int skt;
interface_t *interface;
- if (current->sin_family != AF_INET)
+ if (current->sin_family != AF_INET && current->sin_family != AF_INET6)
{
- /* ignore all but AF_INET interfaces */
+ /* ignore all but IPv4 and IPv6 interfaces */
continue;
}
}
/* set up interface socket */
- skt = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
+ skt = socket(current->sin_family, SOCK_RAW, IPPROTO_UDP);
if (socket < 0)
{
this->logger->log(this->logger, ERROR, "unable to open interface socket!");
continue;
}
current->sin_port = htons(port);
- current->sin_family = AF_INET;
+
if (bind(skt, (struct sockaddr*)current, sizeof(struct sockaddr_in)) < 0)
{
this->logger->log(this->logger, ERROR, "unable to bind interface socket!");
#include "args.h"
#include "interfaces.h"
+/* strings containing a colon are interpreted as an IPv6 address */
+#define ip_version(string) (strchr(string, ':') != NULL)? AF_INET6 : AF_INET;
+
static const char ike_defaults[] = "3des-sha, 3des-md5";
static const char esp_defaults[] = "3des-sha1, 3des-md5";
static const char firewall_defaults[] = "ipsec _updown iptables";
-static void
-default_values(starter_config_t *cfg)
+static void default_values(starter_config_t *cfg)
{
if (cfg == NULL)
return;
goto err;
}
}
- else if (streq(value,"%any"))
+ else if (streq(value, "%any"))
{
anyaddr(conn->addr_family, &end->addr);
}
- else if (value[0] == '%')
+ else if (streq(value, "%any6"))
{
- if (end->iface)
- pfree(end->iface);
- end->iface = clone_str(value+1, "iface");
- if (starter_iface_find(end->iface, conn->addr_family, &end->addr, &end->nexthop) == -1)
- {
- conn->state = STATE_INVALID;
- }
+ conn->addr_family = AF_INET6;
+ anyaddr(conn->addr_family, &end->addr);
}
else
{
+ conn->addr_family = ip_version(value);
ugh = ttoaddr(value, 0, conn->addr_family, &end->addr);
if (ugh != NULL)
{
}
}
else if (streq(value, "%direct"))
+ {
ugh = anyaddr(conn->addr_family, &end->nexthop);
+ }
else
+ {
+ conn->addr_family = ip_version(value);
ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop);
-
+ }
if (ugh != NULL)
{
plog("# bad addr: %s=%s [%s]", name, value, ugh);
else
{
end->has_client = TRUE;
+ conn->tunnel_addr_family = ip_version(value);
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
if (ugh != NULL)
{
case KW_SUBNETWITHIN:
end->has_client = TRUE;
end->has_client_wildcard = TRUE;
+ conn->tunnel_addr_family = ip_version(value);
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
break;
case KW_PROTOPORT:
}
else
{
- ugh = ttoaddr(value, 0, conn->addr_family, &end->srcip);
+ conn->tunnel_addr_family = ip_version(value);
+ ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip);
if (ugh != NULL)
{
plog("# bad addr: %s=%s [%s]", name, value, ugh);
w->host_addr = end->addr;
w->host_nexthop = end->nexthop;
w->host_srcip = end->srcip;
+ w->has_client = end->has_client;
- if (end->has_client)
- w->client = end->subnet;
+ if (w->has_client)
+ w->client = end->subnet;
else
- w->client.addr.u.v4.sin_family = AF_INET;
+ w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr);
- w->has_client = end->has_client;
w->has_client_wildcard = end->has_client_wildcard;
w->has_port_wildcard = end->has_port_wildcard;
w->has_srcip = end->has_srcip;
for host in $STRONGSWANHOSTS
do
- eval ip_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
+ eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
+ eval ipv6_${host}="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
case $host in
moon)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- searchandreplace PH_IP_MOON $ip_moon $TESTSDIR
- searchandreplace PH_IP1_MOON $ip1_moon $TESTSDIR
+ eval ipv4_moon1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP_MOON1 $ipv4_moon1 $TESTSDIR
+ searchandreplace PH_IP_MOON $ipv4_moon $TESTSDIR
+ eval ipv6_moon1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_MOON1 $ipv6_moon1 $TESTSDIR
+ searchandreplace PH_IP6_MOON $ipv6_moon $TESTSDIR
;;
sun)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- searchandreplace PH_IP_SUN $ip_sun $TESTSDIR
- searchandreplace PH_IP1_SUN $ip1_sun $TESTSDIR
