upgraded pfkey scenarios to 5.0.0
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 5 May 2012 09:55:48 +0000 (11:55 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 5 May 2012 09:55:48 +0000 (11:55 +0200)
53 files changed:
testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/alg-sha384/evaltest.dat
testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf
testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/alg-sha512/evaltest.dat
testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf
testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/esp-alg-null/evaltest.dat
testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf
testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/host2host-transport/evaltest.dat
testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf
testing/tests/pfkey/nat-rw/description.txt [new file with mode: 0644]
testing/tests/pfkey/nat-rw/evaltest.dat [new file with mode: 0644]
testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf [new file with mode: 0755]
testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf [new file with mode: 0755]
testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf [new file with mode: 0644]
testing/tests/pfkey/nat-rw/posttest.dat [new file with mode: 0644]
testing/tests/pfkey/nat-rw/pretest.dat [new file with mode: 0644]
testing/tests/pfkey/nat-rw/test.conf [new file with mode: 0644]
testing/tests/pfkey/nat-two-rw/description.txt [deleted file]
testing/tests/pfkey/nat-two-rw/evaltest.dat [deleted file]
testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf [deleted file]
testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf [deleted file]
testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf [deleted file]
testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf [deleted file]
testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf [deleted file]
testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf [deleted file]
testing/tests/pfkey/nat-two-rw/posttest.dat [deleted file]
testing/tests/pfkey/nat-two-rw/pretest.dat [deleted file]
testing/tests/pfkey/nat-two-rw/test.conf [deleted file]
testing/tests/pfkey/net2net-route/evaltest.dat
testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf
testing/tests/pfkey/protoport-dual/evaltest.dat
testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf
testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/protoport-route/evaltest.dat
testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf
testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/rw-cert/evaltest.dat
testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf
testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf
testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/shunt-policies/evaltest.dat
testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf
testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf

index 24e36eb..9ca168e 100644 (file)
@@ -1,12 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES
-carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES
-moon::ip xfrm state::auth xcbc(aes)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
+moon:: ip xfrm state::auth xcbc(aes)::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
-
index 33e6a84..806923e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 208477d..5f55bb7 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 31bb64c..21b3d5a 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-moon::ip xfrm state::auth hmac(sha384)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+moon:: ip xfrm state::auth hmac(sha384)::YES
 carol::ip xfrm state::auth hmac(sha384)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
index d38b7df..14fce03 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index ea84cd8..06a887f 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index e0f5fb7..7b94d21 100644 (file)
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-moon::ip xfrm state::auth hmac(sha512)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+moon:: ip xfrm state::auth hmac(sha512)::YES
 carol::ip xfrm state::auth hmac(sha512)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
index 583522d..33f619e 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 40fec93..f76a426 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index d5c0a64..271e274 100644 (file)
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::NULL/HMAC_SHA1_96::YES
-carol::ipsec statusall::NULL/HMAC_SHA1_96::YES
-moon::ip xfrm state::enc ecb(cipher_null)::YES
+moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+moon:: ip xfrm state::enc ecb(cipher_null)::YES
 carol::ip xfrm state::enc ecb(cipher_null)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length::YES
index 5640d74..dbf53b5 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index 91f4a7c..deb022f 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default
index b3cade4..5ef5bed 100644 (file)
@@ -1,8 +1,10 @@
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
 moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
-moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
-sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
 moon::ip xfrm state::mode transport::YES
-sun::ip xfrm state::mode transport::YES
+sun:: ip xfrm state::mode transport::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 7f6c5a5..7b4ab64 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index af52fb2..c2d251a 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
diff --git a/testing/tests/pfkey/nat-rw/description.txt b/testing/tests/pfkey/nat-rw/description.txt
new file mode 100644 (file)
index 0000000..dcf4b94
--- /dev/null
@@ -0,0 +1,5 @@
+The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
+tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
+ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/pfkey/nat-rw/evaltest.dat b/testing/tests/pfkey/nat-rw/evaltest.dat
new file mode 100644 (file)
index 0000000..a0b9c67
--- /dev/null
@@ -0,0 +1,12 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..28f7330
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+               
+conn nat-t
+       left=%defaultroute
+       leftcert=aliceCert.pem
+       leftid=alice@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..21015f8
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+}
diff --git a/testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..fdd3b61
--- /dev/null
@@ -0,0 +1,33 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       left=PH_IP_SUN
+       leftcert=sunCert.pem
+       leftid=@sun.strongswan.org
+       leftfirewall=yes
+
+conn net-net
+       leftsubnet=10.2.0.0/16
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
+
+conn host-host
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       auto=add
+
+conn nat-t
+       leftsubnet=10.2.0.0/16
+       right=%any
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..21015f8
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+}
diff --git a/testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..9f7369d
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn nat-t
+       left=%defaultroute
+       leftcert=venusCert.pem
+       leftid=@venus.strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..21015f8
