added ikev1 pluto-charon interoperability scenarios
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 23 May 2012 12:47:41 +0000 (14:47 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 23 May 2012 12:47:41 +0000 (14:47 +0200)
508 files changed:
testing/tests/ikev1-c-p/alg-blowfish/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/alg-blowfish/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/alg-blowfish/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/alg-blowfish/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/alg-blowfish/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/config-payload/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/nat-rw/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-cert/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-cert/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-cert/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/net2net-cert/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-cert/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-cert/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk-fail/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/net2net-psk/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-cert/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-fqdn/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/rw-psk-ipv4/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-psk-config/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-id-rsa/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-psk/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa-config/test.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/description.txt [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-c-p/xauth-rsa/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/alg-blowfish/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/config-payload/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/nat-rw/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/nat-rw/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/nat-rw/hosts/alice/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/nat-rw/hosts/venus/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/nat-rw/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/nat-rw/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/nat-rw/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-cert/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-cert/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-cert/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-cert/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-cert/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-cert/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk-fail/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/net2net-psk/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-cert/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-fqdn/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/rw-psk-ipv4/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-psk-config/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-id-rsa/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-psk/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa-config/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-c/xauth-rsa/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/alg-blowfish/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/alg-blowfish/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/alg-blowfish/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/alg-blowfish/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/config-payload/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/config-payload/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/config-payload/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/config-payload/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/nat-rw/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/nat-rw/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/nat-rw/hosts/alice/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/nat-rw/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/nat-rw/hosts/venus/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/nat-rw/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/nat-rw/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/nat-rw/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-cert/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-cert/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-cert/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/net2net-cert/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/net2net-cert/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-cert/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-cert/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk-fail/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/hosts/sun/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/net2net-psk/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-cert/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-fqdn/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/rw-psk-ipv4/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-psk-config/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-id-rsa/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-psk/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa-config/test.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/description.txt [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/posttest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/pretest.dat [new file with mode: 0644]
testing/tests/ikev1-p-p/xauth-rsa/test.conf [new file with mode: 0644]

diff --git a/testing/tests/ikev1-c-p/alg-blowfish/description.txt b/testing/tests/ikev1-c-p/alg-blowfish/description.txt
new file mode 100644 (file)
index 0000000..24b50b9
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/evaltest.dat b/testing/tests/ikev1-c-p/alg-blowfish/evaltest.dat
new file mode 100644 (file)
index 0000000..f3ad35b
--- /dev/null
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
+dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..f0b98b1
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+       charondebug="cfg 2"
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=blowfish256-sha512-modp2048!
+       esp=blowfish192-sha384!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..1f0fd41
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..36ff6a5
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=blowfish128-sha256-modp1536!
+       esp=blowfish128-sha256!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..1f0fd41
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..4197529
--- /dev/null
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug="control crypt"
+       crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+       esp=blowfish192-sha384,blowfish128-sha256!
+       pfs=no
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c03a085
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/posttest.dat b/testing/tests/ikev1-c-p/alg-blowfish/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/pretest.dat b/testing/tests/ikev1-c-p/alg-blowfish/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/alg-blowfish/test.conf b/testing/tests/ikev1-c-p/alg-blowfish/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/config-payload/description.txt b/testing/tests/ikev1-c-p/config-payload/description.txt
new file mode 100644 (file)
index 0000000..ff6928e
--- /dev/null
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
+by using the <b>leftsourceip=%config</b> parameter. <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the
+tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway
+<b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b>
+and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1-c-p/config-payload/evaltest.dat b/testing/tests/ikev1-c-p/config-payload/evaltest.dat
new file mode 100644 (file)
index 0000000..e6f6b1b
--- /dev/null
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..3f67cbc
