split openssl scenarios into openssl-ikev1 and openssl-ikev2
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 11 Jun 2009 09:37:21 +0000 (11:37 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 12 Jun 2009 17:59:48 +0000 (19:59 +0200)
200 files changed:
testing/tests/openssl-ikev1/alg-ecp-high/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-high/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-high/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/alg-ecp-low/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev1/rw-cert/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-blowfish/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-high/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/alg-ecp-low/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/ecdsa-certs/test.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/description.txt [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/evaltest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/ipsec.conf [new file with mode: 0755]
testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/posttest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/pretest.dat [new file with mode: 0644]
testing/tests/openssl-ikev2/rw-cert/test.conf [new file with mode: 0644]
testing/tests/openssl/alg-blowfish/description.txt [deleted file]
testing/tests/openssl/alg-blowfish/evaltest.dat [deleted file]
testing/tests/openssl/alg-blowfish/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/alg-blowfish/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/alg-blowfish/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/alg-blowfish/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/alg-blowfish/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/alg-blowfish/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/alg-blowfish/posttest.dat [deleted file]
testing/tests/openssl/alg-blowfish/pretest.dat [deleted file]
testing/tests/openssl/alg-blowfish/test.conf [deleted file]
testing/tests/openssl/ecdsa-certs/description.txt [deleted file]
testing/tests/openssl/ecdsa-certs/evaltest.dat [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/openssl/ecdsa-certs/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/ecdsa-certs/posttest.dat [deleted file]
testing/tests/openssl/ecdsa-certs/pretest.dat [deleted file]
testing/tests/openssl/ecdsa-certs/test.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/description.txt [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/evaltest.dat [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/posttest.dat [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/pretest.dat [deleted file]
testing/tests/openssl/ikev1-alg-ecp-high/test.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/description.txt [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/evaltest.dat [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/posttest.dat [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/pretest.dat [deleted file]
testing/tests/openssl/ikev1-alg-ecp-low/test.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/description.txt [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/evaltest.dat [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/posttest.dat [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/pretest.dat [deleted file]
testing/tests/openssl/ikev2-alg-ecp-high/test.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/description.txt [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/evaltest.dat [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/posttest.dat [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/pretest.dat [deleted file]
testing/tests/openssl/ikev2-alg-ecp-low/test.conf [deleted file]
testing/tests/openssl/rw-cert-ikev1/description.txt [deleted file]
testing/tests/openssl/rw-cert-ikev1/evaltest.dat [deleted file]
testing/tests/openssl/rw-cert-ikev1/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/rw-cert-ikev1/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/rw-cert-ikev1/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/rw-cert-ikev1/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/rw-cert-ikev1/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/rw-cert-ikev1/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/rw-cert-ikev1/posttest.dat [deleted file]
testing/tests/openssl/rw-cert-ikev1/pretest.dat [deleted file]
testing/tests/openssl/rw-cert-ikev1/test.conf [deleted file]
testing/tests/openssl/rw-cert-ikev2/description.txt [deleted file]
testing/tests/openssl/rw-cert-ikev2/evaltest.dat [deleted file]
testing/tests/openssl/rw-cert-ikev2/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/openssl/rw-cert-ikev2/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/openssl/rw-cert-ikev2/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/openssl/rw-cert-ikev2/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/openssl/rw-cert-ikev2/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/openssl/rw-cert-ikev2/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/openssl/rw-cert-ikev2/posttest.dat [deleted file]
testing/tests/openssl/rw-cert-ikev2/pretest.dat [deleted file]
testing/tests/openssl/rw-cert-ikev2/test.conf [deleted file]

diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/description.txt b/testing/tests/openssl-ikev1/alg-ecp-high/description.txt
new file mode 100644 (file)
index 0000000..b8efbe8
--- /dev/null
@@ -0,0 +1,17 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
+plugin based on the <b>OpenSSL</b> library for all cryptographical functions
+whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
+the Elliptic Curve Diffie-Hellman groups only.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+<b>carol</b> proposes the DH groups ECP_256 and ECP_384 whereas <b>dave</b> proposes
+ECP_256 and ECP_521. Since <b>moon</b> does not support ECP_256 the roadwarriors
+fall back to ECP_384 and ECP_521, respectively.
+<p>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat
new file mode 100644 (file)
index 0000000..6a68027
--- /dev/null
@@ -0,0 +1,13 @@
+moon::cat /var/log/auth.log::ECP_256.*refused due to strict flag::YES
+moon::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/ECP_384::YES
+dave::ipsec statusall::IPsec SA established::YES
+dave::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/ECP_521::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..432fa52
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes192-sha384-ecp256,aes192-sha384-ecp384!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c33f54e
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = openssl random hmac curl
+}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..28304eb
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes256-sha512-ecp256,aes256-sha512-ecp521!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..53af5cf
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = aes des sha1 sha2 md5 gmp openssl random hmac curl
+}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..d6737f6
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes192-sha384-ecp384,aes256-sha512-ecp521!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-high/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c33f54e
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = openssl random hmac curl
+}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/posttest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/test.conf b/testing/tests/openssl-ikev1/alg-ecp-high/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/description.txt b/testing/tests/openssl-ikev1/alg-ecp-low/description.txt
new file mode 100644 (file)
index 0000000..4f043e7
--- /dev/null
@@ -0,0 +1,17 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
+plugin based on the <b>OpenSSL</b> library for all cryptographical functions
+whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
+the Elliptic Curve Diffie-Hellman groups only.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+<b>carol</b> proposes the DH groups ECP_192 and ECP_224 whereas <b>dave</b> proposes
+ECP_192 and ECP_256. Since <b>moon</b> does not support ECP_192 the roadwarriors
+fall back to ECP_224 and ECP_256, respectively.
