From: Andreas Steffen Date: Thu, 20 Oct 2022 07:39:46 +0000 (+0200) Subject: testing: Migrated ha scenarios to new default plugins X-Git-Tag: 6.0.0rc1~9^2~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0cf08b45dde61b96b43e1ab616152b04a8cdd46f;p=thirdparty%2Fstrongswan.git testing: Migrated ha scenarios to new default plugins --- diff --git a/testing/tests/ha/active-passive/evaltest.dat b/testing/tests/ha/active-passive/evaltest.dat index dddd337df7..aa35767935 100644 --- a/testing/tests/ha/active-passive/evaltest.dat +++ b/testing/tests/ha/active-passive/evaltest.dat @@ -1,11 +1,11 @@ alice::cat /var/log/daemon.log::HA segment 1 was not handled, taking::YES moon:: cat /var/log/daemon.log::remote node takes segment 1::YES -alice::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=500 local-id=10.1.0.10 remote-host=10.1.0.1 remote-port=500 remote-id=10.1.0.1.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]] remote-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]]::YES -alice::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=500 local-id=10.1.0.10 remote-host=10.1.0.1 remote-port=500 remote-id=10.1.0.1.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]] remote-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]]::YES +alice::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=500 local-id=10.1.0.10 remote-host=10.1.0.1 remote-port=500 remote-id=10.1.0.1.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]] remote-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]]::YES +alice::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=500 local-id=10.1.0.10 remote-host=10.1.0.1 remote-port=500 remote-id=10.1.0.1.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]] remote-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]]::YES alice::swanctl --list-sas --ike-id 3 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES alice::swanctl --list-sas --ike-id 4 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=3 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES -moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.1 local-port=500 local-id=10.1.0.1 remote-host=10.1.0.10 remote-port=500 remote-id=10.1.0.10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]] remote-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]]::YES -moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.1 local-port=500 local-id=10.1.0.1 remote-host=10.1.0.10 remote-port=500 remote-id=10.1.0.10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]] remote-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.1 local-port=500 local-id=10.1.0.1 remote-host=10.1.0.10 remote-port=500 remote-id=10.1.0.10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]] remote-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.1 local-port=500 local-id=10.1.0.1 remote-host=10.1.0.10 remote-port=500 remote-id=10.1.0.10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]] remote-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]]::YES moon ::swanctl --list-sas --ike-id 3 --raw 2> /dev/null::rw.*version=2 state=PASSIVE local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES moon ::swanctl --list-sas --ike-id 4 --raw 2> /dev/null::rw.*version=2 state=PASSIVE local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=3 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.5 remote-port=4500 remote-id=mars.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES diff --git a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf index c782b9b730..c73579fba4 100644 --- a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default ha plugins { ha { diff --git a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf index 53e812a91c..d2715e4067 100644 --- a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default updown } diff --git a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf index aabcbea5c3..e785a90cda 100644 --- a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default updown } diff --git a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf index 1ebac6ebee..a5ef8dfa90 100644 --- a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default ha plugins { ha { diff --git a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf index 18d72f8907..8c9799daf9 100644 --- a/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default ha plugins { ha { diff --git a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf index 53e812a91c..d2715e4067 100644 --- a/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default updown } diff --git a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf index aabcbea5c3..e785a90cda 100644 --- a/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default updown } diff --git a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf index e90135a843..ae6302335d 100644 --- a/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon-systemd { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha + load = random nonce openssl pem pkcs1 curl revocation vici kernel-netlink socket-default ha plugins { ha {