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_CAROL
+       leftsourceip=%config
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/config-payload/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0e4e577
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..bf0f9cc
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_DAVE
+       leftsourceip=%config
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/config-payload/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..0e4e577
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..66a72f8
--- /dev/null
@@ -0,0 +1,33 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+       rekey=no
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftsourceip=PH_IP_MOON1
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftfirewall=yes
+
+conn rw-carol
+       right=%any
+       rightid=carol@strongswan.org
+       rightsourceip=PH_IP_CAROL1
+       auto=add
+
+conn rw-dave
+       right=%any
+       rightid=dave@strongswan.org
+       rightsourceip=PH_IP_DAVE1
+       auto=add
diff --git a/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/config-payload/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..91cdbae
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl attr kernel-netlink
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_VENUS
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/config-payload/posttest.dat b/testing/tests/ikev1-c-p/config-payload/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/config-payload/pretest.dat b/testing/tests/ikev1-c-p/config-payload/pretest.dat
new file mode 100644 (file)
index 0000000..014e805
--- /dev/null
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1-c-p/config-payload/test.conf b/testing/tests/ikev1-c-p/config-payload/test.conf
new file mode 100644 (file)
index 0000000..1a8f2a4
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/nat-rw/description.txt b/testing/tests/ikev1-c-p/nat-rw/description.txt
new file mode 100644 (file)
index 0000000..dcf4b94
--- /dev/null
@@ -0,0 +1,5 @@
+The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
+tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
+ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-c-p/nat-rw/evaltest.dat b/testing/tests/ikev1-c-p/nat-rw/evaltest.dat
new file mode 100644 (file)
index 0000000..86356dd
--- /dev/null
@@ -0,0 +1,18 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t.*STATE_MAIN_R3.*ISAKMP SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun::  ipsec status 2> /dev/null::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon:: sleep 6::no output expected::NO
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+alice::cat /var/log/daemon.log::sending keep alive::YES
+venus::cat /var/log/daemon.log::sending keep alive::YES
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..8648781
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+               
+conn nat-t
+       left=%any
+       leftcert=aliceCert.pem
+       leftid=alice@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/alice/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..dabff38
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  keep_alive = 5
+}
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..7e0e93a
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       nat_traversal=yes
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn nat-t
+       left=PH_IP_SUN
+       leftcert=sunCert.pem
+       leftid=@sun.strongswan.org
+       leftfirewall=yes
+       leftsubnet=10.2.0.0/16
+       right=%any
+       rightsubnetwithin=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c4c200a
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..87bce25
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn nat-t
+       left=%any
+       leftcert=venusCert.pem
+       leftid=@venus.strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1-c-p/nat-rw/hosts/venus/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..dabff38
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  keep_alive = 5
+}
diff --git a/testing/tests/ikev1-c-p/nat-rw/posttest.dat b/testing/tests/ikev1-c-p/nat-rw/posttest.dat
new file mode 100644 (file)
index 0000000..52572ec
--- /dev/null
@@ -0,0 +1,8 @@
+sun::ipsec stop
+alice::ipsec stop
+venus::ipsec stop
+alice::/etc/init.d/iptables stop 2> /dev/null
+venus::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables -t nat -F
+moon::conntrack -F
diff --git a/testing/tests/ikev1-c-p/nat-rw/pretest.dat b/testing/tests/ikev1-c-p/nat-rw/pretest.dat
new file mode 100644 (file)
index 0000000..e365ff5
--- /dev/null
@@ -0,0 +1,14 @@
+alice::/etc/init.d/iptables start 2> /dev/null
+venus::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+alice::ipsec start
+venus::ipsec start
+sun::ipsec start
+alice::sleep 2 
+alice::ipsec up nat-t
+venus::sleep 2 
+venus::ipsec up nat-t
+venus::sleep 2
diff --git a/testing/tests/ikev1-c-p/nat-rw/test.conf b/testing/tests/ikev1-c-p/nat-rw/test.conf
new file mode 100644 (file)
index 0000000..84317fd
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1-c-p/net2net-cert/description.txt b/testing/tests/ikev1-c-p/net2net-cert/description.txt
new file mode 100644 (file)
index 0000000..7eea919
--- /dev/null
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-c-p/net2net-cert/evaltest.dat b/testing/tests/ikev1-c-p/net2net-cert/evaltest.dat
new file mode 100644 (file)
index 0000000..5bf6af0
--- /dev/null
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..46d243c
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn net-net 
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-cert/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..bad10ca
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-cert/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..902ae5f
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charonstart=no
+       plutodebug=control
+       crlcheckinterval=180
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+        keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn net-net 
+       left=PH_IP_SUN
+       leftcert=sunCert.pem
+       leftid=@sun.strongswan.org
+       leftsubnet=10.2.0.0/16
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-cert/posttest.dat b/testing/tests/ikev1-c-p/net2net-cert/posttest.dat
new file mode 100644 (file)
index 0000000..5a9150b
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/net2net-cert/pretest.dat b/testing/tests/ikev1-c-p/net2net-cert/pretest.dat
new file mode 100644 (file)
index 0000000..9f60760
--- /dev/null
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-c-p/net2net-cert/test.conf b/testing/tests/ikev1-c-p/net2net-cert/test.conf
new file mode 100644 (file)
index 0000000..d9a6159
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/description.txt b/testing/tests/ikev1-c-p/net2net-psk-fail/description.txt
new file mode 100644 (file)
index 0000000..688182b
--- /dev/null
@@ -0,0 +1,5 @@
+A connection between the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b>
+uses a wrong PSK. This makes it impossible for gateway <b>sun</b> to decrypt the
+IKEv1 message correctly. Thus <b>sun</b> returns a <b>PAYLOAD-MALFORMED</b> error
+notify which in turn cannot be decrypted by <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/evaltest.dat b/testing/tests/ikev1-c-p/net2net-psk-fail/evaltest.dat
new file mode 100644 (file)
index 0000000..439f48e
--- /dev/null
@@ -0,0 +1,8 @@
+sun:: cat /var/log/auth.log::probable authentication failure::YES
+sun:: cat /var/log/auth.log::sending encrypted notification PAYLOAD_MALFORMED::YES
+moon::cat /var/log/daemon.log::invalid HASH_V1 payload length, decryption failed::YES
+moon::cat /var/log/daemon.log::ignore malformed INFORMATIONAL request::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::NO
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::NO
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..e14b2ef
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       
+conn net-net
+       left=PH_IP_MOON
