testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 10 Nov 2017 10:28:28 +0000 (11:28 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 10 Nov 2017 12:54:50 +0000 (13:54 +0100)
31 files changed:
testing/tests/ipv6/rw-rfc3779-ikev2/evaltest.dat
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem [deleted file]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf [new file with mode: 0755]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem [new file with mode: 0644]
testing/tests/ipv6/rw-rfc3779-ikev2/posttest.dat
testing/tests/ipv6/rw-rfc3779-ikev2/pretest.dat
testing/tests/ipv6/rw-rfc3779-ikev2/test.conf

index 551eae2..082416d 100644 (file)
@@ -1,18 +1,13 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon:: cat /var/log/daemon.log::TS fec0:\:10/128 is contained in address block constraint fec0:\:10/128::YES
 moon:: cat /var/log/daemon.log::TS fec0:\:20/128 is contained in address block constraint fec0:\:20/128::YES
 carol::cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
 dave:: cat /var/log/daemon.log::TS fec1:\:/16 is contained in address block constraint fec1:\:/16::YES
 carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
 dave:: ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
-moon::tcpdump::IP6 ip6-carol.strongswan.org > ip6-moon.strongswan.org: ESP::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:10 local-port=4500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=4500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP..*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=fec0:\:1 local-port=4500 local-id=moon.strongswan.org remote-host=fec0:\:20 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:20/128]::YES
 moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-carol.strongswan.org: ESP::YES
 moon::tcpdump::IP6 ip6-dave.strongswan.org > ip6-moon.strongswan.org: ESP::YES
 moon::tcpdump::IP6 ip6-moon.strongswan.org > ip6-dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.conf
deleted file mode 100644 (file)
index a2e054e..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
-       cacert=strongswanCert.pem
-       certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
-       crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
-       auto=add
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-
-conn home
-       left=PH_IP6_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftfirewall=yes
-       right=PH_IP6_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=0::0/0
-       keyexchange=ikev2
-       auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 8e872d8..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz
-Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz
-MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
-dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ
-Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr
-b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y
-GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF
-Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU
-EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB
-ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM
-BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3
-OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI
-KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK
-AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB
-ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm
-uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud
-rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS
-Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA
-MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX
-fN8iF5kHn7S+Nd9ZFlf3S1w=
------END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644 (file)
index bf8a491..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEojCCA4qgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
-A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTE0MTIyNzA4NTEzMFoXDTE5
-MTIyMTA4NTEzMFowWTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
-Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3
-YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSlxt8LQf1wJ
-u1rDltyU0dEjEqA+TxWQYi+gMakDGmWmFec1XELjKv3kcYp2McydNPq63fw9XXbu
-a/jMtmEZdFc/dpWYvsyXfyL0OOhh50PlwN++e0xxcZS4NQ6wz57bHgARzMoCisNr
-xcN0F44S0Zyn8edHkE4XV4c0p+ojB6cw5LieSMGIBQjKGCd2a3eZYhTCs6hI0vhQ
-Q1jDLyOvSWo+raa/uDTBYXCVYdN3lbHCPiXPuMY1CwZkGcANd6vBK5YBNiZFquBj
-FhIk8SBUkoEkUQMx+pMk3hGmq5aZXGxm9rHN8Xim/AewWRcKJJKdlLAAHmZD0jx2
-g/E0LGu01wIDAQABo4IBcjCCAW4wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD
-VR0OBBYEFNs9CUs7SNJewkkfo1Bg7bcUEzPXMIGMBgNVHSMEgYQwgYGAFCF/p+s3
-0KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
-dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
-b25nc3dhbi5vcmcwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5zdHJvbmdz
-d2FuLm9yZy9zdHJvbmdzd2FuX3JmYzM3NzkuY3JsMEIGCCsGAQUFBwEHAQH/BDMw
-MTAUBAIAATAOAwUACgMAAQMFAMCoAGQwGQQCAAIwEwMRAP7AAAAAAAAAAAAAAAAA
-ABAwDQYJKoZIhvcNAQELBQADggEBAEYqXkheXXHiC5JnrZm5QUo11Vu4CtNRGeg0
-atuG8ZNHgQfa7wjjeCDNpj3lHvyegYsSMo7wGwN7DugH0mmXKZF9XHc4sU7/aUvl
-mX52tDuUoCGD0/yFuKLlYOfwmsquC9snYDW7cJXaqMON/OMLcU44OR8E1oiw2ePT
-FqyGFbfparp+Q8I7VHwJBs+mDphdNUlFbpuO9m2eEtqdYVyXlfUnbFpMMyWxxIY/
-6CIyWcRRKeWRRXxkk/dSeEWgsfWY7ITK9blP5nhIsgpCoEguGc6h4RL65VdH+Sy0
-9MLpesyGe6qkdrrg4nyaY82uuFXhUo0YiP0ddUw8eNaefFqEzL0=
------END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644 (file)
index a756221..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAsSlxt8LQf1wJu1rDltyU0dEjEqA+TxWQYi+gMakDGmWmFec1
-XELjKv3kcYp2McydNPq63fw9XXbua/jMtmEZdFc/dpWYvsyXfyL0OOhh50PlwN++
-e0xxcZS4NQ6wz57bHgARzMoCisNrxcN0F44S0Zyn8edHkE4XV4c0p+ojB6cw5Lie
-SMGIBQjKGCd2a3eZYhTCs6hI0vhQQ1jDLyOvSWo+raa/uDTBYXCVYdN3lbHCPiXP
-uMY1CwZkGcANd6vBK5YBNiZFquBjFhIk8SBUkoEkUQMx+pMk3hGmq5aZXGxm9rHN
-8Xim/AewWRcKJJKdlLAAHmZD0jx2g/E0LGu01wIDAQABAoIBAQCKdl7HhX5ZHAEL
-KjwVq56wgekMhKtOOgdXheuJBJRFTE7LbaI50pkjn72ss8/+yfHQV2o3Vw5K/0oG
-nzS4EhnH4Ozb7L2t2c9J8XK5C36BNoLaBMUmLq+3WsnBxhKQopKU1u8ShIwKEgQo
-U8NnKYYxx2NHYECBW1dI9IZF+muYbVg420PJ4DiFMSTy5+o+UsI8X0ymV2RYZAfg
-qO8WgQYHZca2ffJ4rJHi8wf4IzaH//65vP+Ij7FGzfXmBd3A9F1wP7skBYZRYPp6
-MtZ5cxfNUwkGtkmt1KaEnsmg4F1/jaB0h5+xT4pj6NqaatvoKZ5zd8zpcGktuptO
-zhTa63hpAoGBAOkxtwWaJAHj1GH1CzIkCP4siySSgphtcjP96XdcIaTuGx8gp/YU
-0Bj3irK3KpVNrcLgc8KzylfMiAETMlRnEb28wSfqkegCR4Lrrsw3YjEAcVPC9Vtb
-/wQHc9wUGCt0OUv7EE7alB/cKnjTQzF6ZgTGTUhGv4CuL6XjhEzqiA0bAoGBAMJ8
-5V/wjaDkRDHRtaDI7xX2j4uPE7FoQYCSVtKOil3rmIrmgBCXTtWB8EQ9o3Ux6sOl
-lmA3sSF1ajyPu8e2+QhQF9wAF5mvN80aPj0KXKCv6Qx/H6Tjpg3eqVr6rucOyH58
-gKnuo1YISFcjcMkNEOZy6//7SkmAAN/p0Dgk6h71AoGAVKSC9jmY0EbOFDBJvA1w
-ZjHs331+ga1YQp7rWzPJ0n/KwGWuEZhEYIuZgH0Tq9XiOFYYLpfr3iqTQzCgmBpB
-Skl1IvP1uez53/+EFwQTVA4BFJIzVNHzopbB6yQwEbXCBl4+8SBNm7Lih7DHNvJi
-jWEdNBrZ7+9JxEDtCK4oa/kCgYBbaHwd9V97aQ2sJJYq9YV5WyLoQtzMmuV+Wkk4
-OQpLTjmpvuAd7B9/Nc0JJbc3k7h1L9RXcJVt1lOSFzP4j8TH5WzxV5HAB5xAZ78s
-zTvvwf3Ug8MJqn0XM7mBKyUdL9OHr1iBhcl62/W0DtIpjFyPEyBcdWza0rCWjLvy
-R1dKKQKBgQCKTLKYv0c1h2e5i4mNCGWhR83x+k1ChZZLwoEC9f65tjrbOG0UEHAn
-oz9N0m6jCQvnzvN8cHgFl8yoWmnOjEnsSDFQlIRvAXGzHd4ahMB+75WbLi31H2bv
-XvZyakeTVfoOVArNUwLSHozr0VIUjnRirLht939dlFj4FLih/igWFA==
------END RSA PRIVATE KEY-----
index da170cb..51aea1d 100644 (file)
@@ -1,6 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-charon {
-  hash_and_url = yes
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+
+  syslog {
+    daemon {
+      default = 1
+    }
+    auth {
+      default = 0
+    }
+  }
 }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644 (file)
index 0000000..a756221
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsSlxt8LQf1wJu1rDltyU0dEjEqA+TxWQYi+gMakDGmWmFec1
+XELjKv3kcYp2McydNPq63fw9XXbua/jMtmEZdFc/dpWYvsyXfyL0OOhh50PlwN++
+e0xxcZS4NQ6wz57bHgARzMoCisNrxcN0F44S0Zyn8edHkE4XV4c0p+ojB6cw5Lie
+SMGIBQjKGCd2a3eZYhTCs6hI0vhQQ1jDLyOvSWo+raa/uDTBYXCVYdN3lbHCPiXP
+uMY1CwZkGcANd6vBK5YBNiZFquBjFhIk8SBUkoEkUQMx+pMk3hGmq5aZXGxm9rHN
+8Xim/AewWRcKJJKdlLAAHmZD0jx2g/E0LGu01wIDAQABAoIBAQCKdl7HhX5ZHAEL
+KjwVq56wgekMhKtOOgdXheuJBJRFTE7LbaI50pkjn72ss8/+yfHQV2o3Vw5K/0oG
+nzS4EhnH4Ozb7L2t2c9J8XK5C36BNoLaBMUmLq+3WsnBxhKQopKU1u8ShIwKEgQo
+U8NnKYYxx2NHYECBW1dI9IZF+muYbVg420PJ4DiFMSTy5+o+UsI8X0ymV2RYZAfg
+qO8WgQYHZca2ffJ4rJHi8wf4IzaH//65vP+Ij7FGzfXmBd3A9F1wP7skBYZRYPp6
+MtZ5cxfNUwkGtkmt1KaEnsmg4F1/jaB0h5+xT4pj6NqaatvoKZ5zd8zpcGktuptO
+zhTa63hpAoGBAOkxtwWaJAHj1GH1CzIkCP4siySSgphtcjP96XdcIaTuGx8gp/YU
+0Bj3irK3KpVNrcLgc8KzylfMiAETMlRnEb28wSfqkegCR4Lrrsw3YjEAcVPC9Vtb
+/wQHc9wUGCt0OUv7EE7alB/cKnjTQzF6ZgTGTUhGv4CuL6XjhEzqiA0bAoGBAMJ8
+5V/wjaDkRDHRtaDI7xX2j4uPE7FoQYCSVtKOil3rmIrmgBCXTtWB8EQ9o3Ux6sOl
+lmA3sSF1ajyPu8e2+QhQF9wAF5mvN80aPj0KXKCv6Qx/H6Tjpg3eqVr6rucOyH58
+gKnuo1YISFcjcMkNEOZy6//7SkmAAN/p0Dgk6h71AoGAVKSC9jmY0EbOFDBJvA1w
+ZjHs331+ga1YQp7rWzPJ0n/KwGWuEZhEYIuZgH0Tq9XiOFYYLpfr3iqTQzCgmBpB
+Skl1IvP1uez53/+EFwQTVA4BFJIzVNHzopbB6yQwEbXCBl4+8SBNm7Lih7DHNvJi
+jWEdNBrZ7+9JxEDtCK4oa/kCgYBbaHwd9V97aQ2sJJYq9YV5WyLoQtzMmuV+Wkk4
+OQpLTjmpvuAd7B9/Nc0JJbc3k7h1L9RXcJVt1lOSFzP4j8TH5WzxV5HAB5xAZ78s
+zTvvwf3Ug8MJqn0XM7mBKyUdL9OHr1iBhcl62/W0DtIpjFyPEyBcdWza0rCWjLvy
+R1dKKQKBgQCKTLKYv0c1h2e5i4mNCGWhR83x+k1ChZZLwoEC9f65tjrbOG0UEHAn
+oz9N0m6jCQvnzvN8cHgFl8yoWmnOjEnsSDFQlIRvAXGzHd4ahMB+75WbLi31H2bv
+XvZyakeTVfoOVArNUwLSHozr0VIUjnRirLht939dlFj4FLih/igWFA==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..54fb36d
--- /dev/null
@@ -0,0 +1,34 @@
+connections {
+
+   home {
+      local_addrs  = fec0::10
+      remote_addrs = fec0::1
+
+      local {
+         auth = pubkey
+         certs = carolCert.pem
+         id = carol@strongswan.org
+      }
+      remote {
+         auth = pubkey
+         id = moon.strongswan.org
+      }
+      children {
+         home {
+            remote_ts = 0::0/0
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128-sha256-x25519
+         }
+      }
+      version = 2
+      proposals = aes128-sha256-x25519
+   }
+}
+
+authorities {
+   strongswan {
+      cacert = strongswanCert.pem
+      crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+   }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509/carolCert.pem
new file mode 100644 (file)
index 0000000..bf8a491
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEojCCA4qgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
+A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTE0MTIyNzA4NTEzMFoXDTE5
+MTIyMTA4NTEzMFowWTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
+Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3
+YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSlxt8LQf1wJ
+u1rDltyU0dEjEqA+TxWQYi+gMakDGmWmFec1XELjKv3kcYp2McydNPq63fw9XXbu
+a/jMtmEZdFc/dpWYvsyXfyL0OOhh50PlwN++e0xxcZS4NQ6wz57bHgARzMoCisNr
+xcN0F44S0Zyn8edHkE4XV4c0p+ojB6cw5LieSMGIBQjKGCd2a3eZYhTCs6hI0vhQ
+Q1jDLyOvSWo+raa/uDTBYXCVYdN3lbHCPiXPuMY1CwZkGcANd6vBK5YBNiZFquBj
+FhIk8SBUkoEkUQMx+pMk3hGmq5aZXGxm9rHN8Xim/AewWRcKJJKdlLAAHmZD0jx2
+g/E0LGu01wIDAQABo4IBcjCCAW4wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD
+VR0OBBYEFNs9CUs7SNJewkkfo1Bg7bcUEzPXMIGMBgNVHSMEgYQwgYGAFCF/p+s3
+0KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
+dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
+b25nc3dhbi5vcmcwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5zdHJvbmdz
+d2FuLm9yZy9zdHJvbmdzd2FuX3JmYzM3NzkuY3JsMEIGCCsGAQUFBwEHAQH/BDMw
+MTAUBAIAATAOAwUACgMAAQMFAMCoAGQwGQQCAAIwEwMRAP7AAAAAAAAAAAAAAAAA
+ABAwDQYJKoZIhvcNAQELBQADggEBAEYqXkheXXHiC5JnrZm5QUo11Vu4CtNRGeg0
+atuG8ZNHgQfa7wjjeCDNpj3lHvyegYsSMo7wGwN7DugH0mmXKZF9XHc4sU7/aUvl
+mX52tDuUoCGD0/yFuKLlYOfwmsquC9snYDW7cJXaqMON/OMLcU44OR8E1oiw2ePT
+FqyGFbfparp+Q8I7VHwJBs+mDphdNUlFbpuO9m2eEtqdYVyXlfUnbFpMMyWxxIY/
+6CIyWcRRKeWRRXxkk/dSeEWgsfWY7ITK9blP5nhIsgpCoEguGc6h4RL65VdH+Sy0
+9MLpesyGe6qkdrrg4nyaY82uuFXhUo0YiP0ddUw8eNaefFqEzL0=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem
new file mode 100644 (file)
index 0000000..8e872d8
--- /dev/null
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz
+Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz
+MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
+dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ
+Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr
+b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y
+GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF
+Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU
+EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB
+ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM
+BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3
+OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI
+KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK
+AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB
+ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm
+uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud
+rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS
+Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA
+MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX
+fN8iF5kHn7S+Nd9ZFlf3S1w=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.conf
deleted file mode 100644 (file)
index 8d275e2..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
-       cacert=strongswanCert.pem
-       certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
-       crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
-       auto=add
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-
-conn home
-       left=PH_IP6_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftfirewall=yes
-       right=PH_IP6_MOON
-       rightid=@moon.strongswan.org
-       rightsubnet=0::0/0
-       keyexchange=ikev2
-       auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 8e872d8..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz
-Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz
-MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
-dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ
-Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr
-b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y
-GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF
-Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU
-EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB
-ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM
-BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3
-OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI
-KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK
-AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB
-ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm
-uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud
-rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS
-Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA
-MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX
-fN8iF5kHn7S+Nd9ZFlf3S1w=
------END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/certs/daveCert.pem
deleted file mode 100644 (file)
index 88ce01e..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEoDCCA4igAwIBAgIBCDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
-A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTE0MTIyNzA4NTQ1N1oXDTE5
-MTIyMTA4NTQ1N1owWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
-Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dh
-bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpJKRQ2CEG39rO
-8nX7RpY+Ed5tyx+rkug3HrSInie+fgkDnLES2U1X3wvM2OczLp6L1ccROv+SzEW+
-OKfCZSz7T4GLwaRodi9KtHvfOCsbDx/vkFFwui2yt9rVUSpcbk1OiVQsA9R0G6vz
-eqFIL9GtrtHWQ+dkvWy61i2A+T1X2QfhVfzvj5msL3CuZU6fnwGYD4LZz8RUGlB4
-WkSFWCctfQfgK+lpfuzq6OFFkARzxZ55D0MzgAvXY6osS8gMdiSD50Zlik7qZVvn
-RO0j6TOg0WKinzguAokAyDCsaoqsOvi27QalfH48PUM+aUzHNCKnD6pswebHou3m
-mvG3rH+9AgMBAAGjggFxMIIBbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV
-HQ4EFgQUsBjPeVTm7TUTaXtmfv09yQS2mV8wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ
-owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
-eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT
-d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVgRNkYXZlQHN0cm9u
-Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
-bi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNybDBCBggrBgEFBQcBBwEB/wQzMDEw
-FAQCAAEwDgMFAAoDAAIDBQDAqADIMBkEAgACMBMDEQD+wAAAAAAAAAAAAAAAAAAg
-MA0GCSqGSIb3DQEBCwUAA4IBAQCNyAyUvqeCgWnPEMkfFFb1kBbd3me3aLRxXFb4
-TY44L6SBiFNy1s3UyFCLw1xXnSMgTpvZqHmB7fnzX7Aj6BNkPFIThEiHYN85ai4t
-U9bO2nqwXfIINFt2Qlokd0QWHzDsL/o9Mmqs38ymlfIbsgwh7gCZ2HhGlOb7+QNU
-IaDVIcKqBr07wX7qO/fEjKgFSkUT5eFNwQmyT3zUaE1PixK5w1hRxvs/KAsLgbfe
-5ofLD88rfxvkqLwhRNU8PUzqIpqxfV1P+wS/k78z0tG+JI8yeEkcksuj9UOzlTr2
-jWL1QoxUEinR3N4dTqsW4u/Jz7R4MHdO+l9RoYZpQA8LV8s3
------END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/ipsec.d/private/daveKey.pem
deleted file mode 100644 (file)
index f72970c..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA6SSkUNghBt/azvJ1+0aWPhHebcsfq5LoNx60iJ4nvn4JA5yx
-EtlNV98LzNjnMy6ei9XHETr/ksxFvjinwmUs+0+Bi8GkaHYvSrR73zgrGw8f75BR
-cLotsrfa1VEqXG5NTolULAPUdBur83qhSC/Rra7R1kPnZL1sutYtgPk9V9kH4VX8
-74+ZrC9wrmVOn58BmA+C2c/EVBpQeFpEhVgnLX0H4CvpaX7s6ujhRZAEc8WeeQ9D
-M4AL12OqLEvIDHYkg+dGZYpO6mVb50TtI+kzoNFiop84LgKJAMgwrGqKrDr4tu0G
-pXx+PD1DPmlMxzQipw+qbMHmx6Lt5prxt6x/vQIDAQABAoIBAB6pVf7X3cgUqqcq
-1f9c8idpnDIeU6Tx5h5RqHaLLjjsRG04L0WGVJio2dlv8UAW8nz7eXm3o6L/wHBa
-7R0wxzCp7SSfK+sdF+0gPWZG8cxWOeH8vekwYxAtA9eoHAUZ8IrSnsJHIqq+dOfJ
-iep/d3j7E9e1CHqEOwd7YXKj1MB3p0Ivhyx0k9GvlbAKRiJPGhbxD+hu86lRMsEt
-su6eG5JlvKyBAgNIcx29UITj5k8MbK2MeuCIZfry0yOaOsGkQkjAtyaiTIw8g2IQ
-AhuuCLqVYtkpMiIfryV74b+CtQMQoU0z2Z74SZ4hJWFlbeG4Vtzq1HeDf4y1S3mm
-B1Mx7CECgYEA9IKw6Fh7SBmJa5jPw7Uttvm2iDslsOR3nrPNOfMWwSK3i0j4OCIE
-kCqKnJJfj2JeBupfHrIJzJ2+otGauxQt3I65VOo0PwQBb90xIHAiXdsYoXadB6MC
-XUo0zKrDWC0EVyVwN+nyaCJVwsKm4XomHgSvitUSNA0dSTATfPXwQJkCgYEA9Bk1
-VN2KG6Bjcm2ISls+OOKgp2kG68ayG4ZXg+xt06+qsYq0+BwCrottQpXFpMVJbE/z
-/6U294PBqJ9Z7LATptMzWhTKyO0pGBHvy8LUz/3qBF7yJFN2s+QbmKf4RIhfSDNU
-CD2bPI17Kgj3sipEcbiwz9U6wpzp+IDnAfPdWsUCgYBl/5ri4f5TnmuIGhAZuRvf
-552wiNP5TeVkq+bh1LlaSiw9C2yYpgA3T7fRBvKcMtG8msqhWG3kEK305/FfN1TG
-XDeN58FxxC8BRkl3GbAMbRiCSqPJCsQyvID4HAgvYWAdJn4ApTQ9Io2aGG9bQgRi
-o1vDU40rb4kW/dozV7koiQKBgQDoQgwiweElREkbmejyhzr/OXQPlrmFIjxaQEuJ
-NS+TGjTaVda3tT9AAV5m2seCbk3ch37tIrDYdj+QSH9x3F/2fkMAVYRWBoLxai+2
-u51ugnVmz0irE9eAd21ipYBvBStUMbKlXKkWxrAIYRv+JIWXh1qFhqgwgMmHMG+d
-xgI62QKBgQC2WYhZvLGrJ5g9G8E9pqOAz0FlxBqbPXJDe9n4Il8huF/+i678covC
-dtbo1il8qcs0Lmm8M6vj78Meh+k4L0y7YAjUsaLpQ9rwNaZMHP+GyZWE5ygmtNhE
