use EAP identity in tnc/tnccs-20-pdp scenario

author Andreas Steffen <andreas.steffen@strongswan.org>

Tue, 12 Feb 2013 19:41:37 +0000 (20:41 +0100)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Tue, 12 Feb 2013 19:41:37 +0000 (20:41 +0100)
author Andreas Steffen <andreas.steffen@strongswan.org>
Tue, 12 Feb 2013 19:41:37 +0000 (20:41 +0100)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Tue, 12 Feb 2013 19:41:37 +0000 (20:41 +0100)
diff --git a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp/evaltest.dat

index e969774c5dfc6ffcdf37db92e65630045911d63d..f028ec609de5c0858e3a1ef539b66853fc1bdbbc 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp/evaltest.dat
@@ -7,9 +7,11 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::Y
  dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
  dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
  moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES
-moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::RADIUS authentication of 'carol' successful::YES
+moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES
  moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
-moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
+moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES
+moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES
  moon:: ipsec statusall 2>/dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
  moon:: ipsec statusall 2>/dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
  carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets

index 96b9a8dd54373c43170fe68b40c59cc7052e4567..11d45cd140c4d333bd742573f912a054a3bdaa59 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets
@@ -2,5 +2,5 @@
  
  : RSA aaaKey.pem
  
-carol@strongswan.org : EAP "Ar3etTnp"
-dave@strongswan.org  : EAP "W7R0g3do"
+carol : EAP "Ar3etTnp"
+dave  : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf

index e9152e0d89b88d32bc7f6508037e6e6932448f4d..59563730b1a549417915959352cb0029bf4577c0 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf
@@ -12,12 +12,12 @@ conn %default
  
  conn home
         left=PH_IP_CAROL
-       leftid=carol@strongswan.org
         leftauth=eap
         leftfirewall=yes
         right=PH_IP_MOON
         rightid=@moon.strongswan.org
         rightsubnet=10.1.0.0/16
         rightauth=pubkey
+       eap_identity=carol
         aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
         auto=add
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets

index 74942afda993af2c6f1eb55a42acf8b31bc0dcc2..23d79cf2e69a1d9275e866a7774827c1424c03ff 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
  # /etc/ipsec.secrets - strongSwan IPsec secrets file
  
-carol@strongswan.org : EAP "Ar3etTnp"
+carol : EAP "Ar3etTnp"
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf

index 25589bcf1391f964756de4d47d4a5d925ce7900a..8c27c78d24e76e65d6c0a963651796057f658923 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf
@@ -12,12 +12,12 @@ conn %default
  
  conn home
         left=PH_IP_DAVE
-       leftid=dave@strongswan.org
         leftauth=eap
         leftfirewall=yes
         right=PH_IP_MOON
         rightid=@moon.strongswan.org
         rightsubnet=10.1.0.0/16
         rightauth=pubkey
+       eap_identity=dave
         aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
         auto=add
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets

index 5496df7ad1796164d3c2f72f77e911f3b6161c63..02e0c9963eacd7d5c51e2cf8138b8857ef2c663f 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets
@@ -1,3 +1,3 @@
  # /etc/ipsec.secrets - strongSwan IPsec secrets file
  
-dave@strongswan.org : EAP "W7R0g3do"
+dave : EAP "W7R0g3do"
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf

index 294964fe792e22e9b06b878055b55e08a0dfb2d5..02ada5665d2d7d193ac990c3681361ac194556a2 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf
@@ -28,6 +28,6 @@ conn rw-eap
         leftauth=pubkey
         leftfirewall=yes
         rightauth=eap-radius
-       rightid=*@strongswan.org
         rightsendcert=never
         right=%any
+       eap_identity=%any
diff --git a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf

index 15655daf2af0dee983e9843c7a0e4d12bdcfe003..d329518665057d15e1f29cc25c50f6cc0922de52 100644 (file)
--- a/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
  # /etc/strongswan.conf - strongSwan configuration file
  
  charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown
    multiple_authentication=no
    plugins {
      eap-radius {
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Tue, 12 Feb 2013 19:41:37 +0000 (20:41 +0100)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Tue, 12 Feb 2013 19:41:37 +0000 (20:41 +0100)
testing/tests/tnc/tnccs-20-pdp/evaltest.dat		patch \| blob \| blame \| history
testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets		patch \| blob \| blame \| history
testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf		patch \| blob \| blame \| history
testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets		patch \| blob \| blame \| history
testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf		patch \| blob \| blame \| history
testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets		patch \| blob \| blame \| history
testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf		patch \| blob \| blame \| history
testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf		patch \| blob \| blame \| history