+<p>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat
new file mode 100644 (file)
index 0000000..3c5ae41
--- /dev/null
@@ -0,0 +1,13 @@
+moon::cat /var/log/auth.log::ECP_192.*refused due to strict flag::YES
+moon::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/ECP_224::YES
+dave::ipsec statusall::IPsec SA established::YES
+dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/ECP_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..5a4d826
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes128-sha256-ecp192,aes128-sha256-ecp224!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..90668fd
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = openssl random hmac curl 
+}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ac828c1
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes128-sha256-ecp192,aes128-sha256-ecp256!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..bd7dc85
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp openssl random hmac curl
+}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..870271c
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes128-sha256-ecp224,aes128-sha256-ecp256!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/alg-ecp-low/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..90668fd
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = openssl random hmac curl 
+}
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/posttest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/test.conf b/testing/tests/openssl-ikev1/alg-ecp-low/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev1/rw-cert/description.txt b/testing/tests/openssl-ikev1/rw-cert/description.txt
new file mode 100644 (file)
index 0000000..0f721c5
--- /dev/null
@@ -0,0 +1,12 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
+plugin based on the <b>OpenSSL</b> library for all cryptographical functions
+whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins <b>aes des sha1 sha2 md5 gmp</b>.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev1/rw-cert/evaltest.dat b/testing/tests/openssl-ikev1/rw-cert/evaltest.dat
new file mode 100644 (file)
index 0000000..1a9b915
--- /dev/null
@@ -0,0 +1,10 @@
+moon::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IPsec SA established::YES
+dave::ipsec statusall::IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..80dae37
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=3des-sha1-modp1536!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..c33f54e
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = openssl random hmac curl
+}
diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..73167ca
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes256-sha256-modp2048!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..b914f9a
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = aes des sha1 sha2 md5 gmp random hmac curl
+}
diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..f365b07
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       charonstart=no
+       plutodebug=control
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       ike=aes256-sha256-modp2048,3des-sha1-modp1536!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev1/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..044a76b
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+}
+
+pluto {
+  load = openssl random hmac curl
+}
diff --git a/testing/tests/openssl-ikev1/rw-cert/posttest.dat b/testing/tests/openssl-ikev1/rw-cert/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev1/rw-cert/pretest.dat b/testing/tests/openssl-ikev1/rw-cert/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev1/rw-cert/test.conf b/testing/tests/openssl-ikev1/rw-cert/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/description.txt b/testing/tests/openssl-ikev2/alg-blowfish/description.txt
new file mode 100644 (file)
index 0000000..d30d9d2
--- /dev/null
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> as well as the gateway <b>moon</b>
+use the <b>openssl</b> plugin based on the <b>OpenSSL</b> library for all
+cryptographical functions, thus making the <b>Blowfish</b> available as an IKEv2 cipher.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat
new file mode 100644 (file)
index 0000000..a1f9f6a
--- /dev/null
@@ -0,0 +1,16 @@
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256::YES
+carol::ipsec statusall::BLOWFISH_CBC_192.*,::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128::YES
+dave::ipsec statusall::BLOWFISH_CBC_128.*,::YES
+dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..62e1810
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=blowfish256-sha512-modp2048!
+       esp=blowfish192-sha256!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..26f3f3a
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=blowfish128-sha256-modp1536!
+       esp=blowfish128-sha1!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..31a00f7
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+       esp=blowfish192-sha256,blowfish128-sha1!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..1887f76
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/posttest.dat b/testing/tests/openssl-ikev2/alg-blowfish/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat b/testing/tests/openssl-ikev2/alg-blowfish/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/test.conf b/testing/tests/openssl-ikev2/alg-blowfish/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/description.txt b/testing/tests/openssl-ikev2/alg-ecp-high/description.txt
new file mode 100644 (file)
index 0000000..b8efbe8
--- /dev/null
@@ -0,0 +1,17 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
+plugin based on the <b>OpenSSL</b> library for all cryptographical functions
+whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
+the Elliptic Curve Diffie-Hellman groups only.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+<b>carol</b> proposes the DH groups ECP_256 and ECP_384 whereas <b>dave</b> proposes
+ECP_256 and ECP_521. Since <b>moon</b> does not support ECP_256 the roadwarriors
+fall back to ECP_384 and ECP_521, respectively.
+<p>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat
new file mode 100644 (file)
index 0000000..0099364
--- /dev/null
@@ -0,0 +1,14 @@
+carol::cat /var/log/daemon.log::ECP_256.*ECP_384::YES
+dave::cat /var/log/daemon.log::ECP_256.*ECP_521::YES
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..0550a09
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes192-sha384-ecp256,aes192-sha384-ecp384!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..22026fc
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes256-sha512-ecp256,aes256-sha512-ecp521!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..7ffdcc2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..ffe13d2
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes192-sha384-ecp384,aes256-sha512-ecp521!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/posttest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/test.conf b/testing/tests/openssl-ikev2/alg-ecp-high/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/description.txt b/testing/tests/openssl-ikev2/alg-ecp-low/description.txt
new file mode 100644 (file)
index 0000000..4f043e7
--- /dev/null
@@ -0,0 +1,17 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
+plugin based on the <b>OpenSSL</b> library for all cryptographical functions
+whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
+the Elliptic Curve Diffie-Hellman groups only.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+<b>carol</b> proposes the DH groups ECP_192 and ECP_224 whereas <b>dave</b> proposes
+ECP_192 and ECP_256. Since <b>moon</b> does not support ECP_192 the roadwarriors
+fall back to ECP_224 and ECP_256, respectively.
+<p>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat
new file mode 100644 (file)
index 0000000..e2073d9
--- /dev/null
@@ -0,0 +1,14 @@
+carol::cat /var/log/daemon.log::ECP_192.*ECP_224::YES
+dave::cat /var/log/daemon.log::ECP_192.*ECP_256::YES
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..6a15b3f
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes128-sha256-ecp192,aes128-sha256-ecp224!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..b4bdf45
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes128-sha256-ecp192,aes128-sha256-ecp256!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..7ffdcc2
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..64ec0f1
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes128-sha256-ecp224,aes128-sha256-ecp256!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/posttest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/test.conf b/testing/tests/openssl-ikev2/alg-ecp-low/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/description.txt b/testing/tests/openssl-ikev2/ecdsa-certs/description.txt
new file mode 100644 (file)
index 0000000..2c098d8
--- /dev/null
@@ -0,0 +1,11 @@
+The hosts <b>carol</b>, <b>dave</b>, and <b>moon</b> use the <b>openssl</b> plugin
+based on the <b>OpenSSL</b> library for all cryptographical functions.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>ECDSA signatures</b>
+using <b>Elliptic Curve certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat
new file mode 100644 (file)
index 0000000..a7243ce
--- /dev/null
@@ -0,0 +1,14 @@
+moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful
+moon::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful
+carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful
+dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..4f6fdc5
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       authby=ecdsasig
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
new file mode 100644 (file)
index 0000000..2970992
--- /dev/null
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAlGgAwIBAgIBBDAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
+VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
+b3QgQ0EwHhcNMDgwNjIyMTYyOTE4WhcNMTMwNjIxMTYyOTE4WjBfMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
+MjU2IGJpdDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAAQgp/Z/GgzvVCDdVcIYqERml0KroZEaVqiF8uy8dlTS
+4mxNs6snDdEWh/LzXTd3NVnCihT2XgHxOk8NrX4hBMMYo4IBFDCCARAwCQYDVR0T
+BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFLdhGhurno1dU2SMx7UGXpa/lgJ9
+MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
+b25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdz
+d2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAJBgcqhkjOPQQBA4GMADCBiAJCATa+
+sBFW3vCx/JgLyxU85F2QuLO0/zdNBhIU0kN7kr1cYBBr8mpbhuNKm6iFe2DsFJZx
+ii3DQjwvG46is2Njzi4vAkIA72lPodCDtAFpD/2PUxjzo6xTAFazUejobkdDTUXn
+s0f8qIzzeQuTwLbp6pDmR/JGzhAeRvQT82njCo0PJ8Hbz1c=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
new file mode 100644 (file)
index 0000000..5f21c10
--- /dev/null
@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,F36088B0517117B50C1A436E5C84526E
+
+Zulq4O8x8i4P2I8+Ewe2pPJT8K2kzX9JjGhquFKaZdEG1YmXqIdMz41DA1b9cQjt
+KJstY10Gzc/C6Hv9v/ljfplcnumYBFdFsqvQ/Z0xh/G9u/J1gXjghhrQCUXbFble
+RVSwozA9IcCC9yQdhYyazF+85DR+p8AyQ5w2unOvuOk=
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.secrets b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..4e53ef9
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA carolKey.pem "nH5ZQEWtku0RJEZ6"
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..3138458
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       authby=ecdsasig
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
new file mode 100644 (file)
index 0000000..075d8f1
--- /dev/null
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCTCCAmygAwIBAgIBAzAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
+VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
+b3QgQ0EwHhcNMDgwNjIyMTYxMzU5WhcNMTMwNjIxMTYxMzU5WjBeMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
+Mzg0IGJpdDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABPxEg8AaVNAwCXqg0p21Zc7YzPLA3voAWf233CZJpsjb1w3y
