echo -n " --enable-tnccs-dynamic" >> $INSTALLSHELL
fi
+if [ "$USE_IMC_TEST" = "yes" ]
+then
+ echo -n " --enable-imc-test" >> $INSTALLSHELL
+fi
+
+if [ "$USE_IMV_TEST" = "yes" ]
+then
+ echo -n " --enable-imv-test" >> $INSTALLSHELL
+fi
+
if [ "$USE_SQL" = "yes" ]
then
echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL
# Bzipped kernel sources
# (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.38.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.38.5.tar.bz2
# Extract kernel version
KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
USE_TNCCS_11="yes"
USE_TNCCS_20="yes"
USE_TNCCS_DYNAMIC="yes"
+USE_IMC_TEST="yes"
+USE_IMV_TEST="yes"
USE_SQL="yes"
USE_MEDIATION="yes"
USE_OPENSSL="yes"
the clients doing EAP-MD5 password-based authentication.
In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the
health of <b>carol</b> and <b>dave</b> via the <b>TNCCS 2.0 </b> client-server interface
-compliant with <b>RFC 5793 PB-TNC</b>.
+compliant with <b>RFC 5793 PB-TNC</b>. The IMC and IMV communicate using the <b>RFC 5792 PA-TNC</b>
+protocol.
<p>
<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the
clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets,
dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES
dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'carol@strongswan.org' is 'allow'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'allow'::YES
+moon::cat /var/log/daemon.log::added group membership 'allow'::YES
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon::cat /var/log/auth.log::policy enforced on peer 'dave@strongswan.org' is 'isolate'::YES
-moon::cat /var/log/daemon.log::policy enforcement point added group membership 'isolate'::YES
+moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
config setup
plutostart=no
- charondebug="tls 2, tnc 3"
+ charondebug="tnc 3, imc 2"
conn %default
ikelifetime=60m
}
}
}
+
+imc-test {
+ command = allow
+}
#IMC configuration file for strongSwan client
-IMC "Dummy" /usr/local/lib/libdummyimc.so
-#IMC "HostScanner" /usr/local/lib/libhostscannerimc.so
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
config setup
plutostart=no
- charondebug="tls 2, tnc 3"
+ charondebug="tnc 3, imc 2"
conn %default
ikelifetime=60m
}
}
}
+
+imc-test {
+ command = isolate
+}
#IMC configuration file for strongSwan client
-IMC "Dummy" /usr/local/lib/libdummyimc.so
-#IMC "HostScanner" /usr/local/lib/libhostscannerimc.so
+IMC "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imc-test.so
config setup
strictcrlpolicy=no
plutostart=no
- charondebug="tls 2, tnc 3"
+ charondebug="tnc 3, imv 2"
conn %default
ikelifetime=60m
}
}
}
+
+imv-test {
+ rounds = 1
+}
#IMV configuration file for strongSwan server
-IMV "Dummy" /usr/local/lib/libdummyimv.so
-#IMV "HostScanner" /usr/local/lib/libhostscannerimv.so
+IMV "Test" /usr/local/libexec/ipsec/plugins/libstrongswan-imv-test.so