+ eval ipv4_sun1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP_SUN1 $ipv4_sun1 $TESTSDIR
+ searchandreplace PH_IP_SUN $ipv4_sun $TESTSDIR
+ eval ipv6_sun1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_SUN1 $ipv6_sun1 $TESTSDIR
+ searchandreplace PH_IP6_SUN $ipv6_sun $TESTSDIR
;;
alice)
- searchandreplace PH_IP_ALICE $ip_alice $TESTSDIR
+ searchandreplace PH_IP_ALICE $ipv4_alice $TESTSDIR
+ searchandreplace PH_IP6_ALICE $ipv6_alice $TESTSDIR
;;
venus)
- searchandreplace PH_IP_VENUS $ip_venus $TESTSDIR
+ searchandreplace PH_IP_VENUS $ipv4_venus $TESTSDIR
+ searchandreplace PH_IP6_VENUS $ipv6_venus $TESTSDIR
;;
bob)
- searchandreplace PH_IP_BOB $ip_bob $TESTSDIR
+ searchandreplace PH_IP_BOB $ipv4_bob $TESTSDIR
+ searchandreplace PH_IPV6_BOB $ipv6_bob $TESTSDIR
;;
carol)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- searchandreplace PH_IP_CAROL $ip_carol $TESTSDIR
- searchandreplace PH_IP1_CAROL $ip1_carol $TESTSDIR
+ eval ipv4_carol1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP_CAROL1 $ipv4_carol1 $TESTSDIR
+ searchandreplace PH_IP_CAROL $ipv4_carol $TESTSDIR
+ eval ipv6_carol1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $TESTSDIR
+ searchandreplace PH_IP6_CAROL $ipv6_carol $TESTSDIR
;;
dave)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- searchandreplace PH_IP_DAVE $ip_dave $TESTSDIR
- searchandreplace PH_IP1_DAVE $ip1_dave $TESTSDIR
+ eval ipv4_dave1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP_DAVE1 $ipv4_dave1 $TESTSDIR
+ searchandreplace PH_IP_DAVE $ipv4_dave $TESTSDIR
+ eval ipv6_dave1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $TESTSDIR
+ searchandreplace PH_IP6_DAVE $ipv6_dave $TESTSDIR
;;
winnetou)
- searchandreplace PH_IP_WINNETOU $ip_winnetou $TESTSDIR
+ searchandreplace PH_IP_WINNETOU $ipv4_winnetou $TESTSDIR
+ searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $TESTSDIR
;;
esac
done
iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'`
tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &"
echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG
- ssh root@`eval echo \\\$ip_$host '$tcpdump_cmd'`
+ ssh root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'`
eval TDUP_${host}="true"
done
fi
if ($2 != "")
{
printf("echo \"%s# %s\"; ", $1, $2)
- printf("ssh root@\044ip_%s \"%s\"; ", $1, $2)
+ printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2)
printf("echo;\n")
}
}' $TESTSDIR/${testname}/pretest.dat` >> $CONSOLE_LOG 2>&1
function stop_tcpdump {
echo "${1}# killall tcpdump" >> $CONSOLE_LOG
- eval ssh root@\$ip_${1} killall tcpdump
+ eval ssh root@\$ipv4_${1} killall tcpdump
eval TDUP_${1}="false"
echo ""
}
{
printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host)
printf("echo \"%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit)
- printf("ssh root@\044ip_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern)
+ printf("ssh root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern)
}
else
{
printf("echo \"%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit)
- printf("ssh root@\044ip_%s %s | grep \"%s\"; ", host, command, pattern)
+ printf("ssh root@\044ipv4_%s %s | grep \"%s\"; ", host, command, pattern)
}
printf("cmd_exit=\044?; ")
printf("echo; ")
for host in $IPSECHOSTS
do
- eval HOSTLOGIN=root@\$ip_${host}
+ eval HOSTLOGIN=root@\$ipv4_${host}
for command in statusall listall
do
if ($2 != "")
{
printf("echo \"%s# %s\"; ", $1, $2)
- printf("ssh root@\044ip_%s \"%s\"; ", $1, $2)
+ printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2)
printf("echo;\n")
}
}' $TESTSDIR/${testname}/posttest.dat` >> $CONSOLE_LOG 2>&1
for host in $IPSECHOSTS
do
- eval HOSTLOGIN=root@\$ip_${host}
+ eval HOSTLOGIN=root@\$ipv4_${host}
ssh $HOSTLOGIN grep pluto /var/log/auth.log \
> $TESTRESULTDIR/${host}.auth.log
echo >> $TESTRESULTDIR/${host}.auth.log
if [ "`eval echo \\\$TDUP_${host}`" = "true" ]
then
echo "${host}# killall tcpdump" >> $CONSOLE_LOG
- eval ssh root@\$ip_$host killall tcpdump
+ eval ssh root@\$ipv4_$host killall tcpdump
eval TDUP_${host}="false"
fi
done
HTDOCS="/var/www/localhost/htdocs"
cecho-n "Copying test results to winnetou.."
