merged xauth-id-rsa and xauth-rsa-config scenarios
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 28 Jun 2012 12:23:47 +0000 (14:23 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 28 Jun 2012 12:23:47 +0000 (14:23 +0200)
42 files changed:
testing/tests/ikev1/xauth-id-rsa-config/description.txt [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.secrets [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/posttest.dat [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/pretest.dat [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa-config/test.conf [new file with mode: 0644]
testing/tests/ikev1/xauth-id-rsa/description.txt [deleted file]
testing/tests/ikev1/xauth-id-rsa/evaltest.dat [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev1/xauth-id-rsa/posttest.dat [deleted file]
testing/tests/ikev1/xauth-id-rsa/pretest.dat [deleted file]
testing/tests/ikev1/xauth-id-rsa/test.conf [deleted file]
testing/tests/ikev1/xauth-rsa-config/description.txt [deleted file]
testing/tests/ikev1/xauth-rsa-config/evaltest.dat [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets [deleted file]
testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf [deleted file]
testing/tests/ikev1/xauth-rsa-config/posttest.dat [deleted file]
testing/tests/ikev1/xauth-rsa-config/pretest.dat [deleted file]
testing/tests/ikev1/xauth-rsa-config/test.conf [deleted file]

diff --git a/testing/tests/ikev1/xauth-id-rsa-config/description.txt b/testing/tests/ikev1/xauth-id-rsa-config/description.txt
new file mode 100644 (file)
index 0000000..feb154d
--- /dev/null
@@ -0,0 +1,12 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
+followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
+based on user names defined by the <b>xauth_identity</b> parameter (<b>carol</b> and <b>dave</b>,
+respectively) and corresponding user passwords defined and stored in ipsec.secrets.
+Next both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config
+protocol by using the <b>leftsourceip=%config</b> parameter.
+<p>
+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
+inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
+<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat
new file mode 100644 (file)
index 0000000..198dd37
--- /dev/null
@@ -0,0 +1,20 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..ddb0432
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_CAROL
+       leftsourceip=%config
+       leftcert=carolCert.pem
+       leftid=carol@strongswan.org
+       leftauth=pubkey
+       leftauth2=xauth
+       leftfirewall=yes
+       xauth_identity=carol
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       rightauth=pubkey
+       auto=add
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..29492b5
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..69950dc
--- /dev/null
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+
+conn home
+       left=PH_IP_DAVE
+       leftsourceip=%config
+       leftcert=daveCert.pem
+       leftid=dave@strongswan.org
+       leftauth=pubkey
+       leftauth2=xauth
+       leftfirewall=yes
+       xauth_identity=dave
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       rightauth=pubkey
+       auto=add
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..8cf7db5
--- /dev/null
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA daveKey.pem
+
+dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.conf
new file mode 100644 (file)
index 0000000..d9fcc27
--- /dev/null
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev1
+       left=PH_IP_MOON
+       leftcert=moonCert.pem
+       leftid=@moon.strongswan.org
+       leftsubnet=10.1.0.0/16
+       leftauth=pubkey
+       leftfirewall=yes
+       right=%any
+       rightauth=pubkey
+       rightauth2=xauth
+       auto=add
+
+conn rw-carol
+       rightid=carol@strongswan.org
+       rightsourceip=PH_IP_CAROL1
+
+conn rw-dave
+       rightid=dave@strongswan.org
+       rightsourceip=PH_IP_DAVE1
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/ipsec.secrets
new file mode 100644 (file)
index 0000000..fef5021
--- /dev/null
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+carol : XAUTH "4iChxLT3"
+
+dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..5cd9bf1
--- /dev/null
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/posttest.dat b/testing/tests/ikev1/xauth-id-rsa-config/posttest.dat
new file mode 100644 (file)
index 0000000..7cebd7f
--- /dev/null
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat b/testing/tests/ikev1/xauth-id-rsa-config/pretest.dat
new file mode 100644 (file)
index 0000000..78e2d57
--- /dev/null
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 2
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/xauth-id-rsa-config/test.conf b/testing/tests/ikev1/xauth-id-rsa-config/test.conf
new file mode 100644 (file)
index 0000000..7041682
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/xauth-id-rsa/description.txt b/testing/tests/ikev1/xauth-id-rsa/description.txt
deleted file mode 100644 (file)
index 9483c8f..0000000
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
-The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
-followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
-based on user names defined by the <b>xauth_identity</b> parameter (<b>carol</b> and <b>dave</b>,
-respectively) and corresponding user passwords defined and stored in ipsec.secrets.