-DP13WKX5SEbDZbClEgX+gHRmywC5m6hDSx21iekhbTfnUm2FQTA83w==
------END RSA PRIVATE KEY-----
index 4fa0583..51aea1d 100644 (file)
@@ -1,6 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-charon {
-  hash_and_url = yes
-  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+
+  syslog {
+    daemon {
+      default = 1
+    }
+    auth {
+      default = 0
+    }
+  }
 }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/rsa/daveKey.pem
new file mode 100644 (file)
index 0000000..f72970c
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA6SSkUNghBt/azvJ1+0aWPhHebcsfq5LoNx60iJ4nvn4JA5yx
+EtlNV98LzNjnMy6ei9XHETr/ksxFvjinwmUs+0+Bi8GkaHYvSrR73zgrGw8f75BR
+cLotsrfa1VEqXG5NTolULAPUdBur83qhSC/Rra7R1kPnZL1sutYtgPk9V9kH4VX8
+74+ZrC9wrmVOn58BmA+C2c/EVBpQeFpEhVgnLX0H4CvpaX7s6ujhRZAEc8WeeQ9D
+M4AL12OqLEvIDHYkg+dGZYpO6mVb50TtI+kzoNFiop84LgKJAMgwrGqKrDr4tu0G
+pXx+PD1DPmlMxzQipw+qbMHmx6Lt5prxt6x/vQIDAQABAoIBAB6pVf7X3cgUqqcq
+1f9c8idpnDIeU6Tx5h5RqHaLLjjsRG04L0WGVJio2dlv8UAW8nz7eXm3o6L/wHBa
+7R0wxzCp7SSfK+sdF+0gPWZG8cxWOeH8vekwYxAtA9eoHAUZ8IrSnsJHIqq+dOfJ
+iep/d3j7E9e1CHqEOwd7YXKj1MB3p0Ivhyx0k9GvlbAKRiJPGhbxD+hu86lRMsEt
+su6eG5JlvKyBAgNIcx29UITj5k8MbK2MeuCIZfry0yOaOsGkQkjAtyaiTIw8g2IQ
+AhuuCLqVYtkpMiIfryV74b+CtQMQoU0z2Z74SZ4hJWFlbeG4Vtzq1HeDf4y1S3mm
+B1Mx7CECgYEA9IKw6Fh7SBmJa5jPw7Uttvm2iDslsOR3nrPNOfMWwSK3i0j4OCIE
+kCqKnJJfj2JeBupfHrIJzJ2+otGauxQt3I65VOo0PwQBb90xIHAiXdsYoXadB6MC
+XUo0zKrDWC0EVyVwN+nyaCJVwsKm4XomHgSvitUSNA0dSTATfPXwQJkCgYEA9Bk1
+VN2KG6Bjcm2ISls+OOKgp2kG68ayG4ZXg+xt06+qsYq0+BwCrottQpXFpMVJbE/z
+/6U294PBqJ9Z7LATptMzWhTKyO0pGBHvy8LUz/3qBF7yJFN2s+QbmKf4RIhfSDNU
+CD2bPI17Kgj3sipEcbiwz9U6wpzp+IDnAfPdWsUCgYBl/5ri4f5TnmuIGhAZuRvf
+552wiNP5TeVkq+bh1LlaSiw9C2yYpgA3T7fRBvKcMtG8msqhWG3kEK305/FfN1TG
+XDeN58FxxC8BRkl3GbAMbRiCSqPJCsQyvID4HAgvYWAdJn4ApTQ9Io2aGG9bQgRi
+o1vDU40rb4kW/dozV7koiQKBgQDoQgwiweElREkbmejyhzr/OXQPlrmFIjxaQEuJ
+NS+TGjTaVda3tT9AAV5m2seCbk3ch37tIrDYdj+QSH9x3F/2fkMAVYRWBoLxai+2
+u51ugnVmz0irE9eAd21ipYBvBStUMbKlXKkWxrAIYRv+JIWXh1qFhqgwgMmHMG+d
+xgI62QKBgQC2WYhZvLGrJ5g9G8E9pqOAz0FlxBqbPXJDe9n4Il8huF/+i678covC
+dtbo1il8qcs0Lmm8M6vj78Meh+k4L0y7YAjUsaLpQ9rwNaZMHP+GyZWE5ygmtNhE
+DP13WKX5SEbDZbClEgX+gHRmywC5m6hDSx21iekhbTfnUm2FQTA83w==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..098ba6d
--- /dev/null
@@ -0,0 +1,34 @@
+connections {
+
+   home {
+      local_addrs  = fec0::20
+      remote_addrs = fec0::1
+
+      local {
+         auth = pubkey
+         certs = daveCert.pem
+         id = dave@strongswan.org
+      }
+      remote {
+         auth = pubkey
+         id = moon.strongswan.org
+      }
+      children {
+         home {
+            remote_ts = 0::0/0
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128-sha256-x25519
+         }
+      }
+      version = 2
+      proposals = aes128-sha256-x25519
+   }
+}
+
+authorities {
+   strongswan {
+      cacert = strongswanCert.pem
+      crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+   }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509/daveCert.pem
new file mode 100644 (file)
index 0000000..88ce01e
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIBCDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
+A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTE0MTIyNzA4NTQ1N1oXDTE5
+MTIyMTA4NTQ1N1owWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
+Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dh
+bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpJKRQ2CEG39rO
+8nX7RpY+Ed5tyx+rkug3HrSInie+fgkDnLES2U1X3wvM2OczLp6L1ccROv+SzEW+
+OKfCZSz7T4GLwaRodi9KtHvfOCsbDx/vkFFwui2yt9rVUSpcbk1OiVQsA9R0G6vz
+eqFIL9GtrtHWQ+dkvWy61i2A+T1X2QfhVfzvj5msL3CuZU6fnwGYD4LZz8RUGlB4
+WkSFWCctfQfgK+lpfuzq6OFFkARzxZ55D0MzgAvXY6osS8gMdiSD50Zlik7qZVvn
+RO0j6TOg0WKinzguAokAyDCsaoqsOvi27QalfH48PUM+aUzHNCKnD6pswebHou3m
+mvG3rH+9AgMBAAGjggFxMIIBbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV
+HQ4EFgQUsBjPeVTm7TUTaXtmfv09yQS2mV8wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ
+owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT
+d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVgRNkYXZlQHN0cm9u
+Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
+bi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNybDBCBggrBgEFBQcBBwEB/wQzMDEw
+FAQCAAEwDgMFAAoDAAIDBQDAqADIMBkEAgACMBMDEQD+wAAAAAAAAAAAAAAAAAAg
+MA0GCSqGSIb3DQEBCwUAA4IBAQCNyAyUvqeCgWnPEMkfFFb1kBbd3me3aLRxXFb4
+TY44L6SBiFNy1s3UyFCLw1xXnSMgTpvZqHmB7fnzX7Aj6BNkPFIThEiHYN85ai4t
+U9bO2nqwXfIINFt2Qlokd0QWHzDsL/o9Mmqs38ymlfIbsgwh7gCZ2HhGlOb7+QNU
+IaDVIcKqBr07wX7qO/fEjKgFSkUT5eFNwQmyT3zUaE1PixK5w1hRxvs/KAsLgbfe