-ssh root@${ip_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1
-scp -r $TODAYDIR root@${ip_winnetou}:$HTDOCS/testresults > /dev/null 2>&1
-ssh root@${ip_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1
+ssh root@${ipv4_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1
+scp -r $TODAYDIR root@${ipv4_winnetou}:$HTDOCS/testresults > /dev/null 2>&1
+ssh root@${ipv4_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1
cecho "done"
cecho ""
cecho "The results are available in $TODAYDIR"
-cecho "or via the link http://$ip_winnetou/testresults/$TESTDATE"
+cecho "or via the link http://$ipv4_winnetou/testresults/$TESTDATE"
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_ALICE broadcast 10.1.255.255 netmask 255.255.0.0"
+iface_eth0="PH_IP_ALICE broadcast 10.1.255.255 netmask 255.255.0.0 add PH_IP6_ALICE/16"
# For setting the default gateway
#
-gateway="eth0/PH_IP1_MOON"
+gateway="eth0/PH_IP_MOON1"
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_BOB broadcast 10.2.255.255 netmask 255.255.0.0"
+iface_eth0="PH_IP_BOB broadcast 10.2.255.255 netmask 255.255.0.0 add PH_IP6_BOB/16"
# For setting the default gateway
#
-gateway="eth0/PH_IP1_SUN"
+gateway="eth0/PH_IP_SUN1"
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_CAROL broadcast 192.168.0.255 netmask 255.255.255.0"
+iface_eth0="PH_IP_CAROL broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_CAROL/16"
# For setting the default gateway
#
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_DAVE broadcast 192.168.0.255 netmask 255.255.255.0"
+iface_eth0="PH_IP_DAVE broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_DAVE/16"
# For setting the default gateway
#
PH_IP_ALICE alice.strongswan.org alice
PH_IP_VENUS venus.strongswan.org venus
-PH_IP1_MOON moon1.strongswan.org moon1
+PH_IP_MOON1 moon1.strongswan.org moon1
PH_IP_MOON moon.strongswan.org moon
PH_IP_CAROL carol.strongswan.org carol
-PH_IP1_CAROL carol1.strongswan.org carol1
+PH_IP_CAROL1 carol1.strongswan.org carol1
PH_IP_WINNETOU winnetou.strongswan.org winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
PH_IP_DAVE dave.strongswan.org dave
-PH_IP1_DAVE dave1.strongswan.org dave1
+PH_IP_DAVE1 dave1.strongswan.org dave1
PH_IP_SUN sun.strongswan.org sun
-PH_IP1_SUN sun1.strongswan.org sun1
+PH_IP_SUN1 sun1.strongswan.org sun1
PH_IP_BOB bob.strongswan.org bob
# IPV6 versions of localhost and co
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
+
+PH_IP6_ALICE ip6-alice.strongswan.org ip6-alice
+PH_IP6_VENUS ip6-venus.strongswan.org ip6-venus
+PH_IP6_MOON1 ip6-moon1.strongswan.org ip6-moon1
+PH_IP6_MOON ip6-moon.strongswan.org ip6-moon
+PH_IP6_CAROL ip6-carol.strongswan.org ip6-carol
+PH_IP6_CAROL1 ip6-carol1.strongswan.org ip6-carol1
+PH_IP6_WINNETOU ip6-winnetou.strongswan.org ip6-winnetou
+PH_IP6_DAVE ip6-dave.strongswan.org ip6-dave
+PH_IP6_DAVE1 ip6-dave1.strongswan.org ip6-dave1
+PH_IP6_SUN ip6-sun.strongswan.org ip6-sun
+PH_IP6_SUN1 ip6-sun1.strongswan.org ip6-sun1
+PH_IP6_BOB ip6-bob.strongswan.org ip6-bob
+
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_MOON broadcast 192.168.0.255 netmask 255.255.255.0"
-iface_eth1="PH_IP1_MOON broadcast 10.1.255.255 netmask 255.255.0.0"
+iface_eth0="PH_IP_MOON broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_MOON/16"
+iface_eth1="PH_IP_MOON1 broadcast 10.1.255.255 netmask 255.255.0.0 add PH_IP6_MOON1/16"
# For setting the default gateway
#
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_SUN broadcast 192.168.0.255 netmask 255.255.255.0"
-iface_eth1="PH_IP1_SUN broadcast 10.2.255.255 netmask 255.255.0.0"
+iface_eth0="PH_IP_SUN broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_SUN/16"
+iface_eth1="PH_IP_SUN1 broadcast 10.2.255.255 netmask 255.255.0.0 add PH_IP6_SUN1/16"
# For setting the default gateway
#
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_VENUS broadcast 10.1.255.255 netmask 255.255.0.0"
+iface_eth0="PH_IP_VENUS broadcast 10.1.255.255 netmask 255.255.0.0 add PH_IP6_VENUS/16"
# For setting the default gateway
#
-gateway="eth0/PH_IP1_MOON"
+gateway="eth0/PH_IP_MOON1"
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_lo="127.0.0.1 netmask 255.0.0.0"
-iface_eth0="PH_IP_WINNETOU broadcast 192.168.0.255 netmask 255.255.255.0"
+iface_eth0="PH_IP_WINNETOU broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_WINNETOU/16"
# For setting the default gateway
#
for host in $STRONGSWANHOSTS
do
cecho-n "${host}.."
- eval ip_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
+ eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
+ eval ipv6_${host}="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
- [ "`eval echo \\\$ip_${host}`" != "$HOSTIP" ] || die "$host has the same IP as eth0 (Host)! Please change that."
+ [ "`eval echo \\\$ipv4_${host}`" != "$HOSTIP" ] || die "$host has the same IP as eth0 (Host)! Please change that."
case $host in
moon)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- [ "`eval echo \\\$ip1_${host}`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
- searchandreplace PH_IP_MOON $ip_moon $HOSTCONFIGDIR
- searchandreplace PH_IP1_MOON $ip1_moon $HOSTCONFIGDIR
+ eval ipv4_moon1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ [ "`eval echo \\\$ipv4_moon1`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
+ searchandreplace PH_IP_MOON1 $ipv4_moon1 $HOSTCONFIGDIR
+ searchandreplace PH_IP_MOON $ipv4_moon $HOSTCONFIGDIR
+ eval ipv6_moon1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_MOON1 $ipv6_moon1 $HOSTCONFIGDIR
+ searchandreplace PH_IP6_MOON $ipv6_moon $HOSTCONFIGDIR
;;
sun)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- [ "`eval echo \\\$ip1_${host}`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
- searchandreplace PH_IP_SUN $ip_sun $HOSTCONFIGDIR
- searchandreplace PH_IP1_SUN $ip1_sun $HOSTCONFIGDIR
+ eval ipv4_sun1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ [ "`eval echo \\\$ipv4_sun1`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
+ searchandreplace PH_IP_SUN1 $ipv4_sun1 $HOSTCONFIGDIR
+ searchandreplace PH_IP_SUN $ipv4_sun $HOSTCONFIGDIR
+ eval ipv6_sun1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_SUN1 $ipv6_sun1 $HOSTCONFIGDIR
+ searchandreplace PH_IP6_SUN $ipv6_sun $HOSTCONFIGDIR
;;
alice)
- searchandreplace PH_IP_ALICE $ip_alice $HOSTCONFIGDIR
+ searchandreplace PH_IP_ALICE $ipv4_alice $HOSTCONFIGDIR
+ searchandreplace PH_IP6_ALICE $ipv6_alice $HOSTCONFIGDIR
;;
venus)
- searchandreplace PH_IP_VENUS $ip_venus $HOSTCONFIGDIR
+ searchandreplace PH_IP_VENUS $ipv4_venus $HOSTCONFIGDIR
+ searchandreplace PH_IP6_VENUS $ipv6_venus $HOSTCONFIGDIR
;;
bob)
- searchandreplace PH_IP_BOB $ip_bob $HOSTCONFIGDIR
+ searchandreplace PH_IP_BOB $ipv4_bob $HOSTCONFIGDIR
+ searchandreplace PH_IP6_BOB $ipv6_bob $HOSTCONFIGDIR
;;
carol)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- searchandreplace PH_IP_CAROL $ip_carol $HOSTCONFIGDIR
- searchandreplace PH_IP1_CAROL $ip1_carol $HOSTCONFIGDIR
+ eval ipv4_carol1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP_CAROL1 $ipv4_carol1 $HOSTCONFIGDIR
+ searchandreplace PH_IP_CAROL $ipv4_carol $HOSTCONFIGDIR
+ eval ipv6_carol1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $HOSTCONFIGDIR
+ searchandreplace PH_IP6_CAROL $ipv6_carol $HOSTCONFIGDIR
;;
dave)
- eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
- searchandreplace PH_IP_DAVE $ip_dave $HOSTCONFIGDIR
- searchandreplace PH_IP1_DAVE $ip1_dave $HOSTCONFIGDIR
+ eval ipv4_dave1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP_DAVE1 $ipv4_dave1 $HOSTCONFIGDIR
+ searchandreplace PH_IP_DAVE $ipv4_dave $HOSTCONFIGDIR
+ eval ipv6_dave1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
+ searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $HOSTCONFIGDIR
+ searchandreplace PH_IP6_DAVE $ipv6_dave $HOSTCONFIGDIR
;;
winnetou)
- searchandreplace PH_IP_WINNETOU $ip_winnetou $HOSTCONFIGDIR
+ searchandreplace PH_IP_WINNETOU $ipv4_winnetou $HOSTCONFIGDIR
+ searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $HOSTCONFIGDIR
;;
esac
done
cecho "done"
fi
-for host in $HOSTNAMEIPS
+for host in $HOSTNAMEIPV4
do
- HOSTNAME=`echo $host | awk -F : '{ print $1 }'`
- IP=`echo $host | awk -F : '{ print $2 }'`
+ HOSTNAME=`echo $host | awk -F, '{ print $1 }'`
+ IP=`echo $host | awk -F, '{ print $2 }'`
if [ `grep "$IP " ~/.ssh/known_hosts | wc -l` != "0" ]
then
cecho "!! Warning: An entry exists for the following IP address: $IP"
for host in $STRONGSWANHOSTS
do
- eval ip="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
+ eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`"
echo "$host,$ip `cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
echo "`cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
done
then
for host in `ls $TESTSDIR/$testname/hosts`
do
- eval HOSTLOGIN="root@`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
+ eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
scp -rp $TESTSDIR/$testname/hosts/$host/etc $HOSTLOGIN:/ > /dev/null 2>&1
done
fi
for host in $IPSECHOSTS
do
- eval HOSTLOGIN="root@`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
+ eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
ssh $HOSTLOGIN 'rm -f /var/log/auth.log; \
kill -SIGHUP `cat /var/run/syslogd.pid`' > /dev/null 2>&1
done
then
for host in `ls $TESTSDIR/${testname}/hosts`
do
- eval HOSTLOGIN="root@`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
+ eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
scp -rp $HOSTCONFIGDIR/${host}/etc $HOSTLOGIN:/ > /dev/null 2>&1
done
fi
# Bzipped kernel sources
# (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.16.16.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.16.19.tar.bz2
# Extract kernel version
KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
SELECTEDTESTS="net2net-cert"
##############################################################
-# hostname and according IP(s)
