From: Andreas Steffen Date: Tue, 18 May 2010 14:52:12 +0000 (+0200) Subject: updated ikev1/xauth-rsa scenario to xauth plugin X-Git-Tag: 4.4.1~253 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a6085b13e7dd5ee79955959e2ecafd7fe9b50bb;p=thirdparty%2Fstrongswan.git updated ikev1/xauth-rsa scenario to xauth plugin --- diff --git a/testing/tests/ikev1/xauth-rsa/description.txt b/testing/tests/ikev1/xauth-rsa/description.txt index 0cdaba1c5e..a9b76b6185 100644 --- a/testing/tests/ikev1/xauth-rsa/description.txt +++ b/testing/tests/ikev1/xauth-rsa/description.txt @@ -1,7 +1,9 @@ The roadwarriors carol and dave set up a connection to gateway moon. The authentication is based on RSA signatures (RSASIG) using X.509 certificates followed by extended authentication (XAUTH) of carol and dave -based on user names and passwords. +based on user names equal to the IKEv1 identity (carol@strongswan.org and +dave@strongswan.org, respectively) and corresponding user passwords defined and +stored in ipsec.secrets.

Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat index e1dc6b5b05..7860430655 100644 --- a/testing/tests/ikev1/xauth-rsa/evaltest.dat +++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat @@ -1,5 +1,7 @@ carol::cat /var/log/auth.log::extended authentication was successful::YES dave::cat /var/log/auth.log::extended authentication was successful::YES +moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES +moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES moon::cat /var/log/auth.log::extended authentication was successful::YES carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets index 48fd260c1a..4a77c3b97f 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets @@ -2,4 +2,4 @@ : RSA carolKey.pem "nH5ZQEWtku0RJEZ6" -: XAUTH carol "4iChxLT3" +carol@strongswan.org : XAUTH "4iChxLT3" diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf new file mode 100644 index 0000000000..556f76c74f --- /dev/null +++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets index 14f0885017..1c0248b84b 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets @@ -2,4 +2,4 @@ : RSA daveKey.pem -: XAUTH dave "ryftzG4A" +dave@strongswan.org : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf new file mode 100644 index 0000000000..556f76c74f --- /dev/null +++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf index ffbb13ec59..f79a81a6f6 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug="control" + plutodebug=control crlcheckinterval=180 strictcrlpolicy=no charonstart=no diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets index 8d41919fcd..1ba66971a8 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets @@ -2,6 +2,6 @@ : RSA moonKey.pem -: XAUTH carol "4iChxLT3" +carol@strongswan.org : XAUTH "4iChxLT3" -: XAUTH dave "ryftzG4A" +dave@strongswan.org : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf new file mode 100644 index 0000000000..556f76c74f --- /dev/null +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +}