From 21280da9f53cec8e12f16ad2db9162e7cd592736 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 7 May 2019 16:06:28 +0200 Subject: [PATCH] testing: Fix ikev2/net2net-rsa scenario --- testing/scripts/build-certs-chroot | 16 +++++++++++++ testing/tests/ikev2/net2net-rsa/.gitignore | 1 + .../net2net-rsa/hosts/moon/etc/ipsec.conf | 24 ------------------- .../net2net-rsa/hosts/moon/etc/ipsec.conf.in | 24 +++++++++++++++++++ .../net2net-rsa/hosts/sun/etc/ipsec.conf | 22 ----------------- .../net2net-rsa/hosts/sun/etc/ipsec.conf.in | 22 +++++++++++++++++ 6 files changed, 63 insertions(+), 46 deletions(-) create mode 100644 testing/tests/ikev2/net2net-rsa/.gitignore delete mode 100644 testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf.in delete mode 100644 testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf.in diff --git a/testing/scripts/build-certs-chroot b/testing/scripts/build-certs-chroot index 2bf717df53..6293503be1 100755 --- a/testing/scripts/build-certs-chroot +++ b/testing/scripts/build-certs-chroot @@ -1874,3 +1874,19 @@ do ${TEST_DATA}.in > ${TEST_DATA} done done + +################################################################################ +# Raw RSA keys # +################################################################################ + +MOON_PUB_DNS=`pki --pub --type rsa --outform dnskey --in ${MOON_KEY}` +# +SUN_PUB_DNS=`pki --pub --type rsa --outform dnskey --in ${SUN_KEY}` +# +for h in moon sun +do + TEST_DATA="${TEST_DIR}/ikev2/net2net-rsa/hosts/${h}/etc/ipsec.conf" + sed -e "s|MOON_PUB_DNS|${MOON_PUB_DNS}|g" \ + -e "s|SUN_PUB_DNS|${SUN_PUB_DNS}|g" \ + ${TEST_DATA}.in > ${TEST_DATA} +done diff --git a/testing/tests/ikev2/net2net-rsa/.gitignore b/testing/tests/ikev2/net2net-rsa/.gitignore new file mode 100644 index 0000000000..dad9a7da56 --- /dev/null +++ b/testing/tests/ikev2/net2net-rsa/.gitignore @@ -0,0 +1 @@ +ipsec.conf diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf deleted file mode 100644 index c0ee06240c..0000000000 --- a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn net-net - left=PH_IP_MOON - leftsubnet=10.1.0.0/16 - leftid=@moon.strongswan.org - leftsigkey=dns:0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj - leftauth=pubkey - leftfirewall=yes - right=PH_IP_SUN - rightsubnet=10.2.0.0/16 - rightid=@sun.strongswan.org - rightsigkey=dns:0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT - rightauth=pubkey - auto=add diff --git a/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf.in b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf.in new file mode 100644 index 0000000000..59e3930703 --- /dev/null +++ b/testing/tests/ikev2/net2net-rsa/hosts/moon/etc/ipsec.conf.in @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org + leftsigkey="dns:0sMOON_PUB_DNS" + leftauth=pubkey + leftfirewall=yes + right=PH_IP_SUN + rightsubnet=10.2.0.0/16 + rightid=@sun.strongswan.org + rightsigkey="dns:0sSUN_PUB_DNS" + rightauth=pubkey + auto=add diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf deleted file mode 100644 index b089e9f487..0000000000 --- a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf +++ /dev/null @@ -1,22 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn net-net - left=PH_IP_SUN - leftsubnet=10.2.0.0/16 - leftid=@sun.strongswan.org - leftsigkey=dns:0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT - leftfirewall=yes - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - rightsigkey=dns:0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj - auto=add diff --git a/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf.in b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf.in new file mode 100644 index 0000000000..f2076c04e9 --- /dev/null +++ b/testing/tests/ikev2/net2net-rsa/hosts/sun/etc/ipsec.conf.in @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn net-net + left=PH_IP_SUN + leftsubnet=10.2.0.0/16 + leftid=@sun.strongswan.org + leftsigkey="dns:0sSUN_PUB_DNS" + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + rightsigkey="dns:0sMOON_PUB_DNS" + auto=add -- 2.39.2