-# You may change the IPs but keep them in the same net,
+# hostname and corresponding IPv4 and IPv6 addresses
+# You may change the IPs but keep them in the same subnet,
# this means retain the netmasks!
# Also don't use IPs ending with 254, they are reserved!
#
-HOSTNAMEIPS="\
-alice:10.1.0.10 \
-venus:10.1.0.20 \
-moon:192.168.0.1:10.1.0.1 \
-carol:192.168.0.100:10.3.0.1 \
-winnetou:192.168.0.150 \
-dave:192.168.0.200:10.3.0.2 \
-sun:192.168.0.2:10.2.0.1 \
-bob:10.2.0.10"
+HOSTNAMEIPV4="\
+alice,10.1.0.10 \
+venus,10.1.0.20 \
+moon,192.168.0.1,10.1.0.1 \
+carol,192.168.0.100,10.3.0.1 \
+winnetou,192.168.0.150 \
+dave,192.168.0.200,10.3.0.2 \
+sun,192.168.0.2,10.2.0.1 \
+bob,10.2.0.10"
+
+HOSTNAMEIPV6="\
+alice,fec1::10 \
+venus,fec1::20 \
+moon,fec0::1,fec1::1 \
+carol,fec0::10,fec3::1 \
+winnetou,fec0::15 \
+dave,fec0::20,fec3::2 \
+sun,fec0::2,fec2::1 \
+bob,fec2::10"
##############################################################
# VPN gateways / clients
alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
bob::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP1_SUN::64 bytes from PH_IP1_SUN: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES
moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
plutostart=no
conn host-host
- left=PH_IP_SUN
- leftcert=sunCert.pem
- right=PH_IP_MOON
- rightcert=moonCert.pem
+ left=PH_IP_MOON
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ right=PH_IP_SUN
+ rightcert=sunCert.pem
+ rightid=@sun.strongswan.org
keyexchange=ikev2
auto=add
plutostart=no
conn host-host
- left=PH_IP_MOON
- leftcert=moonCert.pem
- right=PH_IP_SUN
- rightcert=sunCert.pem
+ left=PH_IP_SUN
+ leftcert=sunCert.pem
+ leftid=@sun.strongswan.org
+ right=PH_IP_MOON
+ rightcert=moonCert.pem
+ rightid=@moon.strongswan.org
keyexchange=ikev2
auto=add
version 2.0 # conforms to second version of ipsec.conf specification
+config setup
+ plutodebug=control
+ crlcheckinterval=180
+
conn %default
+ ikelifetime=60m
+ keylife=20m
left=PH_IP_MOON
+ leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
leftsubnet=10.1.0.0/16
keyingtries=1
right=PH_IP_MOON
rightsubnet=10.1.0.0/16
- rightsourceip=PH_IP1_MOON
+ rightsourceip=PH_IP_MOON1
rightnexthop=%direct
rightcert=moonCert.pem
rightid=@moon.strongswan.org
conn rw-carol
left=%any
leftid=carol@strongswan.org
- leftsourceip=PH_IP1_CAROL
+ leftsourceip=PH_IP_CAROL1
auto=add
conn rw-dave
left=%any
leftid=dave@strongswan.org
- leftsourceip=PH_IP1_DAVE
+ leftsourceip=PH_IP_DAVE1
auto=add
moon::/etc/init.d/iptables stop 2> /dev/null
carol::/etc/init.d/iptables stop 2> /dev/null
dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP1_CAROL/32 dev eth0
-dave::ip addr del PH_IP1_DAVE/32 dev eth0
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
keyingtries=1
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
- leftsourceip=PH_IP1_MOON
+ leftsourceip=PH_IP_MOON1
leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn rw-carol
right=%any
rightid=carol@strongswan.org
- rightsourceip=PH_IP1_CAROL
+ rightsourceip=PH_IP_CAROL1
auto=add
conn rw-dave
right=%any
rightid=dave@strongswan.org
- rightsourceip=PH_IP1_DAVE
+ rightsourceip=PH_IP_DAVE1
auto=add
moon::/etc/init.d/iptables stop 2> /dev/null
carol::/etc/init.d/iptables stop 2> /dev/null
dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP1_CAROL/32 dev eth0
-dave::ip addr del PH_IP1_DAVE/32 dev eth0
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
carol::sleep 2
carol::ipsec up home
dave::ipsec up home
+carol::sleep 1
