renamed tncss-20-retry scenario to tnccs-20-client-retry
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 23 Jun 2011 17:59:00 +0000 (19:59 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 23 Jun 2011 17:59:00 +0000 (19:59 +0200)
34 files changed:
testing/tests/tnc/tnccs-20-client-retry/description.txt [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/evaltest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/tnc_config [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/posttest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/pretest.dat [new file with mode: 0644]
testing/tests/tnc/tnccs-20-client-retry/test.conf [new file with mode: 0644]
testing/tests/tnc/tnccs-20-retry/description.txt [deleted file]
testing/tests/tnc/tnccs-20-retry/evaltest.dat [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-retry/posttest.dat [deleted file]
testing/tests/tnc/tnccs-20-retry/pretest.dat [deleted file]
testing/tests/tnc/tnccs-20-retry/test.conf [deleted file]

diff --git a/testing/tests/tnc/tnccs-20-client-retry/description.txt b/testing/tests/tnc/tnccs-20-client-retry/description.txt
new file mode 100644 (file)
index 0000000..c8e1afd
--- /dev/null
@@ -0,0 +1,13 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+using EAP-TTLS authentication only with the gateway presenting a server certificate and
+the clients doing EAP-MD5 password-based authentication.
+In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
+health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface
+compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate are using the <b>IF-M</b>
+protocol defined by <b>RFC 5792 PA-TNC</b>.
+<p>
+The first time around both <b>carol</b> and <b>dave</b> fail the health test but they
+request a handshake retry. After remediation <b>carol</b> succeeds but <b>dave</b>
+still fails. Thus based on this second round of measurements the clients are connected
+by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
+</p>
diff --git a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat
new file mode 100644 (file)
index 0000000..737c9b9
--- /dev/null
@@ -0,0 +1,19 @@
+carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
+carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
+dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
+dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
+dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
+moon::cat /var/log/daemon.log::added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
+moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
+moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
+dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..847ca2e
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 2"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..74942af
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..38360cc
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
+  multiple_authentication=no
+  plugins {
+    eap-tnc {
+      protocol = tnccs-2.0
+    }
+  }
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = isolate 
+      retry = yes
+      retry_command = allow
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/tnc_config
new file mode 100644 (file)
index 0000000..d3d574c
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..f0ad472
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="tnc 3, imc 2"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftauth=eap
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsendcert=never
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..5496df7
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..2ec5dca
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
+  multiple_authentication=no
+  plugins {
+    eap-tnc {
+      protocol = tnccs-2.0
+    }
+    tnc-imc {
+      preferred_language = ru , de, en
+    }
+  }
+}
+
+libimcv {
+  plugins {
+    imc-test {
+      command = isolate
+      retry = yes
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/tnc_config
new file mode 100644 (file)
index 0000000..d3d574c
--- /dev/null
@@ -0,0 +1,3 @@
+#IMC configuration file for strongSwan client 
+
+IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..9eec484
--- /dev/null
@@ -0,0 +1,36 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       strictcrlpolicy=no
+       plutostart=no
+       charondebug="tnc 3, imv 2"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn rw-allow
+       rightgroups=allow
+       leftsubnet=10.1.0.0/28
+       also=rw-eap
+       auto=add
+
+conn rw-isolate
+       rightgroups=isolate
+       leftsubnet=10.1.0.16/28
+       also=rw-eap
+       auto=add
+
+conn rw-eap
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftauth=eap-ttls
+       leftfirewall=yes
+       rightauth=eap-ttls
+       rightid=*@strongswan.org
+       rightsendcert=never
+       right=%any
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..2e277cc
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : EAP "Ar3etTnp"
+dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..933bac8
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
+  multiple_authentication=no
+  plugins {
+    eap-ttls {
+      phase2_method = md5
+      phase2_piggyback = yes
+      phase2_tnc = yes
+    }
+    eap-tnc {
+      protocol = tnccs-2.0
+    }
+  }
+}
+
+libimcv {
+  plugins {
+    imv-test {
+      rounds = 0 
+    }
+  }
+}
diff --git a/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/tnc_config
new file mode 100644 (file)
index 0000000..0b5ff57
--- /dev/null
@@ -0,0 +1,3 @@
+#IMV configuration file for strongSwan server 
+
+IMV "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