+       leftid=moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftauth=psk
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       rightauth=psk
+       auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..85e0dc2
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..238ec24
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..2574652
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn net-net
+       left=PH_IP_SUN
+       leftid=@sun.strongswan.org
+       leftsubnet=10.2.0.0/16
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..4ee78dc
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/posttest.dat b/testing/tests/ikev1-c-p/net2net-psk-fail/posttest.dat
new file mode 100644 (file)
index 0000000..5a9150b
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/pretest.dat b/testing/tests/ikev1-c-p/net2net-psk-fail/pretest.dat
new file mode 100644 (file)
index 0000000..9e40684
--- /dev/null
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-c-p/net2net-psk-fail/test.conf b/testing/tests/ikev1-c-p/net2net-psk-fail/test.conf
new file mode 100644 (file)
index 0000000..f74d0f7
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-c-p/net2net-psk/description.txt b/testing/tests/ikev1-c-p/net2net-psk/description.txt
new file mode 100644 (file)
index 0000000..02cddbb
--- /dev/null
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK). Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-c-p/net2net-psk/evaltest.dat b/testing/tests/ikev1-c-p/net2net-psk/evaltest.dat
new file mode 100644 (file)
index 0000000..5bf6af0
--- /dev/null
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..e14b2ef
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       
+conn net-net
+       left=PH_IP_MOON
+       leftid=moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftauth=psk
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       rightauth=psk
+       auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..dc43707
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..238ec24
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..2574652
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn net-net
+       left=PH_IP_SUN
+       leftid=@sun.strongswan.org
+       leftsubnet=10.2.0.0/16
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..4ee78dc
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-c-p/net2net-psk/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/net2net-psk/posttest.dat b/testing/tests/ikev1-c-p/net2net-psk/posttest.dat
new file mode 100644 (file)
index 0000000..5a9150b
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/net2net-psk/pretest.dat b/testing/tests/ikev1-c-p/net2net-psk/pretest.dat
new file mode 100644 (file)
index 0000000..9e40684
--- /dev/null
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-c-p/net2net-psk/test.conf b/testing/tests/ikev1-c-p/net2net-psk/test.conf
new file mode 100644 (file)
index 0000000..f74d0f7
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-c-p/rw-cert/description.txt b/testing/tests/ikev1-c-p/rw-cert/description.txt
new file mode 100644 (file)
index 0000000..15b3822
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/rw-cert/evaltest.dat b/testing/tests/ikev1-c-p/rw-cert/evaltest.dat
new file mode 100644 (file)
index 0000000..c166fbc
--- /dev/null
@@ -0,0 +1,13 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..e463e22
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..eb2bc55
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..c3fd646
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..eb2bc55
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..3c328a7
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charonstart=no
+       plutodebug=control
+       crlcheckinterval=180
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..3893b19
--- /dev/null
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-c-p/rw-cert/posttest.dat b/testing/tests/ikev1-c-p/rw-cert/posttest.dat
new file mode 100644 (file)
index 0000000..126bf60
--- /dev/null
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/rw-cert/pretest.dat b/testing/tests/ikev1-c-p/rw-cert/pretest.dat
new file mode 100644 (file)
index 0000000..1e45f00
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/rw-cert/test.conf b/testing/tests/ikev1-c-p/rw-cert/test.conf
new file mode 100644 (file)
index 0000000..9cd583b
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/description.txt b/testing/tests/ikev1-c-p/rw-psk-fqdn/description.txt
new file mode 100644 (file)
index 0000000..47f6968
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1-c-p/rw-psk-fqdn/evaltest.dat
new file mode 100644 (file)
index 0000000..4924c05
--- /dev/null
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..021d4dc
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..47e31ca
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..13816c7
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..f6c1a22
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ea60cac
--- /dev/null
@@ -0,0 +1,32 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+
+conn rw-carol
+       also=rw
+       right=PH_IP_CAROL
+       rightid=carol@strongswan.org
+       auto=add
+
+conn rw-dave
+       also=rw
+       right=PH_IP_DAVE
+       rightid=dave@strongswan.org
+       auto=add
+       
+conn rw
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftid=@moon.strongswan.org
+       leftfirewall=yes
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e3dd0fb
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+@moon.strongswan.org dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/posttest.dat b/testing/tests/ikev1-c-p/rw-psk-fqdn/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1-c-p/rw-psk-fqdn/pretest.dat
new file mode 100644 (file)
index 0000000..761abe2
--- /dev/null
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/rw-psk-fqdn/test.conf b/testing/tests/ikev1-c-p/rw-psk-fqdn/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/description.txt b/testing/tests/ikev1-c-p/rw-psk-ipv4/description.txt
new file mode 100644 (file)
index 0000000..b4aaa6a
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1-c-p/rw-psk-ipv4/evaltest.dat
new file mode 100644 (file)
index 0000000..86ca693
--- /dev/null
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*\[192.168.0.1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*\[192.168.0.1]::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MAIN_R3.*sent MR3, ISAKMP SA established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..cb6ca3d
--- /dev/null
@@ -0,0 +1,19 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       
+conn home
+       left=PH_IP_CAROL
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..18a0744
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..0a293c8
--- /dev/null
@@ -0,0 +1,19 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       
+conn home
+       left=PH_IP_DAVE
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e989540
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..75be5b6
--- /dev/null
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+
+conn rw-carol
+       also=rw
+       right=PH_IP_CAROL
+       auto=add
+
+conn rw-dave
+       also=rw
+       right=PH_IP_DAVE
+       auto=add
+       
+conn rw
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..55c6397
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+192.168.0.1 192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/posttest.dat b/testing/tests/ikev1-c-p/rw-psk-ipv4/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1-c-p/rw-psk-ipv4/pretest.dat
new file mode 100644 (file)
index 0000000..761abe2
--- /dev/null
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/rw-psk-ipv4/test.conf b/testing/tests/ikev1-c-p/rw-psk-ipv4/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/description.txt b/testing/tests/ikev1-c-p/xauth-id-psk-config/description.txt
new file mode 100644 (file)
index 0000000..fc417e4
--- /dev/null
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%config</b>
+parameter. The virtual IP addresses are registered under the users' XAUTH identity. 