+IeTUeIeGU7aLWAyuXgeBsx+lKzWy00LzPELOgK+3ulTHzBZg7s8kMGhwPWfV4JLA
+zrso5+i64+Y4wvRCBaOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0G
+A1UdDgQWBBQxJAy8gaP3RNBt1WTD27/IMzANmTB4BgNVHSMEcTBvgBS6XflxthO1
+atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4
+IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPai
+dX4i76aJMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2Vj
+LmNybDAJBgcqhkjOPQQBA4GLADCBhwJCAZaqaroyGwqd7nb5dVVWjTK8glVzDFJH
+ru4F6R+7fDCGEOaFlxf4GRkSrvQQA8vfgo6Md9XjBwq0r+9s3xt5xJjJAkElSo1/
+wyn8KQ3XN07UIaMvPctipq2OgpfteQK/F81CtZ+YCLEQt3xT7NQpriaKwGQxJAQv
+g+Z+grJzTppAqpwRpg==
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
new file mode 100644 (file)
index 0000000..f628f88
--- /dev/null
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDCF8kl4ftfgcvWH2myFxhc22CUT63uPy28fqUMibnpRS/wf/pfxIrVX
++BhxpUhWS2agBwYFK4EEACKhZANiAAT8RIPAGlTQMAl6oNKdtWXO2MzywN76AFn9
+t9wmSabI29cN8iHk1HiHhlO2i1gMrl4HgbMfpSs1stNC8zxCzoCvt7pUx8wWYO7P
+JDBocD1n1eCSwM67KOfouuPmOML0QgU=
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.secrets b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..ebd3a28
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA daveKey.pem
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..892e0c3
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       authby=ecdsasig
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644 (file)
index 0000000..3480a43
--- /dev/null
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
+Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
+YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
+BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
+/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
+h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
+t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
+CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
+ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
+ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
+cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
+3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
new file mode 100644 (file)
index 0000000..5178c7f
--- /dev/null
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMDCCApKgAwIBAgIBATAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
+VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
+b3QgQ0EwHhcNMDgwNjIyMTQ0MzA3WhcNMTMwNjIxMTQ0MzA3WjBeMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
+NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
+PQIBBgUrgQQAIwOBhgAEALmnl/PUy9v7Qsc914kdzY+TQ6VY2192oRoa9SkpxXrs
+5GnWSJoz3yinpPHdchH0UknKt/C2Ik2k7izDH/Zau5gNAD1PqBrYWtcP+sLnH1G9
+BTibraniAUSpSaDhiWrfTteRNWqkzZI37a6YfKcBZozQcvYMW1co15EwZTptqykX
+Eepuo4IBEzCCAQ8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDVU
+Hzs47lOG0dHsezm6aFqdwJwfMHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHu
+j9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
+bjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYD
+VR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6Athito
+dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAkGByqG
+SM49BAEDgYwAMIGIAkIBDgZs1pXvm8SwT9S1m6nIHwuZsJDsDri/PWM6NXdMUXEt
+l0p8cfq8PbJlK/0+eLz8Ec1zpWuF5vasFHkVhauHdnECQgEVuYTrlry9gAx7G4kH
+mne2yDxTclEDziWxPG4UkZbkGttf9eZlsXmNoX/Z/fojXxMYZaPqM3eOT2h6ezMD
+CI9WpQ==
+-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644 (file)
index 0000000..beab048
--- /dev/null
@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIBrBxHEGICJRNkhm0HWfARp+dIzm6Lw7eCbQXNM6jSGL4DVNDVCV42
+yOKQqifWEcNWxO+wWtBaz91IF5hz/m4TbOGgBwYFK4EEACOhgYkDgYYABAC5p5fz
+1Mvb+0LHPdeJHc2Pk0OlWNtfdqEaGvUpKcV67ORp1kiaM98op6Tx3XIR9FJJyrfw
+tiJNpO4swx/2WruYDQA9T6ga2FrXD/rC5x9RvQU4m62p4gFEqUmg4Ylq307XkTVq
+pM2SN+2umHynAWaM0HL2DFtXKNeRMGU6baspFxHqbg==
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.secrets b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..1ef3ecc
--- /dev/null
@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: ECDSA moonKey.pem
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/posttest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/test.conf b/testing/tests/openssl-ikev2/ecdsa-certs/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl-ikev2/rw-cert/description.txt b/testing/tests/openssl-ikev2/rw-cert/description.txt
new file mode 100644 (file)
index 0000000..0f721c5
--- /dev/null
@@ -0,0 +1,12 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
+plugin based on the <b>OpenSSL</b> library for all cryptographical functions
+whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins <b>aes des sha1 sha2 md5 gmp</b>.
+<p>
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/openssl-ikev2/rw-cert/evaltest.dat b/testing/tests/openssl-ikev2/rw-cert/evaltest.dat
new file mode 100644 (file)
index 0000000..06a0f8c
--- /dev/null
@@ -0,0 +1,10 @@
+moon::ipsec statusall::rw.*ESTABLISHED::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..4a8baa3
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=3des-sha1-modp1536!
+
+conn home
+       left=PH_IP_CAROL
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..e102303
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..42f03aa
--- /dev/null
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes256-sha256-modp2048!
+
+conn home
+       left=PH_IP_DAVE
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightid=@moon.strongswan.org
+       rightsubnet=10.1.0.0/16
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..d46082b
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/ipsec.conf
new file mode 100755 (executable)
index 0000000..2e84f2e
--- /dev/null
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+       strictcrlpolicy=no
+       plutostart=no
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+       ike=aes256-sha256-modp2048,3des-sha1-modp1536!
