updated ikev1/xauth-rsa scenario to xauth plugin

diff --git a/testing/tests/ikev1/xauth-rsa/description.txt b/testing/tests/ikev1/xauth-rsa/description.txt
index 0cdaba1c5e22df14ee75f73cac9f925d230fc756..a9b76b618579f5372dd25f3e9ec1452ecd5296eb 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/description.txt
+++ b/testing/tests/ikev1/xauth-rsa/description.txt
@@ -1,7 +1,9 @@
 The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
 The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certificates
 followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
-based on user names and passwords.
+based on user names equal to the <b>IKEv1 identity</b> (<b>carol@strongswan.org</b> and
+<b>dave@strongswan.org</b>, respectively) and corresponding user passwords defined and
+stored in ipsec.secrets.
 <p>
 Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
 inserts iptables-based firewall rules that let pass the tunneled traffic.

diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat
index e1dc6b5b057f9c1ca1bb1883f2f07d867c57b96a..7860430655eabb67c3c21e6245c8870448bd2941 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/evaltest.dat
+++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat
@@ -1,5 +1,7 @@
 carol::cat /var/log/auth.log::extended authentication was successful::YES
 dave::cat /var/log/auth.log::extended authentication was successful::YES
+moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
+moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
 moon::cat /var/log/auth.log::extended authentication was successful::YES
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES

diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets
index 48fd260c1ab328d226a551eac453c84fb11e495d..4a77c3b97ff807e77125197dbdc775fd212eb5f8 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets
@@ -2,4 +2,4 @@
 
 : RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
 
-: XAUTH carol "4iChxLT3" 
+carol@strongswan.org : XAUTH "4iChxLT3" 

diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..556f76c
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets
index 14f08850175560378bb70368542f1900a3ef9ed7..1c0248b84bfe1d0f177205d1e19f081ce3f78654 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets
@@ -2,4 +2,4 @@
 
 : RSA daveKey.pem
 
-: XAUTH dave "ryftzG4A" 
+dave@strongswan.org : XAUTH "ryftzG4A" 

diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..556f76c
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}

diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
index ffbb13ec595c772cb352ba2c9fe9db07d0c684b4..f79a81a6f60557bc1858c288ee5b377d37dd8185 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       plutodebug="control"
+       plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
        charonstart=no

diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets
index 8d41919fcdd8de60d735760bb83543de3f4a5d5f..1ba66971a87379931aeb5f0f53994f607be7a3af 100644 (file)
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets
@@ -2,6 +2,6 @@
 
 : RSA moonKey.pem
 
-: XAUTH carol "4iChxLT3"
+carol@strongswan.org : XAUTH "4iChxLT3"
 
-: XAUTH dave  "ryftzG4A"
+dave@strongswan.org  : XAUTH "ryftzG4A"

diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
new file mode 100644 (file)
index 0000000..556f76c
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}