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1-c-p/xauth-id-psk-config/evaltest.dat
new file mode 100644 (file)
index 0000000..bdc87d7
--- /dev/null
@@ -0,0 +1,24 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave::YES
+moon:: cat /var/log/auth.log::assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/auth.log::assigning virtual IP 10.3.0.2 to peer::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..dfeaab8
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthpsk
+
+conn home
+       left=PH_IP_CAROL
+       leftid=PH_IP_CAROL
+       leftsourceip=%config
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       xauth_identity=carol
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e2cea4e
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq
+
+@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+@sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..1fb5d14
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..8f92870
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthpsk
+
+conn home
+       left=PH_IP_DAVE
+       leftid=PH_IP_DAVE
+       leftsourceip=%config
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       xauth_identity=dave
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..25e8c27
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..1fb5d14
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..f03d545
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthpsk
+       xauth=server
+       pfs=no
+
+conn rw
+       left=PH_IP_MOON
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       rightsourceip=10.3.0.0/24
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..20d8e02
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..6dab4fe
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth attr kernel-netlink
+  dns1 = 192.168.0.150
+  dns2 = 10.1.0.20
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/posttest.dat b/testing/tests/ikev1-c-p/xauth-id-psk-config/posttest.dat
new file mode 100644 (file)
index 0000000..f90d222
--- /dev/null
@@ -0,0 +1,8 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/pretest.dat b/testing/tests/ikev1-c-p/xauth-id-psk-config/pretest.dat
new file mode 100644 (file)
index 0000000..95a6be1
--- /dev/null
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-id-psk-config/test.conf b/testing/tests/ikev1-c-p/xauth-id-psk-config/test.conf
new file mode 100644 (file)
index 0000000..75510b2
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/description.txt b/testing/tests/ikev1-c-p/xauth-id-rsa/description.txt
new file mode 100644 (file)
index 0000000..9483c8f
--- /dev/null
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names defined by the <b>xauth_identity</b> parameter (<b>carol</b> and <b>dave</b>,
+respectively) and corresponding user passwords defined and stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/evaltest.dat b/testing/tests/ikev1-c-p/xauth-id-rsa/evaltest.dat
new file mode 100644 (file)
index 0000000..bd98d49
--- /dev/null
@@ -0,0 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..aa861be
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       xauth_identity=carol
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..29492b5
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..e1f02f6
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       xauth_identity=dave
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..8cf7db5
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..732b549
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+       xauth=server
+       pfs=no
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..fef5021
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..dcea6ea
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/posttest.dat b/testing/tests/ikev1-c-p/xauth-id-rsa/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/pretest.dat b/testing/tests/ikev1-c-p/xauth-id-rsa/pretest.dat
new file mode 100644 (file)
index 0000000..78e2d57
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-id-rsa/test.conf b/testing/tests/ikev1-c-p/xauth-id-rsa/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-psk/description.txt b/testing/tests/ikev1-c-p/xauth-psk/description.txt
new file mode 100644 (file)
index 0000000..0ac2043
--- /dev/null
@@ -0,0 +1,9 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-psk/evaltest.dat b/testing/tests/ikev1-c-p/xauth-psk/evaltest.dat
new file mode 100644 (file)
index 0000000..355eabd
--- /dev/null
@@ -0,0 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
+moon:: cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..9befe74
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthpsk
+
+conn home
+       left=PH_IP_CAROL
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..a899783
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..61260f8
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..fbd7777
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthpsk
+
+conn home
+       left=PH_IP_DAVE
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1c85061
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..61260f8
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..30c55d2
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthpsk
+       xauth=server
+       pfs=no
+
+conn rw
+       left=PH_IP_MOON
+       leftid=moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..ae45ea0
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+moon.strongswan.org %any : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-psk/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..58cc78e
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-psk/posttest.dat b/testing/tests/ikev1-c-p/xauth-psk/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-psk/pretest.dat b/testing/tests/ikev1-c-p/xauth-psk/pretest.dat
new file mode 100644 (file)
index 0000000..95a6be1
--- /dev/null
