From: Andreas Steffen Date: Sun, 28 Mar 2021 13:07:41 +0000 (+0200) Subject: testing: Migrated redirect-active scenario to vici X-Git-Tag: 5.9.3dr1~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2cbf7da51a4ac3a18edd248b58ff0ba9aac590bd;p=thirdparty%2Fstrongswan.git testing: Migrated redirect-active scenario to vici --- diff --git a/testing/tests/ikev2/redirect-active/evaltest.dat b/testing/tests/ikev2/redirect-active/evaltest.dat deleted file mode 100644 index 1c90344e5c..0000000000 --- a/testing/tests/ikev2/redirect-active/evaltest.dat +++ /dev/null @@ -1,28 +0,0 @@ -alice::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES -alice::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*mars.strongswan.org::YES -dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*mars.strongswan.org::YES -carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO -dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO -alice::swanctl --redirect --peer-ip PH_IP_CAROL --gateway 192.168.0.1::redirect completed successfully::YES -alice::swanctl --redirect --peer-id dave@strongswan.org --gateway moon.strongswan.org::redirect completed successfully::YES -carol::sleep 1::No output expected::NO -carol::cat /var/log/daemon.log::redirected to 192.168.0.1::YES -dave::cat /var/log/daemon.log::redirected to moon.strongswan.org::YES -moon::cat /var/log/daemon.log::client got redirected from 192.168.0.5::YES -moon::ipsec status 2> /dev/null::rw\[1].*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES -moon::ipsec status 2> /dev/null::rw\[2].*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES -carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES -carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::NO -carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES -carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES -dave::tcpdump::IP mars.strongswan.org > dave.strongswan.org: ESP::NO -dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES -dave::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES -venus::tcpdump::IP carol.strongswan.org > venus.strongswan.org: ICMP echo request::YES -venus::tcpdump::IP venus.strongswan.org > carol.strongswan.org: ICMP echo reply::YES -venus::tcpdump::IP dave.strongswan.org > venus.strongswan.org: ICMP echo request::YES -venus::tcpdump::IP venus.strongswan.org > dave.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/redirect-active/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/redirect-active/hosts/alice/etc/ipsec.conf deleted file mode 100644 index 6a810552be..0000000000 --- a/testing/tests/ikev2/redirect-active/hosts/alice/etc/ipsec.conf +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn rw - left=192.168.0.5 - leftcert=marsCert.pem - leftid=mars.strongswan.org - leftsubnet=10.1.0.0/16 - leftfirewall=yes - right=%any - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/redirect-active/hosts/alice/etc/ipsec.secrets b/testing/tests/ikev2/redirect-active/hosts/alice/etc/ipsec.secrets deleted file mode 100644 index d65b96e340..0000000000 --- a/testing/tests/ikev2/redirect-active/hosts/alice/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA marsKey.pem diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf deleted file mode 100644 index cdcf4e6f29..0000000000 --- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn home - leftcert=carolCert.pem - leftid=carol@strongswan.org - leftfirewall=yes - right=192.168.0.5 - rightid=mars.strongswan.org - rightsubnet=10.1.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/redirect-active/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/redirect-active/hosts/dave/etc/ipsec.conf deleted file mode 100644 index 642811d106..0000000000 --- a/testing/tests/ikev2/redirect-active/hosts/dave/etc/ipsec.conf +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn home - leftcert=daveCert.pem - leftid=dave@strongswan.org - leftfirewall=yes - right=192.168.0.5 - rightid=mars.strongswan.org - rightsubnet=10.1.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/redirect-active/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/redirect-active/hosts/moon/etc/ipsec.conf deleted file mode 100644 index fa901cbdfe..0000000000 --- a/testing/tests/ikev2/redirect-active/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,18 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn rw - leftcert=marsCert.pem - leftid=mars.strongswan.org - leftsubnet=10.1.0.0/16 - leftfirewall=yes - right=%any - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/redirect-active/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/redirect-active/hosts/moon/etc/ipsec.secrets deleted file mode 100644 index d65b96e340..0000000000 --- a/testing/tests/ikev2/redirect-active/hosts/moon/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA marsKey.pem diff --git a/testing/tests/ikev2/redirect-active/description.txt b/testing/tests/swanctl/redirect-active/description.txt similarity index 100% rename from testing/tests/ikev2/redirect-active/description.txt rename to testing/tests/swanctl/redirect-active/description.txt diff --git a/testing/tests/swanctl/redirect-active/evaltest.dat b/testing/tests/swanctl/redirect-active/evaltest.dat new file mode 100644 index 0000000000..55410e559b --- /dev/null +++ b/testing/tests/swanctl/redirect-active/evaltest.dat @@ -0,0 +1,28 @@ +alice::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +alice::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.5 remote-port=4500 remote-id=mars.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.5 remote-port=4500 remote-id=mars.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES +carol::ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +dave:: ping -c 1 -W 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::NO +alice::swanctl --redirect --peer-ip PH_IP_CAROL --gateway 192.168.0.1::redirect completed successfully::YES +alice::swanctl --redirect --peer-id dave@strongswan.org --gateway moon.strongswan.org::redirect completed successfully::YES +carol::sleep 1::No output expected::NO +carol::cat /var/log/daemon.log::redirected to 192.168.0.1::YES +dave::cat /var/log/daemon.log::redirected to moon.strongswan.org::YES +moon::cat /var/log/daemon.log::client got redirected from 192.168.0.5::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL protocol=ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES +carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES +carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::NO +carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES +dave::tcpdump::IP mars.strongswan.org > dave.strongswan.org: ESP::NO +dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +dave::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +venus::tcpdump::IP carol.strongswan.org > venus.strongswan.org: ICMP echo request::YES +venus::tcpdump::IP venus.strongswan.org > carol.strongswan.org: ICMP echo reply::YES +venus::tcpdump::IP dave.strongswan.org > venus.strongswan.org: ICMP echo request::YES +venus::tcpdump::IP venus.strongswan.org > dave.