From: Andreas Steffen Date: Tue, 18 May 2010 20:56:42 +0000 (+0200) Subject: updated ikev1/xauth-psk-mode-config scenario to support xauth plugin X-Git-Tag: 4.4.1~244 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1fe5d973cb84775f3096c9aa585ab8dd1909fd4f;p=thirdparty%2Fstrongswan.git updated ikev1/xauth-psk-mode-config scenario to support xauth plugin --- diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt b/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt index 9abe6298c9..1910117475 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt @@ -2,8 +2,8 @@ The roadwarriors carol and dave set up a connection to gateway The authentication is based on Pre-Shared Keys (PSK) followed by extended authentication (XAUTH) of carol and dave based on user names and passwords. Next carol and dave request a -virtual IP via the IKE Mode Config protocol by using the -leftsourceip=%modeconfig parameter. +virtual IP via the IKE Mode Config protocol by using the leftsourceip=%modeconfig +parameter. The virtual IP addresses are registered under the users' XAUTH identity.

Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat b/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat index 15dd054a0d..4552cfe619 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat @@ -1,11 +1,9 @@ carol::cat /var/log/auth.log::extended authentication was successful::YES dave::cat /var/log/auth.log::extended authentication was successful::YES -moon::cat /var/log/auth.log::carol.*extended authentication was successful::YES -moon::cat /var/log/auth.log::dave.*extended authentication was successful::YES +moon::ipsec leases rw 10.3.0.1::carol::YES +moon::ipsec leases rw 10.3.0.2::dave::YES carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES -moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES -moon::ipsec status::dave.*STATE_QUICK_R2.*IPsec SA established::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf index 747f4b6bf7..aa0ae12891 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf @@ -21,4 +21,5 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + xauth_identity=carol auto=add diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets index d2bba2f4cb..e5adf3e8e7 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets @@ -6,4 +6,4 @@ carol@strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21 carol@strongswan.org @sun.strongswan.org : PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5 -: XAUTH carol "4iChxLT3" +carol : XAUTH "4iChxLT3" diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf index 85e5f1aeee..dbd431cc20 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp random + load = sha1 sha2 md5 aes des hmac gmp random xauth } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf index 0193c05120..0243f5afb5 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf @@ -21,4 +21,5 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 + xauth_identity=dave auto=add diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets index 0690d9cde9..25e8c27961 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets @@ -2,4 +2,4 @@ : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL -: XAUTH dave "ryftzG4A" +dave : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf index 85e5f1aeee..dbd431cc20 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp random + load = sha1 sha2 md5 aes des hmac gmp random xauth } # pluto uses optimized DH exponent sizes (RFC 3526) diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf index 98598b04c0..4206f8916e 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf @@ -13,17 +13,12 @@ conn %default keyingtries=1 authby=xauthpsk xauth=server + +conn rw left=PH_IP_MOON leftid=@moon.strongswan.org leftsubnet=10.1.0.0/16 leftfirewall=yes right=%any + rightsourceip=10.3.0.0/24 auto=add - -conn carol - rightid=carol@strongswan.org - rightsourceip=PH_IP_CAROL1 - -conn dave - rightid=dave@strongswan.org - rightsourceip=PH_IP_DAVE1 diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets index 1ea69f998f..20d8e02697 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets @@ -2,6 +2,6 @@ @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL -: XAUTH carol "4iChxLT3" +carol : XAUTH "4iChxLT3" -: XAUTH dave "ryftzG4A" +dave : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf index 85e5f1aeee..dbd431cc20 100644 --- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac gmp random + load = sha1 sha2 md5 aes des hmac gmp random xauth } # pluto uses optimized DH exponent sizes (RFC 3526)