO
-bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES
 alice::cat /var/log/daemon.log::sending keep alive::YES
 venus::cat /var/log/daemon.log::sending keep alive::YES
index 9c98e31..c60ffc7 100644 (file)
@@ -1,7 +1,7 @@
 moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
 bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES
index c98f5d7..2b37cad 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
 sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 97dd63c..460c659 100644 (file)
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18:
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun <sun.strongswan.org>.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES
 moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 4615c3e..f74eb6a 100644 (file)
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*b4:
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 1556143..113c3d9 100644 (file)
@@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*moon-be.*sun-be::YES
 moon:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*moon-ef.*sun-ef::YES
 sun::  ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*sun-be.*moon-be::YES
 sun::  ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*sun-ef.*moon-ef::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index c98f5d7..2b37cad 100644 (file)
@@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.
 sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index cbdddfb..ba909a2 100644 (file)
@@ -8,5 +8,5 @@
 
 : PSK 'My "home" is my "castle"!'
 
-192.168.0.1 : PSK   "Andi's home"
+PH_IP_MOON : PSK   "Andi's home"
 
index e47e709..bc03a39 100644 (file)
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 59d0372..e8e1a46 100644 (file)
@@ -1,15 +1,15 @@
 moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES 
-moon:: cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES 
+moon:: cat /var/log/daemon.log::subject address block PH_IP_SUN/32 is contained in issuer address block 192.168.0.0/24::YES
 moon:: cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES 
 moon:: cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES 
 sun::  cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES 
-sun::  cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES 
+sun::  cat /var/log/daemon.log::subject address block PH_IP_MOON/32 is contained in issuer address block 192.168.0.0/24::YES
 sun::  cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES 
 sun::  cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES 
 moon:: cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES
 sun::  cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 63d1cde..77ab6e7 100644 (file)
@@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index e47e709..bc03a39 100644 (file)
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 1ca7e2d..3b479ce 100644 (file)
@@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_seq=1::YES
-bob::  ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES
+alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_req=1::YES
+bob::  ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
 bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES
index c64158a..2a08ab3 100755 (executable)
@@ -196,8 +196,8 @@ up-client:)
            iptables -t nat -A PREROUTING -i $INT_INTERFACE -m mark --mark $PLUTO_MARK_OUT \
                     -d $OUT_NET -j NETMAP --to $SAME_NET
            iptables -I FORWARD 1 -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT -j ACCEPT
-            iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT \
-                     -s $SAME_NET -j NETMAP --to $IN_NET
+           iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT \
+                    -s $SAME_NET -j NETMAP --to $IN_NET
        fi
        ;;
 down-client:)
@@ -215,7 +215,11 @@ down-client:)
        if [ -n "$PLUTO_MARK_OUT" ]
        then
            iptables -t mangle -D PREROUTING $SET_MARK_OUT
+           iptables -t nat -D PREROUTING -i $INT_INTERFACE -m mark --mark $PLUTO_MARK_OUT \
+                    -d $OUT_NET -j NETMAP --to $SAME_NET
            iptables -D FORWARD -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT -j ACCEPT
+           iptables -t nat -D POSTROUTING -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT \
+                    -s $SAME_NET -j NETMAP --to $IN_NET
        fi
        ;;
 *)     echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
index dbd0610..f003f82 100644 (file)
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun
 sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index dda793f..4e2cc28 100755 (executable)
@@ -5,7 +5,7 @@ cd /etc/openssl
 echo "Content-type: application/ocsp-response"
 echo ""
 
-/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
-                      -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \
-                     -resp_no_certs -nmin 5 \
-                     -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+       -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \
+       -resp_no_certs -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat
index 74d22b9..4290613 100755 (executable)
@@ -5,7 +5,7 @@ cd /etc/openssl
 echo "Content-type: application/ocsp-response"
 echo ""
 
-/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
-                      -rkey winnetouKey.pem -rsigner winnetouCert.pem \
-                     -nmin 5 \
-                     -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+       -rkey winnetouKey.pem -rsigner winnetouCert.pem \
+       -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat
index e998b6a..59c3563 100755 (executable)
@@ -5,7 +5,7 @@ cd /etc/openssl
 echo "Content-type: application/ocsp-response"
 echo ""
 
-/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
-                      -rkey strongswanKey.pem -rsigner strongswanCert.pem \
-                     -resp_no_certs -nmin 5 \
-                     -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+       -rkey strongswanKey.pem -rsigner strongswanCert.pem \
+       -resp_no_certs -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat
index 92aa920..aa70321 100755 (executable)
@@ -6,9 +6,9 @@ echo "Content-type: application/ocsp-response"
 echo ""
 