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
carol::ping -c 2 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
-carol::ping -c 2 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq::YES
+carol::ping -c 2 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
carol::ssh PH_IP_ALICE hostname::alice::YES
carol::cat /var/log/auth.log::initiate on demand::YES
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
conn %default
left=PH_IP_MOON
leftsubnet=10.1.0.0/16
- leftsourceip=PH_IP1_MOON
+ leftsourceip=PH_IP_MOON1
leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
conn rw-carol
right=%any
rightid=carol@strongswan.org
- rightsourceip=PH_IP1_CAROL
+ rightsourceip=PH_IP_CAROL1
auto=add
conn rw-dave
right=%any
rightid=dave@strongswan.org
- rightsourceip=PH_IP1_DAVE
+ rightsourceip=PH_IP_DAVE1
auto=add
moon::/etc/init.d/iptables stop 2> /dev/null
carol::/etc/init.d/iptables stop 2> /dev/null
dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP1_CAROL/32 dev eth0
-dave::ip addr del PH_IP1_DAVE/32 dev eth0
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
+dave::ip addr del PH_IP_DAVE1/32 dev eth0
moon::rm /etc/ipsec.connections /etc/ipsec.host
moon::rm -r /etc/ipsec.peers
carol::sleep 2
carol::ipsec up home
dave::ipsec up home
+carol::sleep 1
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
-moon::ping -c 1 PH_IP1_CAROL::64 bytes from PH_IP1_CAROL: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: icmp::YES
conn home
right=PH_IP_CAROL
- rightsourceip=PH_IP1_CAROL
+ rightsourceip=PH_IP_CAROL1
rightnexthop=%direct
rightcert=carolCert.pem
rightid=carol@strongswan.org
conn rw
right=PH_IP_MOON
- rightsourceip=PH_IP1_MOON
+ rightsourceip=PH_IP_MOON1
rightnexthop=%direct
rightcert=moonCert.pem
rightid=@moon.strongswan.org
carol::ipsec stop
moon::/etc/init.d/iptables stop 2> /dev/null
carol::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP1_CAROL/32 dev eth0
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
-moon::ping -c 1 PH_IP1_CAROL::64 bytes from PH_IP1_CAROL: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: icmp::YES
conn home
left=PH_IP_CAROL
- leftsourceip=PH_IP1_CAROL
+ leftsourceip=PH_IP_CAROL1
leftnexthop=%direct
leftcert=carolCert.pem
leftid=carol@strongswan.org
conn rw
left=PH_IP_MOON
- leftsourceip=PH_IP1_MOON
+ leftsourceip=PH_IP_MOON1
leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
carol::ipsec stop
moon::/etc/init.d/iptables stop 2> /dev/null
carol::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP1_CAROL/32 dev eth0
+carol::ip addr del PH_IP_CAROL1/32 dev eth0
moon::ipsec start
carol::sleep 2
carol::ipsec up home
+carol::sleep 1
moon::ipsec status::alice.*STATE_QUICK_R2.*IPsec SA established::YES
moon::ipsec status::venus.*STATE_QUICK_R2.*IPsec SA established::YES
alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-alice::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
alice::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
alice::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
venus::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
leftcert=aliceCert.pem
leftid=alice@strongswan.org
leftfirewall=yes
- right=PH_IP1_MOON
+ right=PH_IP_MOON1
rightid=@moon.strongswan.org
rightsubnet=0.0.0.0/0
auto=add
auto=add
conn wlan
- left=PH_IP1_MOON
+ left=PH_IP_MOON1
leftnexthop=%direct
leftsubnet=0.0.0.0/0
leftcert=moonCert.pem
leftcert=venusCert.pem
leftid=@venus.strongswan.org
leftfirewall=yes
- right=PH_IP1_MOON
+ right=PH_IP_MOON1
rightid=@moon.strongswan.org
rightsubnet=0.0.0.0/0
auto=add