diff --git a/testing/tests/tnc/tnccs-20-client-retry/posttest.dat b/testing/tests/tnc/tnccs-20-client-retry/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-client-retry/pretest.dat b/testing/tests/tnc/tnccs-20-client-retry/pretest.dat
new file mode 100644 (file)
index 0000000..208f9da
--- /dev/null
@@ -0,0 +1,13 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::cat /etc/tnc_config
+carol::cat /etc/tnc_config
+dave::cat /etc/tnc_config
+moon::ipsec start
+carol::ipsec start 
+dave::ipsec start 
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
+dave::sleep 1
diff --git a/testing/tests/tnc/tnccs-20-client-retry/test.conf b/testing/tests/tnc/tnccs-20-client-retry/test.conf
new file mode 100644 (file)
index 0000000..e28b825
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# UML instances on which FreeRadius is started
+#
+RADIUSHOSTS=
+
diff --git a/testing/tests/tnc/tnccs-20-retry/description.txt b/testing/tests/tnc/tnccs-20-retry/description.txt
deleted file mode 100644 (file)
index c8e1afd..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
-health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate are using the <b>IF-M</b>
-protocol defined by <b>RFC 5792 PA-TNC</b>.
-<p>
-The first time around both <b>carol</b> and <b>dave</b> fail the health test but they
-request a handshake retry. After remediation <b>carol</b> succeeds but <b>dave</b>
-still fails. Thus based on this second round of measurements the clients are connected
-by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
-</p>
diff --git a/testing/tests/tnc/tnccs-20-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-retry/evaltest.dat
deleted file mode 100644 (file)
index 737c9b9..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES
-dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
-dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
-moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
-moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
-
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 847ca2e..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_CAROL
-       leftid=carol@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 74942af..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 38360cc..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = isolate 
-      retry = yes
-      retry_command = allow
-    }
-  }
-}
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-retry/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index d3d574c..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index f0ad472..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       plutostart=no
-       charondebug="tnc 3, imc 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn home
-       left=PH_IP_DAVE
-       leftid=dave@strongswan.org
-       leftauth=eap
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsendcert=never
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 5496df7..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-dave@strongswan.org : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 2ec5dca..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-20 updown
-  multiple_authentication=no
-  plugins {
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-    tnc-imc {
-      preferred_language = ru , de, en
-    }
-  }
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = isolate
-      retry = yes
-    }
-  }
-}
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-retry/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index d3d574c..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 9eec484..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       strictcrlpolicy=no
-       plutostart=no
-       charondebug="tnc 3, imv 2"
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn rw-allow
-       rightgroups=allow
-       leftsubnet=10.1.0.0/28
-       also=rw-eap
-       auto=add
-
-conn rw-isolate
-       rightgroups=isolate
-       leftsubnet=10.1.0.16/28
-       also=rw-eap
-       auto=add
-
-conn rw-eap
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftauth=eap-ttls
-       leftfirewall=yes
-       rightauth=eap-ttls
-       rightid=*@strongswan.org
-       rightsendcert=never
-       right=%any
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 2e277cc..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 933bac8..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-20 tnc-imv updown
-  multiple_authentication=no
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-    eap-tnc {
-      protocol = tnccs-2.0
-    }
-  }
-}
-
-libimcv {
-  plugins {
-    imv-test {
-      rounds = 0 
-    }
-  }
-}
diff --git a/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-retry/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index 0b5ff57..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-#IMV configuration file for strongSwan server 
-
-IMV "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so
diff --git a/testing/tests/tnc/tnccs-20-retry/posttest.dat b/testing/tests/tnc/tnccs-20-retry/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-retry/pretest.dat b/testing/tests/tnc/tnccs-20-retry/pretest.dat
deleted file mode 100644 (file)
index 208f9da..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-moon::ipsec start
-carol::ipsec start 
-dave::ipsec start 
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-dave::sleep 1
diff --git a/testing/tests/tnc/tnccs-20-retry/test.conf b/testing/tests/tnc/tnccs-20-retry/test.conf
deleted file mode 100644 (file)
index e28b825..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# UML instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-