+
+conn rw
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftfirewall=yes
+       right=%any
+       auto=add
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..1887f76
--- /dev/null
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
+}
diff --git a/testing/tests/openssl-ikev2/rw-cert/posttest.dat b/testing/tests/openssl-ikev2/rw-cert/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl-ikev2/rw-cert/pretest.dat b/testing/tests/openssl-ikev2/rw-cert/pretest.dat
new file mode 100644 (file)
index 0000000..42e9d7c
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/openssl-ikev2/rw-cert/test.conf b/testing/tests/openssl-ikev2/rw-cert/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/alg-blowfish/description.txt b/testing/tests/openssl/alg-blowfish/description.txt
deleted file mode 100644 (file)
index d30d9d2..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> as well as the gateway <b>moon</b>
-use the <b>openssl</b> plugin based on the <b>OpenSSL</b> library for all
-cryptographical functions, thus making the <b>Blowfish</b> available as an IKEv2 cipher.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
-encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/alg-blowfish/evaltest.dat b/testing/tests/openssl/alg-blowfish/evaltest.dat
deleted file mode 100644 (file)
index a1f9f6a..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256::YES
-carol::ipsec statusall::BLOWFISH_CBC_192.*,::YES
-carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128::YES
-dave::ipsec statusall::BLOWFISH_CBC_128.*,::YES
-dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/alg-blowfish/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 62e1810..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=blowfish256-sha512-modp2048!
-       esp=blowfish192-sha256!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/alg-blowfish/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/alg-blowfish/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 26f3f3a..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=blowfish128-sha256-modp1536!
-       esp=blowfish128-sha1!
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/alg-blowfish/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/alg-blowfish/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 31a00f7..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
-       esp=blowfish192-sha256,blowfish128-sha1!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/alg-blowfish/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 1887f76..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  dh_exponent_ansi_x9_42 = no
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/alg-blowfish/posttest.dat b/testing/tests/openssl/alg-blowfish/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/alg-blowfish/pretest.dat b/testing/tests/openssl/alg-blowfish/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/alg-blowfish/test.conf b/testing/tests/openssl/alg-blowfish/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/ecdsa-certs/description.txt b/testing/tests/openssl/ecdsa-certs/description.txt
deleted file mode 100644 (file)
index 2c098d8..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-The hosts <b>carol</b>, <b>dave</b>, and <b>moon</b> use the <b>openssl</b> plugin
-based on the <b>OpenSSL</b> library for all cryptographical functions.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b>. The authentication is based on <b>ECDSA signatures</b>
-using <b>Elliptic Curve certificates</b>.
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/ecdsa-certs/evaltest.dat b/testing/tests/openssl/ecdsa-certs/evaltest.dat
deleted file mode 100644 (file)
index a7243ce..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful
-moon::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful
-carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful
-dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 4f6fdc5..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       authby=ecdsasig
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 3480a43..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644 (file)
index 2970992..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC7zCCAlGgAwIBAgIBBDAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYyOTE4WhcNMTMwNjIxMTYyOTE4WjBfMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-MjU2IGJpdDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQgp/Z/GgzvVCDdVcIYqERml0KroZEaVqiF8uy8dlTS
-4mxNs6snDdEWh/LzXTd3NVnCihT2XgHxOk8NrX4hBMMYo4IBFDCCARAwCQYDVR0T
-BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFLdhGhurno1dU2SMx7UGXpa/lgJ9
-MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
-b25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdz
-d2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAJBgcqhkjOPQQBA4GMADCBiAJCATa+
-sBFW3vCx/JgLyxU85F2QuLO0/zdNBhIU0kN7kr1cYBBr8mpbhuNKm6iFe2DsFJZx
-ii3DQjwvG46is2Njzi4vAkIA72lPodCDtAFpD/2PUxjzo6xTAFazUejobkdDTUXn
-s0f8qIzzeQuTwLbp6pDmR/JGzhAeRvQT82njCo0PJ8Hbz1c=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644 (file)
index 5f21c10..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,F36088B0517117B50C1A436E5C84526E
-
-Zulq4O8x8i4P2I8+Ewe2pPJT8K2kzX9JjGhquFKaZdEG1YmXqIdMz41DA1b9cQjt
-KJstY10Gzc/C6Hv9v/ljfplcnumYBFdFsqvQ/Z0xh/G9u/J1gXjghhrQCUXbFble
-RVSwozA9IcCC9yQdhYyazF+85DR+p8AyQ5w2unOvuOk=
------END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.secrets b/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 4e53ef9..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA carolKey.pem "nH5ZQEWtku0RJEZ6"
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/ecdsa-certs/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 3138458..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       authby=ecdsasig
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 3480a43..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
deleted file mode 100644 (file)