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/redirect-active/hosts/alice/etc/iptables.rules b/testing/tests/swanctl/redirect-active/hosts/alice/etc/iptables.rules similarity index 100% rename from testing/tests/ikev2/redirect-active/hosts/alice/etc/iptables.rules rename to testing/tests/swanctl/redirect-active/hosts/alice/etc/iptables.rules diff --git a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf b/testing/tests/swanctl/redirect-active/hosts/alice/etc/strongswan.conf similarity index 64% rename from testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf rename to testing/tests/swanctl/redirect-active/hosts/alice/etc/strongswan.conf index db3b535423..06db1eb9f7 100644 --- a/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf +++ b/testing/tests/swanctl/redirect-active/hosts/alice/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown vici + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown vici } diff --git a/testing/tests/swanctl/redirect-active/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/swanctl/redirect-active/hosts/alice/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..fc2aba4cbc --- /dev/null +++ b/testing/tests/swanctl/redirect-active/hosts/alice/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.5 + + local { + auth = pubkey + certs = marsCert.pem + id = mars.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/redirect-active/hosts/carol/etc/strongswan.conf similarity index 71% rename from testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf rename to testing/tests/swanctl/redirect-active/hosts/carol/etc/strongswan.conf index 6bc136a9bd..8cb8648750 100644 --- a/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf +++ b/testing/tests/swanctl/redirect-active/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown syslog { daemon { knl = 2 diff --git a/testing/tests/swanctl/redirect-active/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/redirect-active/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..b8c6219488 --- /dev/null +++ b/testing/tests/swanctl/redirect-active/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.5 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = mars.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/redirect-active/hosts/dave/etc/strongswan.conf similarity index 66% rename from testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf rename to testing/tests/swanctl/redirect-active/hosts/dave/etc/strongswan.conf index 16a0a8ca0c..237efac652 100644 --- a/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf +++ b/testing/tests/swanctl/redirect-active/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown } diff --git a/testing/tests/swanctl/redirect-active/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/redirect-active/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..c655be9d57 --- /dev/null +++ b/testing/tests/swanctl/redirect-active/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.5 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = mars.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/redirect-active/hosts/moon/etc/strongswan.conf similarity index 66% rename from testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf rename to testing/tests/swanctl/redirect-active/hosts/moon/etc/strongswan.conf index 16a0a8ca0c..237efac652 100644 --- a/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf +++ b/testing/tests/swanctl/redirect-active/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown } diff --git a/testing/tests/swanctl/redirect-active/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/redirect-active/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..785bde269a --- /dev/null +++ b/testing/tests/swanctl/redirect-active/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.1 + + local { + auth = pubkey + certs = marsCert.pem + id = mars.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ikev2/redirect-active/posttest.dat b/testing/tests/swanctl/redirect-active/posttest.dat similarity index 56% rename from testing/tests/ikev2/redirect-active/posttest.dat rename to testing/tests/swanctl/redirect-active/posttest.dat index 7e436a683e..c384f430b0 100644 --- a/testing/tests/ikev2/redirect-active/posttest.dat +++ b/testing/tests/swanctl/redirect-active/posttest.dat @@ -1,7 +1,8 @@ -carol::ipsec stop -dave::ipsec stop -moon::ipsec stop -alice::ipsec stop +carol::systemctl stop strongswan +dave::systemctl stop strongswan +moon::systemctl stop strongswan +alice::systemctl stop strongswan +alice::cd /etc/swanctl; rm rsa/marsKey.pem x509/marsCert.pem moon::iptables-restore < /etc/iptables.flush alice::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/redirect-active/pretest.dat b/testing/tests/swanctl/redirect-active/pretest.dat similarity index 56% rename from testing/tests/ikev2/redirect-active/pretest.dat rename to testing/tests/swanctl/redirect-active/pretest.dat index 5a02bddec5..0451195087 100644 --- a/testing/tests/ikev2/redirect-active/pretest.dat +++ b/testing/tests/swanctl/redirect-active/pretest.dat @@ -4,13 +4,14 @@ moon::iptables-restore < /etc/iptables.rules alice::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::ipsec start -alice::ipsec start -carol::ipsec start -dave::ipsec start +alice::cd /etc/swanctl; rm rsa/aliceKey.pem x509/aliceCert.pem +moon::systemctl start strongswan +alice::systemctl start strongswan +carol::systemctl start strongswan +dave::systemctl start strongswan moon::expect-connection rw alice::expect-connection rw carol::expect-connection home -carol::ipsec up home +carol::swanctl --initiate --child home dave::expect-connection home -dave::ipsec up home +dave::swanctl --initiate --child home diff --git a/testing/tests/ikev2/redirect-active/test.conf b/testing/tests/swanctl/redirect-active/test.conf similarity index 91% rename from testing/tests/ikev2/redirect-active/test.conf rename to testing/tests/swanctl/redirect-active/test.conf index 8056d9ce45..43f8bbcc37 100644 --- a/testing/tests/ikev2/redirect-active/test.conf +++ b/testing/tests/swanctl/redirect-active/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="venus carol dave" # Used for IPsec logging purposes # IPSECHOSTS="alice moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1