upgraded ike scenarios to 5.0.0
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 25 May 2012 14:58:17 +0000 (16:58 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 25 May 2012 14:58:17 +0000 (16:58 +0200)
13 files changed:
testing/tests/ike/rw-cert/evaltest.dat
testing/tests/ike/rw-cert/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
testing/tests/ike/rw-cert/hosts/dave/etc/ipsec.conf
testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
testing/tests/ike/rw-cert/hosts/moon/etc/ipsec.conf
testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
testing/tests/ike/rw_v1-net_v2/evaltest.dat
testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/ipsec.conf
testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf

index 71496d2..c8fcb23 100644 (file)
@@ -1,9 +1,17 @@
-moon::ipsec statusall::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::home.*IKEv1::YES
+dave:: ipsec statusall 2> /dev/null::home.*IKEv2::YES
+moon:: ipsec statusall 2> /dev/null::rw\[1]: IKEv1::YES
+moon:: ipsec statusall 2> /dev/null::rw\[2]: IKEv2::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ike/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ike/rw-cert/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..24c8087
--- /dev/null
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
index 83c10cf..0fe8bd9 100644 (file)
@@ -1,15 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-  integrity_test = yes
-  crypto_test {
-    on_add = yes
-  }
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
 }
index 3be21d0..3fdef13 100755 (executable)
@@ -1,7 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default
index 3545a57..0fe8bd9 100644 (file)
@@ -1,12 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
-}
-
-libstrongswan {
-  integrity_test = yes
-  crypto_test {
-    on_add = yes
-  }
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
 }
index d90ab48..a3f04c0 100755 (executable)
@@ -1,15 +1,13 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       plutodebug=control
-       crlcheckinterval=180
+       plutostart=no
 
 conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
-       keyexchange=ikev1 
 
 conn rw
        left=PH_IP_MOON
index 7a066e5..0fe8bd9 100644 (file)
@@ -1,16 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 revocation xcbc stroke kernel-netlink socket-raw
-}
-
-pluto {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac kernel-netlink
-}
-
-libstrongswan {
-  integrity_test = yes
-  crypto_test {
-    on_add = yes
-  }
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
 }
index 4eace50..f12b19e 100644 (file)
@@ -1,10 +1,14 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES 
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/ipsec.conf b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..24c8087
--- /dev/null
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5ea53fd
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
+}
index 57c41b5..9e12180 100755 (executable)
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       plutodebug=control
-       crlcheckinterval=180
+       plutostart=no
 
 conn %default
        ikelifetime=60m
@@ -24,4 +23,3 @@ conn rw
        rightid=carol@strongswan.org
        keyexchange=ikev1
        auto=add
-
index 8cb117c..ce2265a 100644 (file)
@@ -1,9 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 revocation xcbc stroke kernel-netlink socket-raw
-}
-
-pluto {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default 
 }
index 88f1620..5ea53fd 100644 (file)
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
 }