index 075d8f1..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDCTCCAmygAwIBAgIBAzAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTYxMzU5WhcNMTMwNjIxMTYxMzU5WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-Mzg0IGJpdDEcMBoGA1UEAxQTZGF2ZUBzdHJvbmdzd2FuLm9yZzB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABPxEg8AaVNAwCXqg0p21Zc7YzPLA3voAWf233CZJpsjb1w3y
-IeTUeIeGU7aLWAyuXgeBsx+lKzWy00LzPELOgK+3ulTHzBZg7s8kMGhwPWfV4JLA
-zrso5+i64+Y4wvRCBaOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0G
-A1UdDgQWBBQxJAy8gaP3RNBt1WTD27/IMzANmTB4BgNVHSMEcTBvgBS6XflxthO1
-atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4
-IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPai
-dX4i76aJMB4GA1UdEQQXMBWBE2RhdmVAc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUw
-MzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2Vj
-LmNybDAJBgcqhkjOPQQBA4GLADCBhwJCAZaqaroyGwqd7nb5dVVWjTK8glVzDFJH
-ru4F6R+7fDCGEOaFlxf4GRkSrvQQA8vfgo6Md9XjBwq0r+9s3xt5xJjJAkElSo1/
-wyn8KQ3XN07UIaMvPctipq2OgpfteQK/F81CtZ+YCLEQt3xT7NQpriaKwGQxJAQv
-g+Z+grJzTppAqpwRpg==
------END CERTIFICATE-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
deleted file mode 100644 (file)
index f628f88..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCF8kl4ftfgcvWH2myFxhc22CUT63uPy28fqUMibnpRS/wf/pfxIrVX
-+BhxpUhWS2agBwYFK4EEACKhZANiAAT8RIPAGlTQMAl6oNKdtWXO2MzywN76AFn9
-t9wmSabI29cN8iHk1HiHhlO2i1gMrl4HgbMfpSs1stNC8zxCzoCvt7pUx8wWYO7P
-JDBocD1n1eCSwM67KOfouuPmOML0QgU=
------END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.secrets b/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index ebd3a28..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA daveKey.pem
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/ecdsa-certs/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 892e0c3..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       authby=ecdsasig
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 3480a43..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
------END CERTIFICATE-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
deleted file mode 100644 (file)
index 5178c7f..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDMDCCApKgAwIBAgIBATAJBgcqhkjOPQQBMEgxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJv
-b3QgQ0EwHhcNMDgwNjIyMTQ0MzA3WhcNMTMwNjIxMTQ0MzA3WjBeMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEWMBQGA1UECxMNRUNEU0Eg
-NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEALmnl/PUy9v7Qsc914kdzY+TQ6VY2192oRoa9SkpxXrs
-5GnWSJoz3yinpPHdchH0UknKt/C2Ik2k7izDH/Zau5gNAD1PqBrYWtcP+sLnH1G9
-BTibraniAUSpSaDhiWrfTteRNWqkzZI37a6YfKcBZozQcvYMW1co15EwZTptqykX
-Eepuo4IBEzCCAQ8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDVU
-Hzs47lOG0dHsezm6aFqdwJwfMHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHu
-j9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYD
-VR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6Athito
-dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAkGByqG
-SM49BAEDgYwAMIGIAkIBDgZs1pXvm8SwT9S1m6nIHwuZsJDsDri/PWM6NXdMUXEt
-l0p8cfq8PbJlK/0+eLz8Ec1zpWuF5vasFHkVhauHdnECQgEVuYTrlry9gAx7G4kH
-mne2yDxTclEDziWxPG4UkZbkGttf9eZlsXmNoX/Z/fojXxMYZaPqM3eOT2h6ezMD
-CI9WpQ==
------END CERTIFICATE-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
deleted file mode 100644 (file)
index beab048..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIBrBxHEGICJRNkhm0HWfARp+dIzm6Lw7eCbQXNM6jSGL4DVNDVCV42
-yOKQqifWEcNWxO+wWtBaz91IF5hz/m4TbOGgBwYFK4EEACOhgYkDgYYABAC5p5fz
-1Mvb+0LHPdeJHc2Pk0OlWNtfdqEaGvUpKcV67ORp1kiaM98op6Tx3XIR9FJJyrfw
-tiJNpO4swx/2WruYDQA9T6ga2FrXD/rC5x9RvQU4m62p4gFEqUmg4Ylq307XkTVq
-pM2SN+2umHynAWaM0HL2DFtXKNeRMGU6baspFxHqbg==
------END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.secrets b/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 1ef3ecc..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: ECDSA moonKey.pem
diff --git a/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/ecdsa-certs/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ecdsa-certs/posttest.dat b/testing/tests/openssl/ecdsa-certs/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/ecdsa-certs/pretest.dat b/testing/tests/openssl/ecdsa-certs/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/ecdsa-certs/test.conf b/testing/tests/openssl/ecdsa-certs/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/description.txt b/testing/tests/openssl/ikev1-alg-ecp-high/description.txt
deleted file mode 100644 (file)
index b8efbe8..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
-plugin based on the <b>OpenSSL</b> library for all cryptographical functions
-whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
-the Elliptic Curve Diffie-Hellman groups only.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-<b>carol</b> proposes the DH groups ECP_256 and ECP_384 whereas <b>dave</b> proposes
-ECP_256 and ECP_521. Since <b>moon</b> does not support ECP_256 the roadwarriors
-fall back to ECP_384 and ECP_521, respectively.
-<p>
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/evaltest.dat b/testing/tests/openssl/ikev1-alg-ecp-high/evaltest.dat
deleted file mode 100644 (file)
index 6a68027..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::cat /var/log/auth.log::ECP_256.*refused due to strict flag::YES
-moon::ipsec statusall::IPsec SA established::YES
-carol::ipsec statusall::IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/ECP_384::YES
-dave::ipsec statusall::IPsec SA established::YES
-dave::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/ECP_521::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/ikev1-alg-ecp-high/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 432fa52..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes192-sha384-ecp256,aes192-sha384-ecp384!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/ikev1-alg-ecp-high/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index c33f54e..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = openssl random hmac curl
-}
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/ikev1-alg-ecp-high/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 28304eb..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes256-sha512-ecp256,aes256-sha512-ecp521!