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-psk/test.conf b/testing/tests/ikev1-c-p/xauth-psk/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/description.txt b/testing/tests/ikev1-c-p/xauth-rsa-config/description.txt
new file mode 100644 (file)
index 0000000..1ada58f
--- /dev/null
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next both <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the
+<b>leftsourceip=%config</b> parameter.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/evaltest.dat b/testing/tests/ikev1-c-p/xauth-rsa-config/evaltest.dat
new file mode 100644 (file)
index 0000000..34e3ad3
--- /dev/null
@@ -0,0 +1,20 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_MODE_CFG_R1.*sent ModeCfg reply, established::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::carol.*extended authentication was successful::YES
+moon:: cat /var/log/auth.log::dave.*extended authentication was successful::YES
+moon:: cat /var/log/auth.log::rw-carol.*assigning virtual IP 10.3.0.1 to peer::YES
+moon:: cat /var/log/auth.log::rw-dave.*assigning virtual IP 10.3.0.2 to peer::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..b27b3bc
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+
+conn home
+       left=PH_IP_CAROL
+       leftsourceip=%config
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..4a77c3b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..ec5842e
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+
+conn home
+       left=PH_IP_DAVE
+       leftsourceip=%config
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1c0248b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..4e4ec0f
--- /dev/null
@@ -0,0 +1,31 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug="control"
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+       authby=xauthrsasig
+       xauth=server
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
+
+conn rw-carol
+       rightid=carol@strongswan.org
+       rightsourceip=PH_IP_CAROL1
+
+conn rw-dave
+       rightid=dave@strongswan.org
+       rightsourceip=PH_IP_DAVE1
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1ba6697
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..dcea6ea
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/posttest.dat b/testing/tests/ikev1-c-p/xauth-rsa-config/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/pretest.dat b/testing/tests/ikev1-c-p/xauth-rsa-config/pretest.dat
new file mode 100644 (file)
index 0000000..78e2d57
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-rsa-config/test.conf b/testing/tests/ikev1-c-p/xauth-rsa-config/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/description.txt b/testing/tests/ikev1-c-p/xauth-rsa/description.txt
new file mode 100644 (file)
index 0000000..a9b76b6
--- /dev/null
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names equal to the <b>IKEv1 identity</b> (<b>carol@strongswan.org</b> and
+<b>dave@strongswan.org</b>, respectively) and corresponding user passwords defined and
+stored in ipsec.secrets.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/evaltest.dat b/testing/tests/ikev1-c-p/xauth-rsa/evaltest.dat
new file mode 100644 (file)
index 0000000..6dca99b
--- /dev/null
@@ -0,0 +1,17 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::STATE_XAUTH_R3.*received XAUTH ack, established::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: cat /var/log/auth.log::xauth user name is.*carol@strongswan.org::YES
+moon:: cat /var/log/auth.log::xauth user name is.*dave@strongswan.org::YES
+moon:: cat /var/log/auth.log::extended authentication was successful::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..8cf8471
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..4a77c3b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..bb11eb9
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1c0248b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..732b549
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthrsasig
+       xauth=server
+       pfs=no
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1ba6697
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol@strongswan.org : XAUTH "4iChxLT3"
+
+dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-c-p/xauth-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..dcea6ea
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/posttest.dat b/testing/tests/ikev1-c-p/xauth-rsa/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/pretest.dat b/testing/tests/ikev1-c-p/xauth-rsa/pretest.dat
new file mode 100644 (file)
index 0000000..78e2d57
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-c-p/xauth-rsa/test.conf b/testing/tests/ikev1-c-p/xauth-rsa/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/description.txt b/testing/tests/ikev1-p-c/alg-blowfish/description.txt
new file mode 100644 (file)
index 0000000..24b50b9
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/evaltest.dat b/testing/tests/ikev1-p-c/alg-blowfish/evaltest.dat
new file mode 100644 (file)
index 0000000..e8f0b05
--- /dev/null
@@ -0,0 +1,16 @@
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_2048::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256/MODP_1536::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::ESP proposal: BLOWFISH_CBC_192/HMAC_SHA2_384::YES
+dave:: ipsec statusall 2> /dev/null::ESP proposal: BLOWFISH_CBC_128/HMAC_SHA2_256::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..96255f2
--- /dev/null
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug="control crypt"
+       crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=blowfish256-sha512-modp2048!
+       esp=blowfish192-sha384!
+       pfs=no
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c03a085
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..c957cb4
--- /dev/null
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug="control crypt"
+       crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=blowfish128-sha256-modp1536!
+       esp=blowfish128-sha256!
