Testing: Removed tnc/tnccs-20-server-retry scenario
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 29 Mar 2019 15:54:54 +0000 (16:54 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 29 Mar 2019 16:04:43 +0000 (17:04 +0100)
14 files changed:
testing/tests/tnc/tnccs-20-server-retry/description.txt [deleted file]
testing/tests/tnc/tnccs-20-server-retry/evaltest.dat [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/swanctl/swanctl.conf [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/swanctl/swanctl.conf [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/swanctl/swanctl.conf [deleted file]
testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/tnc_config [deleted file]
testing/tests/tnc/tnccs-20-server-retry/posttest.dat [deleted file]
testing/tests/tnc/tnccs-20-server-retry/pretest.dat [deleted file]
testing/tests/tnc/tnccs-20-server-retry/test.conf [deleted file]

diff --git a/testing/tests/tnc/tnccs-20-server-retry/description.txt b/testing/tests/tnc/tnccs-20-server-retry/description.txt
deleted file mode 100644 (file)
index f9ee7b8..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
-using EAP-TTLS authentication only with the gateway presenting a server certificate and
-the clients doing EAP-MD5 password-based authentication.
-<p/>
-In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS
-tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b>
-client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The IMCs and IMVs exchange
-messages over the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
-<p>
-The first time the TNC clients <b>carol</b> and <b>dave</b> send their measurements,
-TNC server <b>moon</b> requests a handshake retry. In the retry <b>carol</b> succeeds
-and <b>dave</b> fails. Thus based on this second round of measurements the clients are connected
-by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
-</p>
diff --git a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat
deleted file mode 100644 (file)
index 64d1ec0..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES
-carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES
-dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
-dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
-moon:: cat /var/log/daemon.log::added group membership 'allow'::YES
-moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
-moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES
-moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
-carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/28]::YES
-dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.16/28]::YES
-moon:: swanctl --list-sas --ike-id 1 --raw  2> /dev/null::rw-allow.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-allow.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/28] remote-ts=\[192.168.0.100/32]::YES
-moon:: swanctl --list-sas --ike-id 2 --raw  2> /dev/null::rw-isolate.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*rw-isolate.*state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.16/28] remote-ts=\[192.168.0.200/32]::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
-carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO
-dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES
-dave:: ping -c 1 -W 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::NO
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 7f7f528..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
-
-  multiple_authentication = no
-
-  syslog {
-    daemon {
-      tnc = 3
-      imc = 2
-    }
-  }
-}
-
-libtls {
-  suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = retry
-      retry_command = allow
-    }
-  }
-}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/swanctl/swanctl.conf
deleted file mode 100644 (file)
index 0f266dd..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-connections {
-
-   home {
-      local_addrs  = 192.168.0.100
-      remote_addrs = 192.168.0.1 
-
-      local {
-         auth = eap-ttls
-         id = carol@strongswan.org
-      }
-      remote {
-         auth = eap-ttls
-         id = moon.strongswan.org 
-      }
-      children {
-         home {
-            remote_ts = 10.1.0.0/16 
-
-            updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm16-modp3072
-         }
-      }
-      version = 2
-      send_certreq = no
-      proposals = aes128-sha256-modp3072
-   }
-}
-
-secrets {
-
-   eap {
-      id = carol@strongswan.org
-      secret = "Ar3etTnp"
-   }
-}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-server-retry/hosts/carol/etc/tnc_config
deleted file mode 100644 (file)
index 6166552..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"     /usr/local/lib/ipsec/imcvs/imc-test.so
-IMC "Scanner"  /usr/local/lib/ipsec/imcvs/imc-scanner.so
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index d93482b..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
-
-  multiple_authentication = no
-
-  syslog {
-    daemon {
-      tnc = 3
-      imc = 2
-    }
-  }
-  plugins {
-    tnc-imc {
-      preferred_language = ru , de, en
-    }
-  }
-}
-
-libtls {
-  suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-}
-
-libimcv {
-  plugins {
-    imc-test {
-      command = retry
-      retry_command = isolate