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/ikev1-alg-ecp-high/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 53af5cf..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = aes des sha1 sha2 md5 gmp openssl random hmac curl
-}
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/ikev1-alg-ecp-high/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index d6737f6..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes192-sha384-ecp384,aes256-sha512-ecp521!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/ikev1-alg-ecp-high/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index c33f54e..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = openssl random hmac curl
-}
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/posttest.dat b/testing/tests/openssl/ikev1-alg-ecp-high/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/pretest.dat b/testing/tests/openssl/ikev1-alg-ecp-high/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/ikev1-alg-ecp-high/test.conf b/testing/tests/openssl/ikev1-alg-ecp-high/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/description.txt b/testing/tests/openssl/ikev1-alg-ecp-low/description.txt
deleted file mode 100644 (file)
index 4f043e7..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
-plugin based on the <b>OpenSSL</b> library for all cryptographical functions
-whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
-the Elliptic Curve Diffie-Hellman groups only.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-<b>carol</b> proposes the DH groups ECP_192 and ECP_224 whereas <b>dave</b> proposes
-ECP_192 and ECP_256. Since <b>moon</b> does not support ECP_192 the roadwarriors
-fall back to ECP_224 and ECP_256, respectively.
-<p>
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/evaltest.dat b/testing/tests/openssl/ikev1-alg-ecp-low/evaltest.dat
deleted file mode 100644 (file)
index 3c5ae41..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::cat /var/log/auth.log::ECP_192.*refused due to strict flag::YES
-moon::ipsec statusall::IPsec SA established::YES
-carol::ipsec statusall::IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/ECP_224::YES
-dave::ipsec statusall::IPsec SA established::YES
-dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/ECP_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/ikev1-alg-ecp-low/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 5a4d826..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes128-sha256-ecp192,aes128-sha256-ecp224!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/ikev1-alg-ecp-low/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 90668fd..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = openssl random hmac curl 
-}
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/ikev1-alg-ecp-low/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index ac828c1..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes128-sha256-ecp192,aes128-sha256-ecp256!
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/ikev1-alg-ecp-low/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index bd7dc85..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = aes des sha1 sha2 md5 gmp openssl random hmac curl
-}
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/ikev1-alg-ecp-low/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 870271c..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes128-sha256-ecp224,aes128-sha256-ecp256!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/ikev1-alg-ecp-low/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 90668fd..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = openssl random hmac curl 
-}
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/posttest.dat b/testing/tests/openssl/ikev1-alg-ecp-low/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/pretest.dat b/testing/tests/openssl/ikev1-alg-ecp-low/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/ikev1-alg-ecp-low/test.conf b/testing/tests/openssl/ikev1-alg-ecp-low/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/description.txt b/testing/tests/openssl/ikev2-alg-ecp-high/description.txt
deleted file mode 100644 (file)
index b8efbe8..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
-plugin based on the <b>OpenSSL</b> library for all cryptographical functions
-whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
-the Elliptic Curve Diffie-Hellman groups only.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-<b>carol</b> proposes the DH groups ECP_256 and ECP_384 whereas <b>dave</b> proposes
-ECP_256 and ECP_521. Since <b>moon</b> does not support ECP_256 the roadwarriors
-fall back to ECP_384 and ECP_521, respectively.
-<p>
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/evaltest.dat b/testing/tests/openssl/ikev2-alg-ecp-high/evaltest.dat
deleted file mode 100644 (file)
index 0099364..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-carol::cat /var/log/daemon.log::ECP_256.*ECP_384::YES
-dave::cat /var/log/daemon.log::ECP_256.*ECP_521::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/ikev2-alg-ecp-high/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 0550a09..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes192-sha384-ecp256,aes192-sha384-ecp384!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/ikev2-alg-ecp-high/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/ikev2-alg-ecp-high/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 22026fc..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes256-sha512-ecp256,aes256-sha512-ecp521!
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/ikev2-alg-ecp-high/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 7ffdcc2..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 gmp openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/ikev2-alg-ecp-high/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index ffe13d2..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes192-sha384-ecp384,aes256-sha512-ecp521!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/ikev2-alg-ecp-high/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/posttest.dat b/testing/tests/openssl/ikev2-alg-ecp-high/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/pretest.dat b/testing/tests/openssl/ikev2-alg-ecp-high/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/ikev2-alg-ecp-high/test.conf b/testing/tests/openssl/ikev2-alg-ecp-high/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/description.txt b/testing/tests/openssl/ikev2-alg-ecp-low/description.txt
deleted file mode 100644 (file)
index 4f043e7..0000000
+++ /dev/null
@@ -1,17 +0,0 @@
-The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
-plugin based on the <b>OpenSSL</b> library for all cryptographical functions
-whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins <b>aes des sha1 sha2 md5 gmp</b> plus the <b>openssl</b> plugin for 
-the Elliptic Curve Diffie-Hellman groups only.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-<b>carol</b> proposes the DH groups ECP_192 and ECP_224 whereas <b>dave</b> proposes
-ECP_192 and ECP_256. Since <b>moon</b> does not support ECP_192 the roadwarriors
-fall back to ECP_224 and ECP_256, respectively.