+       pfs=no
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c03a085
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random nonce curl kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ebac92b
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+       esp=blowfish192-sha384,blowfish128-sha256!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..1f0fd41
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/posttest.dat b/testing/tests/ikev1-p-c/alg-blowfish/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/pretest.dat b/testing/tests/ikev1-p-c/alg-blowfish/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/alg-blowfish/test.conf b/testing/tests/ikev1-p-c/alg-blowfish/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/config-payload/description.txt b/testing/tests/ikev1-p-c/config-payload/description.txt
new file mode 100644 (file)
index 0000000..ff6928e
--- /dev/null
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
+by using the <b>leftsourceip=%config</b> parameter. <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the
+tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway
+<b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b>
+and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1-p-c/config-payload/evaltest.dat b/testing/tests/ikev1-p-c/config-payload/evaltest.dat
new file mode 100644 (file)
index 0000000..01ad1b5
--- /dev/null
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..0baa944
--- /dev/null
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn home
+       left=PH_IP_CAROL
+       leftsourceip=%modeconfig
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
+
+
+
+
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/config-payload/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d8cee31
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..223a66e
--- /dev/null
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn home
+       left=PH_IP_DAVE
+       leftsourceip=%modeconfig
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
+
+
+
+
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/config-payload/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d8cee31
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ea6cd0d
--- /dev/null
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftfirewall=yes
+
+conn rw-carol
+       right=%any
+       rightid=carol@strongswan.org
+       rightsourceip=PH_IP_CAROL1
+       auto=add
+
+conn rw-dave
+       right=%any
+       rightid=dave@strongswan.org
+       rightsourceip=PH_IP_DAVE1
+       auto=add
diff --git a/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/config-payload/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..002166a
--- /dev/null
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
+
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_VENUS
+}
diff --git a/testing/tests/ikev1-p-c/config-payload/posttest.dat b/testing/tests/ikev1-p-c/config-payload/posttest.dat
new file mode 100644 (file)
index 0000000..42fa835
--- /dev/null
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1-p-c/config-payload/pretest.dat b/testing/tests/ikev1-p-c/config-payload/pretest.dat
new file mode 100644 (file)
index 0000000..bb22299
--- /dev/null
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1-p-c/config-payload/test.conf b/testing/tests/ikev1-p-c/config-payload/test.conf
new file mode 100644 (file)
index 0000000..1a8f2a4
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/nat-rw/description.txt b/testing/tests/ikev1-p-c/nat-rw/description.txt
new file mode 100644 (file)
index 0000000..dcf4b94
--- /dev/null
@@ -0,0 +1,5 @@
+The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
+tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
+ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-c/nat-rw/evaltest.dat b/testing/tests/ikev1-p-c/nat-rw/evaltest.dat
new file mode 100644 (file)
index 0000000..43494dd
--- /dev/null
@@ -0,0 +1,17 @@
+alice::ipsec status 2> /dev/null::nat-t.*STATE_MAIN_I4.*ISAKMP SA established::YES
+venus::ipsec status 2> /dev/null::nat-t.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
+venus::ipsec status 2> /dev/null::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+alice::cat /var/log/auth.log::inserting event EVENT_NAT_T_KEEPALIVE, timeout in 5 seconds::YES
+venus::cat /var/log/auth.log::inserting event EVENT_NAT_T_KEEPALIVE, timeout in 5 seconds::YES
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/alice/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..dd7e132
--- /dev/null
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       nat_traversal=yes
+       keep_alive=5
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+               
+conn nat-t
+       left=%defaultroute
+       leftcert=aliceCert.pem
+       leftid=alice@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..2d9cbf7
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn nat-t
+       left=PH_IP_SUN
+       leftcert=sunCert.pem
+       leftid=@sun.strongswan.org
+       leftfirewall=yes
+       leftsubnet=10.2.0.0/16
+       right=%any
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..ca23c69
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/nat-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1-p-c/nat-rw/hosts/venus/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..50dccca
--- /dev/null
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       nat_traversal=yes
+       keep_alive=5
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn nat-t
+       left=%defaultroute
+       leftcert=venusCert.pem
+       leftid=@venus.strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/nat-rw/posttest.dat b/testing/tests/ikev1-p-c/nat-rw/posttest.dat
new file mode 100644 (file)
index 0000000..52572ec
--- /dev/null
@@ -0,0 +1,8 @@
+sun::ipsec stop
+alice::ipsec stop
+venus::ipsec stop
+alice::/etc/init.d/iptables stop 2> /dev/null
+venus::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::iptables -t nat -F
+moon::conntrack -F
diff --git a/testing/tests/ikev1-p-c/nat-rw/pretest.dat b/testing/tests/ikev1-p-c/nat-rw/pretest.dat
new file mode 100644 (file)
index 0000000..dd52599
--- /dev/null
@@ -0,0 +1,13 @@
+alice::/etc/init.d/iptables start 2> /dev/null
+venus::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
+moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
+alice::ipsec start
+venus::ipsec start
+sun::ipsec start
+alice::sleep 5 
+alice::ipsec up nat-t
+venus::sleep 5 
+venus::ipsec up nat-t
diff --git a/testing/tests/ikev1-p-c/nat-rw/test.conf b/testing/tests/ikev1-p-c/nat-rw/test.conf
new file mode 100644 (file)
index 0000000..84317fd
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1-p-c/net2net-cert/description.txt b/testing/tests/ikev1-p-c/net2net-cert/description.txt
new file mode 100644 (file)
index 0000000..7eea919
--- /dev/null