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+}
diff --git a/testing/tests/pfkey/nat-rw/posttest.dat b/testing/tests/pfkey/nat-rw/posttest.dat
new file mode 100644 (file)
index 0000000..52572ec
--- /dev/null
@@ -0,0 +1,8 @@
+sun::ipsec stop
+alice::ipsec stop
+venus::ipsec stop
+alice::/etc/init.d/iptables stop 2> /dev/null
+venus::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables -t nat -F
+moon::conntrack -F
diff --git a/testing/tests/pfkey/nat-rw/pretest.dat b/testing/tests/pfkey/nat-rw/pretest.dat
new file mode 100644 (file)
index 0000000..e365ff5
--- /dev/null
@@ -0,0 +1,14 @@
+alice::/etc/init.d/iptables start 2> /dev/null
+venus::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+alice::ipsec start
+venus::ipsec start
+sun::ipsec start
+alice::sleep 2 
+alice::ipsec up nat-t
+venus::sleep 2 
+venus::ipsec up nat-t
+venus::sleep 2
diff --git a/testing/tests/pfkey/nat-rw/test.conf b/testing/tests/pfkey/nat-rw/test.conf
new file mode 100644 (file)
index 0000000..84317fd
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/pfkey/nat-two-rw/description.txt b/testing/tests/pfkey/nat-two-rw/description.txt
deleted file mode 100644 (file)
index dcf4b94..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
-tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
-ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/pfkey/nat-two-rw/evaltest.dat b/testing/tests/pfkey/nat-two-rw/evaltest.dat
deleted file mode 100644 (file)
index bd0a4b5..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-venus::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec status::alice@strongswan.org::YES
-sun::ipsec status::venus.strongswan.org::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf
deleted file mode 100755 (executable)
index 3da2fcf..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-               
-conn nat-t
-       left=%defaultroute
-       leftcert=aliceCert.pem
-       leftid=alice@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_SUN
-       rightid=@sun.strongswan.org
-       rightsubnet=10.2.0.0/16
-       auto=add
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
deleted file mode 100644 (file)
index 21015f8..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
-}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf
deleted file mode 100755 (executable)
index d8b4263..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       left=PH_IP_SUN
-       leftcert=sunCert.pem
-       leftid=@sun.strongswan.org
-       leftfirewall=yes
-
-conn net-net
-       leftsubnet=10.2.0.0/16
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       auto=add
-
-conn host-host
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       auto=add
-
-conn nat-t
-       leftsubnet=10.2.0.0/16
-       right=%any
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
deleted file mode 100644 (file)
index 21015f8..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
-}
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf
deleted file mode 100755 (executable)
index 3a70b34..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-
-conn nat-t
-       left=%defaultroute
-       leftcert=venusCert.pem
-       leftid=@venus.strongswan.org
-       leftfirewall=yes
-       right=PH_IP_SUN
-       rightid=@sun.strongswan.org
-       rightsubnet=10.2.0.0/16
-       auto=add
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
deleted file mode 100644 (file)
index 21015f8..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
-}
diff --git a/testing/tests/pfkey/nat-two-rw/posttest.dat b/testing/tests/pfkey/nat-two-rw/posttest.dat
deleted file mode 100644 (file)
index 52572ec..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-sun::ipsec stop
-alice::ipsec stop
-venus::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-venus::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-moon::iptables -t nat -F
-moon::conntrack -F
diff --git a/testing/tests/pfkey/nat-two-rw/pretest.dat b/testing/tests/pfkey/nat-two-rw/pretest.dat
deleted file mode 100644 (file)
index e365ff5..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-alice::/etc/init.d/iptables start 2> /dev/null
-venus::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-alice::ipsec start
-venus::ipsec start
-sun::ipsec start
-alice::sleep 2 
-alice::ipsec up nat-t
-venus::sleep 2 
-venus::ipsec up nat-t
-venus::sleep 2
diff --git a/testing/tests/pfkey/nat-two-rw/test.conf b/testing/tests/pfkey/nat-two-rw/test.conf
deleted file mode 100644 (file)
index 84317fd..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice venus sun"
index a89e5a2..9adb31e 100644 (file)
@@ -1,6 +1,9 @@
-moon::cat /var/log/daemon.log::creating acquire job::YES
-moon::ipsec statusall::net-net.*INSTALLED::YES
-sun::ipsec statusall::net-net.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ROUTED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::creating acquire job::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
index 8a2f8b7..c15fdbb 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 24e5df5..b932331 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index bd24b91..d2fc698 100644 (file)
@@ -1,7 +1,9 @@
-carol::ipsec statusall::home-icmp.*INSTALLED::YES
-carol::ipsec statusall::home-ssh.*INSTALLED::YES
-moon::ipsec statusall::rw-icmp.*INSTALLED::YES
-moon::ipsec statusall::rw-ssh.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
 carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
index 51971a1..d7c48a7 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 0d7e8db..84ebd77 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 78d0629..09dfd8f 100644 (file)
@@ -2,9 +2,11 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
 carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
 carol::ssh PH_IP_ALICE hostname::alice::YES
 carol::cat /var/log/daemon.log::creating acquire job::YES
-carol::ipsec statusall::home-icmp.*INSTALLED::YES
-carol::ipsec statusall::home-ssh.*INSTALLED::YES
-moon::ipsec statusall::rw-icmp.*INSTALLED::YES
-moon::ipsec statusall::rw-ssh.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
index d76a6ee..bd0fbbe 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 0d7e8db..84ebd77 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 06a0f8c..b545c22 100644 (file)
@@ -1,10 +1,14 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
index bcdb864..d0e7ae2 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index ea8bc92..d917f6d 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2745213..00a5220 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 2f6e1a9..87368fb 100644 (file)
@@ -1,15 +1,19 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::local-net.*PASS::YES
+moon:: ipsec status 2> /dev/null::venus-icmp.*DROP::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
 venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO
 venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-moon::ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
 venus::ssh PH_IP_BOB hostname::bob::YES
index a4958f2..f87bfa8 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index c3b36fb..f952be1 100755 (executable)
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default