+5ofLD88rfxvkqLwhRNU8PUzqIpqxfV1P+wS/k78z0tG+JI8yeEkcksuj9UOzlTr2
+jWL1QoxUEinR3N4dTqsW4u/Jz7R4MHdO+l9RoYZpQA8LV8s3
+-----END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem
new file mode 100644 (file)
index 0000000..8e872d8
--- /dev/null
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz
+Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz
+MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
+dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ
+Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr
+b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y
+GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF
+Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU
+EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB
+ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM
+BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3
+OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI
+KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK
+AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB
+ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm
+uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud
+rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS
+Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA
+MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX
+fN8iF5kHn7S+Nd9ZFlf3S1w=
+-----END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index 2363023..0000000
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-ca strongswan
-       cacert=strongswanCert.pem
-       certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
-       crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
-       auto=add
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-
-conn rw
-       left=PH_IP6_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=fec1::/16
-       leftfirewall=yes
-       right=%any
-       keyexchange=ikev2
-       auto=add
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644 (file)
index 8e872d8..0000000
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz
-Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz
-MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
-dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
-U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ
-Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr
-b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y
-GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF
-Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU
-EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB
-ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM
-BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG
-EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3
-OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI
-KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK
-AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB
-ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm
-uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud
-rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS
-Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA
-MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX
-fN8iF5kHn7S+Nd9ZFlf3S1w=
------END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/certs/moonCert.pem
deleted file mode 100644 (file)
index 124e2ae..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEuDCCA6CgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
-A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTE0MTIyNzA2NDU0MloXDTE5
-MTIyMTA2NDU0MlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
-Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dh
-bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYeHiAGNal9DT6
-GgCewdXa4Nf/46YgbhZNmSpi/zH+XmA7JLS6eoVt5vJ/LJEHSzkRoEetptAILenu
-uakByawEoPZgkCYZgJB9opGEOoWIwTitaF0ZVV8diNQtnl+rkvwPpxWybvIwOwRA
-PUIenoQPkVhfd/ALaRl88pG0rcAW0MMSCNuQwELwSIK2rQALs94Qm5yM0bZ+dqV2
-jnSISit5doRZ4vIYghJPKPqFKb1zUw1siCDPev43S+xqwTjhJ0zncq/QigySyivd
-D8qs8KMkan+XNx9XSjW14YWp27RVpIeANlikiHh0/St0lBsR+P9sDp+Yvr+U95EK
-KOgrqac3AgMBAAGjggGJMIIBhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV
-HQ4EFgQUQcvdnqQfLJx2utB9szVLhZCmp84wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ
-owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
-eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT
-d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVghNtb29uLnN0cm9u
-Z3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKG
-MGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNy
-bDBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMDAAoBAwUAwKgAATAeBAIAAjAY
-AxEA/sAAAAAAAAAAAAAAAAAAAQMDAP7BMA0GCSqGSIb3DQEBCwUAA4IBAQAi0XQL
-aEHg8aXBiXSTHuvxDieJB3Q83kpXOry16Ij5PKx9cdM2Gtmxz8YkwPEgq0r7vWNo
-830A4CnOJszQyIpY7CIygPj1wy3kFGGPkL7R4p00qSKpCEg8Fq85R4LmiyXIEZ+5
-lUtan7xka4ySMKKocm2rbXHyHXjis8AzU7NZN5QpEMkGLTaQPwHad4FUBFOolNE2
-NLoQ3xp9NPTyqfy1CkCHcyG18yRPciU4m8Cubyb+zBHyBADm9Q0P3++vznsU8LrR
-pzjRqS0e+FD2bzdXH/2g7Ge8+b6xzWRVMxZ8e2f5O9jQUY6q4SicuAX8SM/bgDPu
-Mc/lk4Nl8pHRO+Xm
------END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/ipsec.d/private/moonKey.pem
deleted file mode 100644 (file)
index 11607c8..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA2Hh4gBjWpfQ0+hoAnsHV2uDX/+OmIG4WTZkqYv8x/l5gOyS0
-unqFbebyfyyRB0s5EaBHrabQCC3p7rmpAcmsBKD2YJAmGYCQfaKRhDqFiME4rWhd
-GVVfHYjULZ5fq5L8D6cVsm7yMDsEQD1CHp6ED5FYX3fwC2kZfPKRtK3AFtDDEgjb
-kMBC8EiCtq0AC7PeEJucjNG2fnaldo50iEoreXaEWeLyGIISTyj6hSm9c1MNbIgg
-z3r+N0vsasE44SdM53Kv0IoMksor3Q/KrPCjJGp/lzcfV0o1teGFqdu0VaSHgDZY
-pIh4dP0rdJQbEfj/bA6fmL6/lPeRCijoK6mnNwIDAQABAoIBAAutG9rU/CcBcCYZ
-ZvUpQW7H9/6uedR/+6X94AJs/3ZYAtrN1Q3F9BKEhYoEjmIVVaO0wIkGWWxHhbnB
-u/MDvMqXIBL/U37Gp4SPU0gNnAxPV85KtdLa/wFp0wAO7dwkVoJFoe74+wlM9aK9
-ayaZqEfqsBieMI19Asnxj5huUtEoIiU9ekz6HLeALwy6OxJLrempDugDe2icaWSt
-pLIU3ZXmzVbOFLNtq+KMpanQzamAvSTUq5Wmuz+C6nTEv+JjGWFblX8pM2ACA6cV
-VouefUFfKpMXjHTlsvw0JiDzLeYRxRZZMxnTxzbnoigZfW6ZDxP2w9KRv/7LuSj/
-ktqfVKkCgYEA8qlkPka0cfIKcjloe6oNEMt0dX6V+5LmS59DRnnhu+6FuIVncS7/
-intBGag603wJvGlA7HuUAZbcr4ilDIe1cUm0d8rftjvw0uOBU/gfNVmxhpFzs8Ku
-4Fry6lKow1ecqFQ1i4VZi2qQJVv3m6tRojMTh6xVA9/FLD9iiu3V2dMCgYEA5F6I
-HV1sqY2Q8aU48dch+I1ItrqiURwY7qejuIprpXBoRQPQV3OoYgJcKtdlSKrbDGQd
-iJmL0aoy/ONThrfOtygQtth/f79ktKZZHja8Ew+0/lzfxMSb69kl6Rxx9OKJILPE
-caezhYFGozEKwLddcrqxrSd3Fvz78CVRRiAx2o0CgYEA4g0wh98f24Hpf0zBa2oX
-b8zIOWfp2giXply/tBh4U7S4NxN3MHXisaNuGrOf0UEcZLr8MxBP6UcbYB3/+vM0
-8EsD5hBEZKPkDODIqmtazz015jD7QrsaY3/2CJlmA0tLcXe4xbc8mmZzz4mj2Q04
-J8xC5kGAlPJQ4I5PgzJZ4+cCgYAHyqHiPpnCfy3+0KBMwAZMsKVWdq+rDMZc/iM7
-3J0nm9oy4JpvIWcRUPtMCuVNwWaP2aqYSoTWtnPe5PKomgTXgupvEpvnA+SvtS09
-NqjcDaEjPI/16q9XMKV2ep34uPHsx7VgG1SorWx3jOjNAnSRwYTmX35UrnT6EIvh
-VJ/e0QKBgCgI41QtJ4ShFxpSdxzy3Gfz/EFTUGIjtmXQe/7GixxoXJkpGXCGhToU
-KVF+HUEYKOQ1vX9SNUyY+1LyqO3vj+QzuJ0q4GrtEY7vxDH817QvJLecj5i22Hof
-50MqUdow2BnOSFuJvWhR1DdodRX3vh1awod/CoIufnfEI4MuMO6H
------END RSA PRIVATE KEY-----
index 4fa0583..51aea1d 100644 (file)
@@ -1,6 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-charon {
-  hash_and_url = yes
-  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac stroke kernel-netlink socket-default updown
+swanctl {
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+
+  syslog {
+    daemon {
+      default = 1
+    }
+    auth {
+      default = 0
+    }
+  }
 }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/rsa/moonKey.pem
new file mode 100644 (file)
index 0000000..11607c8
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA2Hh4gBjWpfQ0+hoAnsHV2uDX/+OmIG4WTZkqYv8x/l5gOyS0
+unqFbebyfyyRB0s5EaBHrabQCC3p7rmpAcmsBKD2YJAmGYCQfaKRhDqFiME4rWhd
+GVVfHYjULZ5fq5L8D6cVsm7yMDsEQD1CHp6ED5FYX3fwC2kZfPKRtK3AFtDDEgjb
+kMBC8EiCtq0AC7PeEJucjNG2fnaldo50iEoreXaEWeLyGIISTyj6hSm9c1MNbIgg
+z3r+N0vsasE44SdM53Kv0IoMksor3Q/KrPCjJGp/lzcfV0o1teGFqdu0VaSHgDZY
+pIh4dP0rdJQbEfj/bA6fmL6/lPeRCijoK6mnNwIDAQABAoIBAAutG9rU/CcBcCYZ
+ZvUpQW7H9/6uedR/+6X94AJs/3ZYAtrN1Q3F9BKEhYoEjmIVVaO0wIkGWWxHhbnB
+u/MDvMqXIBL/U37Gp4SPU0gNnAxPV85KtdLa/wFp0wAO7dwkVoJFoe74+wlM9aK9
+ayaZqEfqsBieMI19Asnxj5huUtEoIiU9ekz6HLeALwy6OxJLrempDugDe2icaWSt
+pLIU3ZXmzVbOFLNtq+KMpanQzamAvSTUq5Wmuz+C6nTEv+JjGWFblX8pM2ACA6cV
+VouefUFfKpMXjHTlsvw0JiDzLeYRxRZZMxnTxzbnoigZfW6ZDxP2w9KRv/7LuSj/
+ktqfVKkCgYEA8qlkPka0cfIKcjloe6oNEMt0dX6V+5LmS59DRnnhu+6FuIVncS7/
+intBGag603wJvGlA7HuUAZbcr4ilDIe1cUm0d8rftjvw0uOBU/gfNVmxhpFzs8Ku
+4Fry6lKow1ecqFQ1i4VZi2qQJVv3m6tRojMTh6xVA9/FLD9iiu3V2dMCgYEA5F6I
+HV1sqY2Q8aU48dch+I1ItrqiURwY7qejuIprpXBoRQPQV3OoYgJcKtdlSKrbDGQd
+iJmL0aoy/ONThrfOtygQtth/f79ktKZZHja8Ew+0/lzfxMSb69kl6Rxx9OKJILPE
+caezhYFGozEKwLddcrqxrSd3Fvz78CVRRiAx2o0CgYEA4g0wh98f24Hpf0zBa2oX
+b8zIOWfp2giXply/tBh4U7S4NxN3MHXisaNuGrOf0UEcZLr8MxBP6UcbYB3/+vM0
+8EsD5hBEZKPkDODIqmtazz015jD7QrsaY3/2CJlmA0tLcXe4xbc8mmZzz4mj2Q04
+J8xC5kGAlPJQ4I5PgzJZ4+cCgYAHyqHiPpnCfy3+0KBMwAZMsKVWdq+rDMZc/iM7
+3J0nm9oy4JpvIWcRUPtMCuVNwWaP2aqYSoTWtnPe5PKomgTXgupvEpvnA+SvtS09
+NqjcDaEjPI/16q9XMKV2ep34uPHsx7VgG1SorWx3jOjNAnSRwYTmX35UrnT6EIvh
+VJ/e0QKBgCgI41QtJ4ShFxpSdxzy3Gfz/EFTUGIjtmXQe/7GixxoXJkpGXCGhToU
+KVF+HUEYKOQ1vX9SNUyY+1LyqO3vj+QzuJ0q4GrtEY7vxDH817QvJLecj5i22Hof
+50MqUdow2BnOSFuJvWhR1DdodRX3vh1awod/CoIufnfEI4MuMO6H
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755 (executable)
index 0000000..4edc8cd
--- /dev/null
@@ -0,0 +1,32 @@
+connections {
+
+   rw {
+      local_addrs  = fec0::1
+
+      local {
+         auth = pubkey
+         certs = moonCert.pem
+         id = moon.strongswan.org
+      }
+      remote {
+         auth = pubkey
+      }
+      children {
+         net {
+            local_ts  = fec1::0/16
+
+            updown = /usr/local/libexec/ipsec/_updown iptables
+            esp_proposals = aes128-sha256-x25519
+         }
+      }
+      version = 2
+      proposals = aes128-sha256-x25519
+   }
+}
+
+authorities {
+   strongswan {
+      cacert = strongswanCert.pem
+      crl_uris = http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
+   }
+}
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509/moonCert.pem
new file mode 100644 (file)
index 0000000..124e2ae
--- /dev/null
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEuDCCA6CgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
+A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTE0MTIyNzA2NDU0MloXDTE5
+MTIyMTA2NDU0MlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
+Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dh
+bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYeHiAGNal9DT6
+GgCewdXa4Nf/46YgbhZNmSpi/zH+XmA7JLS6eoVt5vJ/LJEHSzkRoEetptAILenu
+uakByawEoPZgkCYZgJB9opGEOoWIwTitaF0ZVV8diNQtnl+rkvwPpxWybvIwOwRA
+PUIenoQPkVhfd/ALaRl88pG0rcAW0MMSCNuQwELwSIK2rQALs94Qm5yM0bZ+dqV2
+jnSISit5doRZ4vIYghJPKPqFKb1zUw1siCDPev43S+xqwTjhJ0zncq/QigySyivd
+D8qs8KMkan+XNx9XSjW14YWp27RVpIeANlikiHh0/St0lBsR+P9sDp+Yvr+U95EK
+KOgrqac3AgMBAAGjggGJMIIBhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV
+HQ4EFgQUQcvdnqQfLJx2utB9szVLhZCmp84wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ
+owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT
+d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVghNtb29uLnN0cm9u
+Z3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKG
+MGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNy
+bDBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMDAAoBAwUAwKgAATAeBAIAAjAY
+AxEA/sAAAAAAAAAAAAAAAAAAAQMDAP7BMA0GCSqGSIb3DQEBCwUAA4IBAQAi0XQL
+aEHg8aXBiXSTHuvxDieJB3Q83kpXOry16Ij5PKx9cdM2Gtmxz8YkwPEgq0r7vWNo
+830A4CnOJszQyIpY7CIygPj1wy3kFGGPkL7R4p00qSKpCEg8Fq85R4LmiyXIEZ+5
+lUtan7xka4ySMKKocm2rbXHyHXjis8AzU7NZN5QpEMkGLTaQPwHad4FUBFOolNE2
+NLoQ3xp9NPTyqfy1CkCHcyG18yRPciU4m8Cubyb+zBHyBADm9Q0P3++vznsU8LrR
+pzjRqS0e+FD2bzdXH/2g7Ge8+b6xzWRVMxZ8e2f5O9jQUY6q4SicuAX8SM/bgDPu
+Mc/lk4Nl8pHRO+Xm
+-----END CERTIFICATE-----
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
new file mode 100644 (file)
index 0000000..8e872d8
--- /dev/null
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz
+Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz
+MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
+dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ
+Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr
+b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y
+GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF
+Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU
+EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB
+ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM
+BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3
+OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI
+KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK
+AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB
+ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm
+uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud
+rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS
+Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA
+MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX
+fN8iF5kHn7S+Nd9ZFlf3S1w=
+-----END CERTIFICATE-----
index 4e59395..59495fc 100644 (file)
@@ -1,6 +1,6 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
+moon::systemctl stop strongswan-swanctl
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
index f60be38..a8c8a70 100644 (file)
@@ -7,11 +7,11 @@ dave::ip6tables-restore < /etc/ip6tables.rules
 alice::"ip route add fec0:\:/16 via fec1:\:1"
 carol::"ip route add fec1:\:/16 via fec0:\:1"
 dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 dave::expect-connection home
-carol::ipsec up home
-dave::ipsec up home
+carol::swanctl --initiate --child home
+dave::swanctl --initiate --child home
index 69b0757..0f02a1a 100644 (file)
@@ -23,3 +23,7 @@ IPSECHOSTS="moon carol dave"
 # IP protocol used by IPsec is IPv6
 #
 IPV6=1
+
+# charon controlled by swanctl
+#
+SWANCTL=1