-    }
-    imc-scanner {
-      push_info = no
-    }
-  }
-}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/swanctl/swanctl.conf
deleted file mode 100644 (file)
index 989ab88..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-connections {
-
-   home {
-      local_addrs  = 192.168.0.200
-      remote_addrs = 192.168.0.1 
-
-      local {
-         auth = eap-ttls
-         id = dave@strongswan.org
-      }
-      remote {
-         auth = eap-ttls
-         id = moon.strongswan.org 
-      }
-      children {
-         home {
-            remote_ts = 10.1.0.0/16 
-
-            updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm16-modp3072
-         }
-      }
-      version = 2
-      send_certreq = no
-      proposals = aes128-sha256-modp3072
-   }
-}
-
-secrets {
-
-   eap {
-      id = dave@strongswan.org
-      secret = "W7R0g3do"
-   }
-}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-server-retry/hosts/dave/etc/tnc_config
deleted file mode 100644 (file)
index 6166552..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client 
-
-IMC "Test"     /usr/local/lib/ipsec/imcvs/imc-test.so
-IMC "Scanner"  /usr/local/lib/ipsec/imcvs/imc-scanner.so
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 10d0ae8..0000000
+++ /dev/null
@@ -1,38 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
-
-  multiple_authentication = no
-
-  syslog {
-    daemon {
-      tnc = 3
-      imv = 2
-    }
-  }
-  plugins {
-    eap-ttls {
-      phase2_method = md5
-      phase2_piggyback = yes
-      phase2_tnc = yes
-    }
-  }
-}
-
-libtls {
-  suites = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-}
-
-libimcv {
-  plugins {
-    imv-test {
-      rounds = 0
-    }
-    imv-scanner {
-      closed_port_policy = yes
-      tcp_ports = 22
-      udp_ports = 500 4500
-    }
-  }
-}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/swanctl/swanctl.conf
deleted file mode 100644 (file)
index 1238c1a..0000000
+++ /dev/null
@@ -1,64 +0,0 @@
-connections {
-
-   rw-allow {
-      local_addrs  = 192.168.0.1
-
-      local {
-         auth = eap-ttls
-         id = moon.strongswan.org
-      }
-      remote {
-         auth = eap-ttls
-         id = *@strongswan.org
-         groups = allow
-      }
-      children {
-         rw-allow {
-            local_ts = 10.1.0.0/28
-
-            updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm16-modp3072
-         }
-      }
-      version = 2
-      send_certreq = no
-      proposals = aes128-sha256-modp3072
-   }
-
-   rw-isolate {
-      local_addrs  = 192.168.0.1
-
-      local {
-         auth = eap-ttls
-         id = moon.strongswan.org
-      }
-      remote {
-         auth = eap-ttls
-         id = *@strongswan.org
-         groups = isolate
-      }
-      children {
-         rw-isolate {
-            local_ts = 10.1.0.16/28
-
-            updown = /usr/local/libexec/ipsec/_updown iptables
-            esp_proposals = aes128gcm16-modp3072
-         }
-      }
-      version = 2
-      send_certreq = no
-      proposals = aes128-sha256-modp3072
-   }
-}
-
-secrets {
-
-   eap-carol {
-      id = carol@strongswan.org
-      secret = "Ar3etTnp"
-   }
-   eap-dave {
-      id = dave@strongswan.org
-      secret = "W7R0g3do"
-   }
-}
diff --git a/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/tnc_config b/testing/tests/tnc/tnccs-20-server-retry/hosts/moon/etc/tnc_config
deleted file mode 100644 (file)
index da732f6..0000000
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan client 
-
-IMV "Test"     /usr/local/lib/ipsec/imcvs/imv-test.so
-IMV "Scanner"  /usr/local/lib/ipsec/imcvs/imv-scanner.so
diff --git a/testing/tests/tnc/tnccs-20-server-retry/posttest.dat b/testing/tests/tnc/tnccs-20-server-retry/posttest.dat
deleted file mode 100644 (file)
index 199873b..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-carol::systemctl stop strongswan-swanctl
-dave::systemctl stop strongswan-swanctl
-moon::systemctl stop strongswan-swanctl
-moon::iptables-restore < /etc/iptables.flush
-carol::iptables-restore < /etc/iptables.flush
-dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-server-retry/pretest.dat b/testing/tests/tnc/tnccs-20-server-retry/pretest.dat
deleted file mode 100644 (file)
index a1f0470..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
-moon::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-moon::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-dave::cat /etc/tnc_config
-carol::rm /etc/swanctl/rsa/*
-dave::rm /etc/swanctl/rsa/*
-carol::rm /etc/swanctl/x509/*
-dave::rm /etc/swanctl/x509/*
-moon::systemctl start strongswan-swanctl
-carol::systemctl start strongswan-swanctl
-dave::systemctl start strongswan-swanctl
-moon::expect-connection rw-allow
-moon::expect-connection rw-isolate
-carol::expect-connection home
-carol::swanctl --initiate --child home 2> /dev/null
-dave::expect-connection home
-dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-server-retry/test.conf b/testing/tests/tnc/tnccs-20-server-retry/test.conf
deleted file mode 100644 (file)
index f6db739..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
-
-# Guest instances on which FreeRadius is started
-#
-RADIUSHOSTS=
-
-# charon controlled by swanctl
-#
-SWANCTL=1