 # simulate a delayed response
-sleep 5 
+sleep 5
 
-/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
-                      -rkey ocspKey.pem -rsigner ocspCert.pem \
-                     -nmin 5 \
-                     -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+       -rkey ocspKey.pem -rsigner ocspCert.pem \
+       -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat
index 20c4b2a..72aa7a6 100755 (executable)
@@ -5,7 +5,7 @@ cd /etc/openssl
 echo "Content-type: application/ocsp-response"
 echo ""
 
-/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
-                      -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \
-                     -nmin 5 \
-                     -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+       -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \
+       -nmin 5 \
+       -reqin /dev/stdin -respout /dev/stdout | cat
index a65460c..cf45f3b 100644 (file)
@@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES
 carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index 83a5e1b..75c5479 100644 (file)
@@ -1,5 +1,5 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req::YES
 carol::ssh PH_IP_ALICE hostname::alice::YES
 carol::cat /var/log/daemon.log::creating acquire job::YES
 carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED::YES
index 1d3a359..dbc6f8d 100644 (file)
@@ -1,6 +1,6 @@
 moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
 carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index d86758f..205a4d9 100644 (file)
@@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*caro
 carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES
 carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index f8cfb11..ba66197 100644 (file)
@@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index a39bf3a..d59eef5 100644 (file)
@@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 
index 2abfdd1..0ea4e21 100644 (file)
@@ -6,7 +6,7 @@ moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.*
 carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
 moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 
index 9c6ae73..6a20b8e 100644 (file)
@@ -15,8 +15,8 @@ moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES
 moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED, TUNNEL::YES
 carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
index 705d9ba..aa6d429 100644 (file)
@@ -18,8 +18,9 @@ dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswa
 moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES
 dave ::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::NO
 dave ::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
+dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org::ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org::ESP:YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/eap.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/eap.conf
new file mode 100644 (file)
index 0000000..623f429
--- /dev/null
@@ -0,0 +1,5 @@
+eap {
+  default_eap_type = md5
+  md5 {
+  }
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/proxy.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/proxy.conf
new file mode 100644 (file)
index 0000000..783587b
--- /dev/null
@@ -0,0 +1,5 @@
+realm LOCAL {
+  type     = radius
+  authhost = LOCAL
+  accthost = LOCAL
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/sites-available/default
new file mode 100644 (file)
index 0000000..a67a5dc
--- /dev/null
@@ -0,0 +1,42 @@
+authorize {
+  eap {
+    ok = return
+  }
+  files
+}
+
+authenticate {
+  eap
+}
+
+preacct {
+  preprocess
+  acct_unique
+  suffix
+  files
+}
+
+accounting {
+  detail
+  unix
+  radutmp
+  attr_filter.accounting_response
+}
+
+session {
+  radutmp
+}
+
+post-auth {
+  exec
+  Post-Auth-Type REJECT {
+    attr_filter.access_reject
+  }
+}
+
+pre-proxy {
+}
+
+post-proxy {
+  eap
+}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/users b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/users
new file mode 100644 (file)
index 0000000..62d4591
--- /dev/null
@@ -0,0 +1,4 @@
+carol  Cleartext-Password := "Ar3etTnp"
+               Class = "Research"
+dave   Cleartext-Password := "W7R0g3do"
+               Class = "Accounting"
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/clients.conf
deleted file mode 100644 (file)
index f4e179a..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-client PH_IP_MOON1 {
-  secret    = gv6URkSs 
-  shortname = moon
-}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/eap.conf
deleted file mode 100644 (file)
index 623f429..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-eap {
-  default_eap_type = md5
-  md5 {
-  }
-}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/proxy.conf
deleted file mode 100644 (file)
