added the ikev2/rw-eap-tnc-20 scenario based on the RFC 5792 PA-TNC protocol
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 30 May 2011 19:31:50 +0000 (21:31 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 30 May 2011 19:31:50 +0000 (21:31 +0200)
13 files changed:
testing/scripts/build-umlrootfs
testing/testing.conf
testing/tests/ikev2/rw-eap-tnc-20/description.txt
testing/tests/ikev2/rw-eap-tnc-20/evaltest.dat
testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/strongswan.conf
testing/tests/ikev2/rw-eap-tnc-20/hosts/carol/etc/tnc_config
testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/strongswan.conf
testing/tests/ikev2/rw-eap-tnc-20/hosts/dave/etc/tnc_config
testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/strongswan.conf
testing/tests/ikev2/rw-eap-tnc-20/hosts/moon/etc/tnc_config

index 182feab..03ef748 100755 (executable)
@@ -217,6 +217,16 @@ then
     echo -n " --enable-tnccs-dynamic" >> $INSTALLSHELL
 fi
 
+if [ "$USE_IMC_TEST" = "yes" ]
+then
+    echo -n " --enable-imc-test" >> $INSTALLSHELL
+fi
+
+if [ "$USE_IMV_TEST" = "yes" ]
+then
+    echo -n " --enable-imv-test" >> $INSTALLSHELL
+fi
+
 if [ "$USE_SQL" = "yes" ]
 then
     echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL
index 9b56094..075f43c 100755 (executable)
@@ -19,7 +19,7 @@ UMLTESTDIR=~/strongswan-testing
 
 # Bzipped kernel sources
 # (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.38.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.38.5.tar.bz2
 
 # Extract kernel version
 KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
@@ -51,6 +51,8 @@ USE_TNC_IMV="yes"
 USE_TNCCS_11="yes"
 USE_TNCCS_20="yes"
 USE_TNCCS_DYNAMIC="yes"
+USE_IMC_TEST="yes"
+USE_IMV_TEST="yes"
 USE_SQL="yes"
 USE_MEDIATION="yes"
 USE_OPENSSL="yes"
index 6a9c5dd..410ccca 100644 (file)
@@ -3,7 +3,8 @@ using EAP-TTLS authentication only with the gateway presenting a server certific
 the clients doing EAP-MD5 password-based authentication.
 In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
 health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>.
+compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate using the <b>RFC 5792 PA-TNC</b>
+protocol.
 <p>
 <b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
 clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
index d334a9b..737c9b9 100644 (file)
@@ -6,11 +6,9 @@ dave::cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YE
 dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
 dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::added group membership 'allow'::YES
 moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
+moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
 moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
index c19192d..847ca2e 100755 (executable)
@@ -2,7 +2,7 @@
 
 config setup
        plutostart=no
-       charondebug="tls 2, tnc 3"
+       charondebug="tnc 3, imc 2"
 
 conn %default
        ikelifetime=60m
index d2fabe1..d3d574c 100644 (file)
@@ -1,4 +1,3 @@
 #IMC configuration file for strongSwan client 
 
-IMC "Dummy"            /usr/local/lib/libdummyimc.so
-#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
+IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
index 7d5ea8b..f0ad472 100755 (executable)
@@ -2,7 +2,7 @@
 
 config setup
        plutostart=no
-       charondebug="tls 2, tnc 3"
+       charondebug="tnc 3, imc 2"
 
 conn %default
        ikelifetime=60m
index d2fabe1..d3d574c 100644 (file)
@@ -1,4 +1,3 @@
 #IMC configuration file for strongSwan client 
 
-IMC "Dummy"            /usr/local/lib/libdummyimc.so
-#IMC "HostScanner"     /usr/local/lib/libhostscannerimc.so
+IMC "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
index 50514c9..9eec484 100755 (executable)
@@ -3,7 +3,7 @@
 config setup
        strictcrlpolicy=no
        plutostart=no
-       charondebug="tls 2, tnc 3"
+       charondebug="tnc 3, imv 2"
 
 conn %default
        ikelifetime=60m
index 140caa9..0b5ff57 100644 (file)
@@ -1,4 +1,3 @@
 #IMV configuration file for strongSwan server 
 
-IMV "Dummy"            /usr/local/lib/libdummyimv.so
-#IMV "HostScanner"     /usr/local/lib/libhostscannerimv.so
+IMV "Test"     /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so