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>X.509 certificates</b>. Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-c/net2net-cert/evaltest.dat b/testing/tests/ikev1-p-c/net2net-cert/evaltest.dat
new file mode 100644 (file)
index 0000000..ddccf70
--- /dev/null
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-cert/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..04242ea
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charonstart=no
+       plutodebug=control
+       crlcheckinterval=180
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn net-net 
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightid=@sun.strongswan.org
+       rightsubnet=10.2.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..6545f66
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+        keyingtries=1
+       keyexchange=ikev1
+
+conn net-net 
+       left=PH_IP_SUN
+       leftcert=sunCert.pem
+       leftid=@sun.strongswan.org
+       leftsubnet=10.2.0.0/16
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-cert/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..bad10ca
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/net2net-cert/posttest.dat b/testing/tests/ikev1-p-c/net2net-cert/posttest.dat
new file mode 100644 (file)
index 0000000..5a9150b
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/net2net-cert/pretest.dat b/testing/tests/ikev1-p-c/net2net-cert/pretest.dat
new file mode 100644 (file)
index 0000000..9f60760
--- /dev/null
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-c/net2net-cert/test.conf b/testing/tests/ikev1-p-c/net2net-cert/test.conf
new file mode 100644 (file)
index 0000000..d9a6159
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/description.txt b/testing/tests/ikev1-p-c/net2net-psk-fail/description.txt
new file mode 100644 (file)
index 0000000..688182b
--- /dev/null
@@ -0,0 +1,5 @@
+A connection between the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b>
+uses a wrong PSK. This makes it impossible for gateway <b>sun</b> to decrypt the
+IKEv1 message correctly. Thus <b>sun</b> returns a <b>PAYLOAD-MALFORMED</b> error
+notify which in turn cannot be decrypted by <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/evaltest.dat b/testing/tests/ikev1-p-c/net2net-psk-fail/evaltest.dat
new file mode 100644 (file)
index 0000000..0b9520b
--- /dev/null
@@ -0,0 +1,7 @@
+sun:: cat /var/log/daemon.log::invalid ID_V1 payload length, decryption failed::YES
+sun:: cat /var/log/daemon.log::generating INFORMATIONAL_V1 request.*HASH N(PLD_MAL)::YES
+moon::cat /var/log/auth.log::malformed payload in packet::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::NO
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::NO
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::NO
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..fbafb42
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn net-net
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftid=@moon.strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightsubnet=10.2.0.0/16
+       rightid=@sun.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..a294f24
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..027287a
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       
+conn net-net
+       left=PH_IP_SUN
+       leftsubnet=10.2.0.0/16
+       leftid=@sun.strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..27185fb
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.1 192.168.0.2 : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/posttest.dat b/testing/tests/ikev1-p-c/net2net-psk-fail/posttest.dat
new file mode 100644 (file)
index 0000000..5a9150b
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/pretest.dat b/testing/tests/ikev1-p-c/net2net-psk-fail/pretest.dat
new file mode 100644 (file)
index 0000000..9e40684
--- /dev/null
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-c/net2net-psk-fail/test.conf b/testing/tests/ikev1-p-c/net2net-psk-fail/test.conf
new file mode 100644 (file)
index 0000000..f74d0f7
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-c/net2net-psk/description.txt b/testing/tests/ikev1-p-c/net2net-psk/description.txt
new file mode 100644 (file)
index 0000000..02cddbb
--- /dev/null
@@ -0,0 +1,6 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK). Upon the successful
+establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
+pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1-p-c/net2net-psk/evaltest.dat b/testing/tests/ikev1-p-c/net2net-psk/evaltest.dat
new file mode 100644 (file)
index 0000000..ddccf70
--- /dev/null
@@ -0,0 +1,7 @@
+moon::ipsec status 2> /dev/null::net-net.*STATE_MAIN_I4.*ISAKMP SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..fbafb42
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn net-net
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftid=@moon.strongswan.org
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightsubnet=10.2.0.0/16
+       rightid=@sun.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..27185fb
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.1 192.168.0.2 : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..027287a
--- /dev/null
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       
+conn net-net
+       left=PH_IP_SUN
+       leftsubnet=10.2.0.0/16
+       leftid=@sun.strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       auto=add
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..27185fb
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.1 192.168.0.2 : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1-p-c/net2net-psk/hosts/sun/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/net2net-psk/posttest.dat b/testing/tests/ikev1-p-c/net2net-psk/posttest.dat
new file mode 100644 (file)
index 0000000..5a9150b
--- /dev/null
@@ -0,0 +1,4 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/net2net-psk/pretest.dat b/testing/tests/ikev1-p-c/net2net-psk/pretest.dat
new file mode 100644 (file)
index 0000000..9e40684
--- /dev/null
@@ -0,0 +1,8 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
+moon::ipsec start
+sun::ipsec start
+moon::sleep 2
+moon::ipsec up net-net
diff --git a/testing/tests/ikev1-p-c/net2net-psk/test.conf b/testing/tests/ikev1-p-c/net2net-psk/test.conf
new file mode 100644 (file)
index 0000000..f74d0f7
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1-p-c/rw-cert/description.txt b/testing/tests/ikev1-p-c/rw-cert/description.txt
new file mode 100644 (file)
index 0000000..15b3822
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/rw-cert/evaltest.dat b/testing/tests/ikev1-p-c/rw-cert/evaltest.dat
new file mode 100644 (file)
index 0000000..1483ff1
--- /dev/null
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..9d3af53
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charonstart=no
+       plutodebug=control