-<p>
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/evaltest.dat b/testing/tests/openssl/ikev2-alg-ecp-low/evaltest.dat
deleted file mode 100644 (file)
index e2073d9..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-carol::cat /var/log/daemon.log::ECP_192.*ECP_224::YES
-dave::cat /var/log/daemon.log::ECP_192.*ECP_256::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/ikev2-alg-ecp-low/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 6a15b3f..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes128-sha256-ecp192,aes128-sha256-ecp224!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/ikev2-alg-ecp-low/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/ikev2-alg-ecp-low/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index b4bdf45..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes128-sha256-ecp192,aes128-sha256-ecp256!
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/ikev2-alg-ecp-low/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 7ffdcc2..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 gmp openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/ikev2-alg-ecp-low/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 64ec0f1..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes128-sha256-ecp224,aes128-sha256-ecp256!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/ikev2-alg-ecp-low/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/posttest.dat b/testing/tests/openssl/ikev2-alg-ecp-low/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/pretest.dat b/testing/tests/openssl/ikev2-alg-ecp-low/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/ikev2-alg-ecp-low/test.conf b/testing/tests/openssl/ikev2-alg-ecp-low/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/rw-cert-ikev1/description.txt b/testing/tests/openssl/rw-cert-ikev1/description.txt
deleted file mode 100644 (file)
index 0f721c5..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
-plugin based on the <b>OpenSSL</b> library for all cryptographical functions
-whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins <b>aes des sha1 sha2 md5 gmp</b>.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/rw-cert-ikev1/evaltest.dat b/testing/tests/openssl/rw-cert-ikev1/evaltest.dat
deleted file mode 100644 (file)
index 1a9b915..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-moon::ipsec statusall::IPsec SA established::YES
-carol::ipsec statusall::IPsec SA established::YES
-dave::ipsec statusall::IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/rw-cert-ikev1/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/rw-cert-ikev1/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 80dae37..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=3des-sha1-modp1536!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/rw-cert-ikev1/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/rw-cert-ikev1/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index c33f54e..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = openssl random hmac curl
-}
diff --git a/testing/tests/openssl/rw-cert-ikev1/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/rw-cert-ikev1/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 73167ca..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes256-sha256-modp2048!
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/rw-cert-ikev1/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/rw-cert-ikev1/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index b914f9a..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = aes des sha1 sha2 md5 gmp random hmac curl
-}
diff --git a/testing/tests/openssl/rw-cert-ikev1/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/rw-cert-ikev1/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index f365b07..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       charonstart=no
-       plutodebug=control
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       ike=aes256-sha256-modp2048,3des-sha1-modp1536!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/rw-cert-ikev1/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/rw-cert-ikev1/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 044a76b..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  dh_exponent_ansi_x9_42 = no
-}
-
-pluto {
-  load = openssl random hmac curl
-}
diff --git a/testing/tests/openssl/rw-cert-ikev1/posttest.dat b/testing/tests/openssl/rw-cert-ikev1/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/rw-cert-ikev1/pretest.dat b/testing/tests/openssl/rw-cert-ikev1/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/rw-cert-ikev1/test.conf b/testing/tests/openssl/rw-cert-ikev1/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/openssl/rw-cert-ikev2/description.txt b/testing/tests/openssl/rw-cert-ikev2/description.txt
deleted file mode 100644 (file)
index 0f721c5..0000000
+++ /dev/null
@@ -1,12 +0,0 @@
-The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b>
-plugin based on the <b>OpenSSL</b> library for all cryptographical functions
-whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
-plugins <b>aes des sha1 sha2 md5 gmp</b>.
-<p>
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
-to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
-the client <b>alice</b> behind the gateway <b>moon</b>.
-
diff --git a/testing/tests/openssl/rw-cert-ikev2/evaltest.dat b/testing/tests/openssl/rw-cert-ikev2/evaltest.dat
deleted file mode 100644 (file)
index 06a0f8c..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/openssl/rw-cert-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/openssl/rw-cert-ikev2/hosts/carol/etc/ipsec.conf
deleted file mode 100755 (executable)
index 4a8baa3..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=3des-sha1-modp1536!
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/rw-cert-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/openssl/rw-cert-ikev2/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index e102303..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/rw-cert-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/openssl/rw-cert-ikev2/hosts/dave/etc/ipsec.conf
deleted file mode 100755 (executable)
index 42f03aa..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes256-sha256-modp2048!
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=10.1.0.0/16
-       auto=add
diff --git a/testing/tests/openssl/rw-cert-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/openssl/rw-cert-ikev2/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index d46082b..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/rw-cert-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/openssl/rw-cert-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100755 (executable)
index 2e84f2e..0000000
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
-       plutostart=no
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       ike=aes256-sha256-modp2048,3des-sha1-modp1536!
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftfirewall=yes
-       right=%any
-       auto=add
diff --git a/testing/tests/openssl/rw-cert-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/openssl/rw-cert-ikev2/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 1887f76..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  dh_exponent_ansi_x9_42 = no
-  load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
-}
diff --git a/testing/tests/openssl/rw-cert-ikev2/posttest.dat b/testing/tests/openssl/rw-cert-ikev2/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/openssl/rw-cert-ikev2/pretest.dat b/testing/tests/openssl/rw-cert-ikev2/pretest.dat
deleted file mode 100644 (file)
index 42e9d7c..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/openssl/rw-cert-ikev2/test.conf b/testing/tests/openssl/rw-cert-ikev2/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"