index 783587b..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-realm LOCAL {
-  type     = radius
-  authhost = LOCAL
-  accthost = LOCAL
-}
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/radiusd.conf
deleted file mode 100644 (file)
index 1143a04..0000000
+++ /dev/null
@@ -1,120 +0,0 @@
-# radiusd.conf -- FreeRADIUS server configuration file.
-
-prefix = /usr
-exec_prefix = ${prefix}
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = ${localstatedir}/log/radius
-raddbdir = ${sysconfdir}/raddb
-radacctdir = ${logdir}/radacct
-
-#  name of the running server.  See also the "-n" command-line option.
-name = radiusd
-
-#  Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = ${raddbdir}
-
-# libdir: Where to find the rlm_* modules.
-libdir = ${exec_prefix}/lib
-
-#  pidfile: Where to place the PID of the RADIUS server.
-pidfile = ${run_dir}/${name}.pid
-
-#  max_request_time: The maximum time (in seconds) to handle a request.
-max_request_time = 30
-
-#  cleanup_delay: The time to wait (in seconds) before cleaning up
-cleanup_delay = 5
-
-#  max_requests: The maximum number of requests which the server keeps
-max_requests = 1024
-
-#  listen: Make the server listen on a particular IP address, and send
-listen {
-  type = auth
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  This second "listen" section is for listening on the accounting
-#  port, too.
-#
-listen {
-  type  = acct
-  ipaddr = PH_IP_ALICE 
-  port = 0
-}
-
-#  hostname_lookups: Log the names of clients or just their IP addresses
-hostname_lookups = no
-
-#  Core dumps are a bad thing.  This should only be set to 'yes'
-allow_core_dumps = no
-
-#  Regular expressions
-regular_expressions = yes
-extended_expressions = yes
-
-#  Logging section.  The various "log_*" configuration items
-log {
-  destination = files
-  file = ${logdir}/radius.log
-  syslog_facility = daemon
-  stripped_names = no
-  auth = yes 
-  auth_badpass = yes 
-  auth_goodpass = yes 
-}
-
-#  The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-#  Security considerations
-security {
-  max_attributes = 200
-  reject_delay = 1
-  status_server = yes
-}
-
-# PROXY CONFIGURATION
-proxy_requests = yes
-$INCLUDE proxy.conf
-
-# CLIENTS CONFIGURATION
-$INCLUDE clients.conf
-
-# THREAD POOL CONFIGURATION
-thread pool {
-  start_servers = 5
-  max_servers = 32
-  min_spare_servers = 3
-  max_spare_servers = 10
-  max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-modules {
-  $INCLUDE ${confdir}/modules/
-  $INCLUDE eap.conf
-  $INCLUDE sql.conf
-  $INCLUDE sql/mysql/counter.conf
-}
-
-# Instantiation
-instantiate {
-  exec
-  expr
-  expiration
-  logintime
-}
-
-# Policies
-$INCLUDE policy.conf
-
-# Include all enabled virtual hosts
-$INCLUDE sites-enabled/
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/sites-available/default
deleted file mode 100644 (file)
index 2de32a6..0000000
+++ /dev/null
@@ -1,43 +0,0 @@
-authorize {
-  eap {
-    ok = return
-  }
-  files
-}
-
-authenticate {
-  eap
-}
-
-preacct {
-  preprocess
-  acct_unique
-  suffix
-  files
-}
-
-accounting {
-  detail
-  unix
-  radutmp
-  attr_filter.accounting_response
-}
-
-session {
-  radutmp
-}
-
-post-auth {
-  exec
-  Post-Auth-Type REJECT {
-    attr_filter.access_reject
-  }
-}
-
-pre-proxy {
-}
-
-post-proxy {
-  eap
-}
-
diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/users
deleted file mode 100644 (file)
index 62d4591..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-carol  Cleartext-Password := "Ar3etTnp"
-               Class = "Research"
-dave   Cleartext-Password := "W7R0g3do"
-               Class = "Accounting"
index dbe5601..34057da 100644 (file)
@@ -1,7 +1,7 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-alice::/etc/init.d/radiusd stop
+alice::killall radiusd
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
index 6d6ad38..4d4c83d 100644 (file)
@@ -1,7 +1,7 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
-alice::/etc/init.d/radiusd start 
+alice::radiusd
 moon::ipsec start
 carol::ipsec start
 dave::ipsec start
@@ -9,5 +9,5 @@ carol::sleep 1
 carol::ipsec up alice
 carol::ipsec up venus
 dave::ipsec up alice
-dave::ipsec up venus 
+dave::ipsec up venus
 dave::sleep 1
index a239b56..42d2c31 100644 (file)
@@ -2,13 +2,13 @@ carol::cat /var/log/daemon.log::configured EAP-Identity carol::YES
 carol::cat /var/log/daemon.log::added EAP secret for carol moon.strongswan.org::YES
 carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
 carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES
+moon:: cat /var/log/daemon.log::authentication of 'PH_IP_CAROL' with EAP successful::YES
 moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES
-moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[PH_IP_CAROL]::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_C