+       crlcheckinterval=180
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..3893b19
--- /dev/null
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..020b8c0
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       charonstart=no
+       plutodebug=control
+       crlcheckinterval=180
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       pfs=no
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..3893b19
--- /dev/null
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random nonce curl xauth kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..9931d87
--- /dev/null
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..eb2bc55
--- /dev/null
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1-p-c/rw-cert/posttest.dat b/testing/tests/ikev1-p-c/rw-cert/posttest.dat
new file mode 100644 (file)
index 0000000..126bf60
--- /dev/null
@@ -0,0 +1,6 @@
+carol::ipsec stop
+dave::ipsec stop
+moon::ipsec stop
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/rw-cert/pretest.dat b/testing/tests/ikev1-p-c/rw-cert/pretest.dat
new file mode 100644 (file)
index 0000000..1e45f00
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/rw-cert/test.conf b/testing/tests/ikev1-p-c/rw-cert/test.conf
new file mode 100644 (file)
index 0000000..9cd583b
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/description.txt b/testing/tests/ikev1-p-c/rw-psk-fqdn/description.txt
new file mode 100644 (file)
index 0000000..47f6968
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1-p-c/rw-psk-fqdn/evaltest.dat
new file mode 100644 (file)
index 0000000..7a12371
--- /dev/null
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..091fec6
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn home
+       left=PH_IP_CAROL
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..18a0744
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..e709ee4
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn home
+       left=PH_IP_DAVE
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e989540
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..20bbef0
--- /dev/null
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+
+conn rw-carol
+       also=rw
+       right=PH_IP_CAROL
+       auto=add
+
+conn rw-dave
+       also=rw
+       right=PH_IP_DAVE
+       auto=add
+       
+conn rw
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..55c6397
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+192.168.0.1 192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/posttest.dat b/testing/tests/ikev1-p-c/rw-psk-fqdn/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1-p-c/rw-psk-fqdn/pretest.dat
new file mode 100644 (file)
index 0000000..761abe2
--- /dev/null
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/rw-psk-fqdn/test.conf b/testing/tests/ikev1-p-c/rw-psk-fqdn/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/description.txt b/testing/tests/ikev1-p-c/rw-psk-ipv4/description.txt
new file mode 100644 (file)
index 0000000..b4aaa6a
--- /dev/null
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1-p-c/rw-psk-ipv4/evaltest.dat
new file mode 100644 (file)
index 0000000..7a12371
--- /dev/null
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::home.::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::home.::rw-dave.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..091fec6
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn home
+       left=PH_IP_CAROL
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..18a0744
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..e709ee4
--- /dev/null
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+       pfs=no
+       
+conn home
+       left=PH_IP_DAVE
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..e989540
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f9a03fe
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..20bbef0
--- /dev/null
@@ -0,0 +1,27 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=secret
+
+conn rw-carol
+       also=rw
+       right=PH_IP_CAROL
+       auto=add
+
+conn rw-dave
+       also=rw
+       right=PH_IP_DAVE
+       auto=add
+       
+conn rw
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..0cd1022
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+192.168.0.1 192.168.0.200  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d84cba2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/posttest.dat b/testing/tests/ikev1-p-c/rw-psk-ipv4/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1-p-c/rw-psk-ipv4/pretest.dat
new file mode 100644 (file)
index 0000000..761abe2
--- /dev/null
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1-p-c/rw-psk-ipv4/test.conf b/testing/tests/ikev1-p-c/rw-psk-ipv4/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/description.txt b/testing/tests/ikev1-p-c/xauth-id-psk-config/description.txt
new file mode 100644 (file)
index 0000000..fc417e4
--- /dev/null
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on Pre-Shared Keys (<b>PSK</b>)
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a
+<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%config</b>
+parameter. The virtual IP addresses are registered under the users' XAUTH identity. 
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1-p-c/xauth-id-psk-config/evaltest.dat
new file mode 100644 (file)
index 0000000..338aeb1
--- /dev/null
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_MODE_CFG_I2.*received ModeCfg reply, established::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+dave:: ipsec status 2> /dev/null::home.*STATE_QUICK_I2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/auth.log::extended authentication was successful::YES
+dave:: cat /var/log/auth.log::extended authentication was successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+dave:: cat /var/log/auth.log::setting virtual IP source address to 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..2510da0
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutodebug=control
+       crlcheckinterval=180
+       charonstart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       authby=xauthpsk
+       pfs=no
+
+conn home
+       left=PH_IP_CAROL
+       leftsourceip=%config
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       xauth_identity=carol
+       auto=add
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..547bc1f
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+192.168.0.100 @dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq
+
+192.168.0.100 @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+192.168.0.100 @sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..f15001a
--- /dev/null
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth resolve kernel-netlink
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1-p-c/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..3b43e14
--- /dev/null