testing: Fix ikev2/net2net-rsa scenario

diff --git a/testing/scripts/build-certs-chroot b/testing/scripts/build-certs-chroot
index 2bf717df53b91baf69fcc3ad6261bc1926e7eced..6293503be1dd5ab18f4cbd15505630a7b2c18b0d 100755 (executable)
--- a/testing/scripts/build-certs-chroot
+++ b/testing/scripts/build-certs-chroot
@@ -1874,3 +1874,19 @@ do
         ${TEST_DATA}.in > ${TEST_DATA}
   done
 done
+
+################################################################################
+# Raw RSA keys                                                                 #
+################################################################################
+
+MOON_PUB_DNS=`pki --pub --type rsa --outform dnskey --in ${MOON_KEY}`
+#
+SUN_PUB_DNS=`pki --pub --type rsa --outform dnskey --in ${SUN_KEY}`
+#
+for h in moon sun
+do
+  TEST_DATA="${TEST_DIR}/ikev2/net2net-rsa/hosts/${h}/etc/ipsec.conf"
+  sed -e "s|MOON_PUB_DNS|${MOON_PUB_DNS}|g" \
+      -e "s|SUN_PUB_DNS|${SUN_PUB_DNS}|g" \
+      ${TEST_DATA}.in > ${TEST_DATA}
+done

diff --git a/testing/tests/ikev2/net2net-rsa/.gitignore b/testing/tests/ikev2/net2net-rsa/.gitignore
new file mode 100644 (file)
index 0000000..dad9a7d
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/.gitignore
@@ -0,0 +1 @@
+ipsec.conf

diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf
deleted file mode 100644 (file)
index c0ee062..0000000
--- a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       
-conn net-net
-       left=PH_IP_MOON
-       leftsubnet=10.1.0.0/16
-       leftid=@moon.strongswan.org
-       leftsigkey=dns:0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj
-       leftauth=pubkey
-       leftfirewall=yes
-       right=PH_IP_SUN
-       rightsubnet=10.2.0.0/16
-       rightid=@sun.strongswan.org
-       rightsigkey=dns:0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT
-       rightauth=pubkey
-       auto=add

diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf.in b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf.in
new file mode 100644 (file)
index 0000000..59e3930
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf.in
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn net-net
+       left=PH_IP_MOON
+       leftsubnet=10.1.0.0/16
+       leftid=@moon.strongswan.org
+       leftsigkey="dns:0sMOON_PUB_DNS"
+       leftauth=pubkey
+       leftfirewall=yes
+       right=PH_IP_SUN
+       rightsubnet=10.2.0.0/16
+       rightid=@sun.strongswan.org
+       rightsigkey="dns:0sSUN_PUB_DNS"
+       rightauth=pubkey
+       auto=add

diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf
deleted file mode 100644 (file)
index b089e9f..0000000
--- a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-
-conn %default
-       ikelifetime=60m
-       keylife=20m
-       rekeymargin=3m
-       keyingtries=1
-       keyexchange=ikev2
-       
-conn net-net
-       left=PH_IP_SUN
-       leftsubnet=10.2.0.0/16
-       leftid=@sun.strongswan.org
-       leftsigkey=dns:0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT
-       leftfirewall=yes
-       right=PH_IP_MOON
-       rightsubnet=10.1.0.0/16
-       rightid=@moon.strongswan.org
-       rightsigkey=dns:0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj
-       auto=add

diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf.in b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf.in
new file mode 100644 (file)
index 0000000..f2076c0
--- /dev/null
+++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf.in
@@ -0,0 +1,22 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+       ikelifetime=60m
+       keylife=20m
+       rekeymargin=3m
+       keyingtries=1
+       keyexchange=ikev2
+
+conn net-net
+       left=PH_IP_SUN
+       leftsubnet=10.2.0.0/16
+       leftid=@sun.strongswan.org
+       leftsigkey="dns:0sSUN_PUB_DNS"
+       leftfirewall=yes
+       right=PH_IP_MOON
+       rightsubnet=10.1.0.0/16
+       rightid=@moon.strongswan.org
+       rightsigkey="dns:0sMOON_PUB_DNS"
+       auto=add