-<p>
-Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
-<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/xauth-id-rsa/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa/evaltest.dat
deleted file mode 100644 (file)
index 5b021a0..0000000
+++ /dev/null
@@ -1,16 +0,0 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
-moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
-moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf
deleted file mode 100644 (file)
index 6e06e54..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-
-conn home
-       left=PH_IP_CAROL
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftauth=pubkey
-       leftauth2=xauth
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       rightauth=pubkey
-       xauth_identity=carol
-       auto=add
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 29492b5..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
-
-carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 5cd9bf1..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-}
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf
deleted file mode 100644 (file)
index 9c4d0f4..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-
-conn home
-       left=PH_IP_DAVE
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftauth=pubkey
-       leftauth2=xauth
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       rightauth=pubkey
-       xauth_identity=dave
-       auto=add
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 8cf7db5..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA daveKey.pem
-
-dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 5cd9bf1..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-}
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index 3c69449..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-
-conn rw
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftauth=pubkey
-       leftfirewall=yes
-       right=%any
-       rightauth=pubkey
-       rightauth2=xauth
-       auto=add
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index fef5021..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol : XAUTH "4iChxLT3"
-
-dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 5cd9bf1..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-}
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-rsa/posttest.dat b/testing/tests/ikev1/xauth-id-rsa/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/xauth-id-rsa/pretest.dat b/testing/tests/ikev1/xauth-id-rsa/pretest.dat
deleted file mode 100644 (file)
index 78e2d57..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 2
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/ikev1/xauth-id-rsa/test.conf b/testing/tests/ikev1/xauth-id-rsa/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/xauth-rsa-config/description.txt b/testing/tests/ikev1/xauth-rsa-config/description.txt
deleted file mode 100644 (file)
index 1ada58f..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
-The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
-followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
-based on user names and passwords. Next both <b>carol</b> and <b>dave</b> request a
-<b>virtual IP</b> via the IKE Mode Config protocol by using the
-<b>leftsourceip=%config</b> parameter.
-<p>
-Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
-<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/xauth-rsa-config/evaltest.dat b/testing/tests/ikev1/xauth-rsa-config/evaltest.dat
deleted file mode 100644 (file)
index e3b4ede..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
-dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
-moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
-carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
-moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
-moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
-moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
-moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES
-moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES
-carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
-dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf
deleted file mode 100644 (file)
index 0eab240..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-
-conn home
-       left=PH_IP_CAROL
-       leftsourceip=%config
-       leftcert=carolCert.pem
-       leftid=carol@strongswan.org
-       leftauth=pubkey
-       leftauth2=xauth
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       rightauth=pubkey
-       auto=add
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
deleted file mode 100644 (file)
index 4a77c3b..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
-
-carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf
deleted file mode 100644 (file)
index 5cd9bf1..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-}
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf
deleted file mode 100644 (file)
index 8c6de9a..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-
-conn home
-       left=PH_IP_DAVE
-       leftsourceip=%config
-       leftcert=daveCert.pem
-       leftid=dave@strongswan.org
-       leftauth=pubkey
-       leftauth2=xauth
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       rightauth=pubkey
-       auto=add
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
deleted file mode 100644 (file)
index 1c0248b..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA daveKey.pem
-
-dave@strongswan.org : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf
deleted file mode 100644 (file)
index 5cd9bf1..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-}
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index d9fcc27..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev1
-       left=PH_IP_MOON
-       leftcert=moonCert.pem
-       leftid=@moon.strongswan.org
-       leftsubnet=10.1.0.0/16
-       leftauth=pubkey
-       leftfirewall=yes
-       right=%any
-       rightauth=pubkey
-       rightauth2=xauth
-       auto=add
-
-conn rw-carol
-       rightid=carol@strongswan.org
-       rightsourceip=PH_IP_CAROL1
-
-conn rw-dave
-       rightid=dave@strongswan.org
-       rightsourceip=PH_IP_DAVE1
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
deleted file mode 100644 (file)
index 1ba6697..0000000
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : XAUTH "4iChxLT3"
-
-dave@strongswan.org  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf
deleted file mode 100644 (file)
index 5cd9bf1..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
-}
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-config/posttest.dat b/testing/tests/ikev1/xauth-rsa-config/posttest.dat
deleted file mode 100644 (file)
index 7cebd7f..0000000
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/xauth-rsa-config/pretest.dat b/testing/tests/ikev1/xauth-rsa-config/pretest.dat
deleted file mode 100644 (file)
index 78e2d57..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 2
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/ikev1/xauth-rsa-config/test.conf b/testing/tests/ikev1/xauth-rsa-config/test.conf
deleted file mode 100644 (file)
index 7041682..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"