upgraded pfkey scenarios to 5.0.0

diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
index 24e36eb770d1d76320f6cf038920e50b1bb44420..9ca168e8274b1296ea03768d9be59543296c485f 100644 (file)
--- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
+++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat
@@ -1,12 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES
-carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES
-moon::ip xfrm state::auth xcbc(aes)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES
+moon:: ip xfrm state::auth xcbc(aes)::YES
 carol::ip xfrm state::auth xcbc(aes)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
-

diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
index 33e6a842b7a29260d3ff568fe48b1958b5b9472c..806923e30ddbb2835e6acc3754994050b7af24d2 100755 (executable)
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
index 208477deb4ceb7957c90dc73633362210c1eeb21..5f55bb7e7958913dca352b44a459b5e17d6da03d 100755 (executable)
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/alg-sha384/evaltest.dat b/testing/tests/pfkey/alg-sha384/evaltest.dat
index 31bb64c5e4f01aac90299f0d2679f9d2b1bb7216..21b3d5a4fea3b06e8662f0dc8cafff0af0c195d6 100644 (file)
--- a/testing/tests/pfkey/alg-sha384/evaltest.dat
+++ b/testing/tests/pfkey/alg-sha384/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
-moon::ip xfrm state::auth hmac(sha384)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+moon:: ip xfrm state::auth hmac(sha384)::YES
 carol::ip xfrm state::auth hmac(sha384)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES

diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf
index d38b7dfcfe1708ec6273ffc1f6fe93aeaf38c6e6..14fce03171cd2a828bed44c2a2f258d4c88871b9 100755 (executable)
--- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf
index ea84cd8a4710ab40e716479a3d5ddf63cc35e217..06a887f5c69c3759ded0544cc56f133fe233457a 100755 (executable)
--- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/alg-sha512/evaltest.dat b/testing/tests/pfkey/alg-sha512/evaltest.dat
index e0f5fb7a303d706df2f978e7db3d458a6d853b27..7b94d21827ba62b86d41aadd20516f6786f31c3a 100644 (file)
--- a/testing/tests/pfkey/alg-sha512/evaltest.dat
+++ b/testing/tests/pfkey/alg-sha512/evaltest.dat
@@ -1,11 +1,13 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
-carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
 carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
-moon::ip xfrm state::auth hmac(sha512)::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+moon:: ip xfrm state::auth hmac(sha512)::YES
 carol::ip xfrm state::auth hmac(sha512)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES

diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf
index 583522d1bf8e0bcc3bbb9f8e23d9365cb661aa60..33f619eabf1b0cb0b25fb494842b949c5efe5197 100755 (executable)
--- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf
index 40fec93c0d9f7a6fb0fd0f9d1630e59707e99e02..f76a4264bbfb4346c23c60bcfe1b2ac4518ac6db 100755 (executable)
--- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/esp-alg-null/evaltest.dat b/testing/tests/pfkey/esp-alg-null/evaltest.dat
index d5c0a64c434252c101a25acf3bc8a520f450ab36..271e274c8f199d41f95b3acd952d820954bf594b 100644 (file)
--- a/testing/tests/pfkey/esp-alg-null/evaltest.dat
+++ b/testing/tests/pfkey/esp-alg-null/evaltest.dat
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::NULL/HMAC_SHA1_96::YES
-carol::ipsec statusall::NULL/HMAC_SHA1_96::YES
-moon::ip xfrm state::enc ecb(cipher_null)::YES
+moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+moon:: ip xfrm state::enc ecb(cipher_null)::YES
 carol::ip xfrm state::enc ecb(cipher_null)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length::YES

diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf
index 5640d74fcd2e1bd96c615cc0abce07fa536763ab..dbf53b56aba9a327dfbc93c899b5e3371f9b8667 100755 (executable)
--- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf
index 91f4a7c7f80c43b441aaba5567c1a1ec3f832ba6..deb022fed1e2c532b462f35c54fcb56c64ee89db 100755 (executable)
--- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=yes
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/host2host-transport/evaltest.dat b/testing/tests/pfkey/host2host-transport/evaltest.dat
index b3cade48c789ee121c23ef5f75979c014bf3e3f8..5ef5bed9c3ba6137b51aae2bc59b4e6bb09bdf3f 100644 (file)
--- a/testing/tests/pfkey/host2host-transport/evaltest.dat
+++ b/testing/tests/pfkey/host2host-transport/evaltest.dat
@@ -1,8 +1,10 @@
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
 moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES
-moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
-sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
 moon::ip xfrm state::mode transport::YES
-sun::ip xfrm state::mode transport::YES
+sun:: ip xfrm state::mode transport::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES

diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf
index 7f6c5a58a3c4360cc07dede75c66be4a92343f22..7b4ab64153478e8b9f2f52f1096418a343f8c6c9 100755 (executable)
--- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf
index af52fb22b85b65c944a8e3f0c1d09c28a1c22544..c2d251a122dc915a22bb1cb901e0b3afd138905b 100755 (executable)
--- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/nat-two-rw/description.txt b/testing/tests/pfkey/nat-rw/description.txt
similarity index 100%
rename from testing/tests/pfkey/nat-two-rw/description.txt
rename to testing/tests/pfkey/nat-rw/description.txt

diff --git a/testing/tests/pfkey/nat-rw/evaltest.dat b/testing/tests/pfkey/nat-rw/evaltest.dat
new file mode 100644 (file)
index 0000000..a0b9c67
--- /dev/null
+++ b/testing/tests/pfkey/nat-rw/evaltest.dat
@@ -0,0 +1,12 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES

diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf
similarity index 88%
rename from testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf
rename to testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf
index 3da2fcf864278952a7fe88110674d565e7a18830..28f7330f9b469d39ca3b6a07277d9c12d51531ac 100755 (executable)
--- a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
similarity index 100%
rename from testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
rename to testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf

diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf
similarity index 92%
rename from testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf
rename to testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf
index d8b426318f2ce2052d70b13ae7eb349c22c71b4d..fdd3b61924d55b87ab4da1b507d7d750f9db08c7 100755 (executable)
--- a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-       crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
similarity index 100%
rename from testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
rename to testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf

diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf
similarity index 88%
rename from testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf
rename to testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf
index 3a70b3434502d2bc7c7f8320e86b7bdee93c02f2..9f7369db5574f55dcb79bbce7e3394b5a9aec2d4 100755 (executable)
--- a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
similarity index 100%
rename from testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
rename to testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf

diff --git a/testing/tests/pfkey/nat-two-rw/posttest.dat b/testing/tests/pfkey/nat-rw/posttest.dat
similarity index 100%
rename from testing/tests/pfkey/nat-two-rw/posttest.dat
rename to testing/tests/pfkey/nat-rw/posttest.dat

diff --git a/testing/tests/pfkey/nat-two-rw/pretest.dat b/testing/tests/pfkey/nat-rw/pretest.dat
similarity index 100%
rename from testing/tests/pfkey/nat-two-rw/pretest.dat
rename to testing/tests/pfkey/nat-rw/pretest.dat

diff --git a/testing/tests/pfkey/nat-two-rw/test.conf b/testing/tests/pfkey/nat-rw/test.conf
similarity index 100%
rename from testing/tests/pfkey/nat-two-rw/test.conf
rename to testing/tests/pfkey/nat-rw/test.conf

diff --git a/testing/tests/pfkey/nat-two-rw/evaltest.dat b/testing/tests/pfkey/nat-two-rw/evaltest.dat
deleted file mode 100644 (file)
index bd0a4b5..0000000
--- a/testing/tests/pfkey/nat-two-rw/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-alice::ipsec statusall::nat-t.*INSTALLED::YES
-venus::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec statusall::nat-t.*INSTALLED::YES
-sun::ipsec status::alice@strongswan.org::YES
-sun::ipsec status::venus.strongswan.org::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES

diff --git a/testing/tests/pfkey/net2net-route/evaltest.dat b/testing/tests/pfkey/net2net-route/evaltest.dat
index a89e5a298ce4d75605ffd5323dd2e2beac48ba59..9adb31e973ad17122e6cda672bc3ef3da3503293 100644 (file)
--- a/testing/tests/pfkey/net2net-route/evaltest.dat
+++ b/testing/tests/pfkey/net2net-route/evaltest.dat
@@ -1,6 +1,9 @@
-moon::cat /var/log/daemon.log::creating acquire job::YES
-moon::ipsec statusall::net-net.*INSTALLED::YES
-sun::ipsec statusall::net-net.*INSTALLED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ROUTED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::creating acquire job::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES

diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf
index 8a2f8b77c976ee2fc17dc6ab50625ad163d269ef..c15fdbb4f7ad3d22ce28a116f127315164ddff91 100755 (executable)
--- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf
index 24e5df519ed390a95f7f064a6d63bcbd13391beb..b93233168c759b2fdd399ae9aa93bbef6912c7b2 100755 (executable)
--- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/protoport-dual/evaltest.dat b/testing/tests/pfkey/protoport-dual/evaltest.dat
index bd24b911c9f3a267a6d2f335742ec42d99126812..d2fc698f9df980f24ce38c9997cc884425fdc0f7 100644 (file)
--- a/testing/tests/pfkey/protoport-dual/evaltest.dat
+++ b/testing/tests/pfkey/protoport-dual/evaltest.dat
@@ -1,7 +1,9 @@
-carol::ipsec statusall::home-icmp.*INSTALLED::YES
-carol::ipsec statusall::home-ssh.*INSTALLED::YES
-moon::ipsec statusall::rw-icmp.*INSTALLED::YES
-moon::ipsec statusall::rw-ssh.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
 carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES

diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf
index 51971a13c994ce8f4e8c837ba4fa931df0ebca56..d7c48a77773ae351586a359eb6590cb7797ccaf4 100755 (executable)
--- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf
index 0d7e8db3f4724a9a6ae0e05415ab979b203c0dca..84ebd77e00ed9e4c2bd4087593e0949232b91ea4 100755 (executable)
--- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/protoport-route/evaltest.dat b/testing/tests/pfkey/protoport-route/evaltest.dat
index 78d062918414289f79268ceed6db7a4c1a7a5269..09dfd8f42e682ea2361cd69ce4936e79a2166223 100644 (file)
--- a/testing/tests/pfkey/protoport-route/evaltest.dat
+++ b/testing/tests/pfkey/protoport-route/evaltest.dat
@@ -2,9 +2,11 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
 carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
 carol::ssh PH_IP_ALICE hostname::alice::YES
 carol::cat /var/log/daemon.log::creating acquire job::YES
-carol::ipsec statusall::home-icmp.*INSTALLED::YES
-carol::ipsec statusall::home-ssh.*INSTALLED::YES
-moon::ipsec statusall::rw-icmp.*INSTALLED::YES
-moon::ipsec statusall::rw-ssh.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES

diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf
index d76a6ee17878b76ffb747882bd59a491760571b8..bd0fbbecfe382751e5fc2fe9063f0bbd306d58c5 100755 (executable)
--- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf
index 0d7e8db3f4724a9a6ae0e05415ab979b203c0dca..84ebd77e00ed9e4c2bd4087593e0949232b91ea4 100755 (executable)
--- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/rw-cert/evaltest.dat b/testing/tests/pfkey/rw-cert/evaltest.dat
index 06a0f8cdad5b456f9d49d5757c0749375f393309..b545c2289b40e1530767e30512ae4b78508bafa0 100644 (file)
--- a/testing/tests/pfkey/rw-cert/evaltest.dat
+++ b/testing/tests/pfkey/rw-cert/evaltest.dat
@@ -1,10 +1,14 @@
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-

diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf
index bcdb8641bb417e5cdb59e31c250faa9df599b7ee..d0e7ae27fab57454d4b9bea586ac0475d50e91a1 100755 (executable)
--- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf
index ea8bc92a7c96212cf3c493454c1f92615674c920..d917f6d5d875740c92cdc2bfefc732e14c6d2f65 100755 (executable)
--- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf
index 274521386aef29c730ada22b4fe401264d8e3cf9..00a5220697679388e3d8fa69c3098f2e78c83973 100755 (executable)
--- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/shunt-policies/evaltest.dat b/testing/tests/pfkey/shunt-policies/evaltest.dat
index 2f6e1a91f5511013b21dbcdb51fe7232bebf2709..87368fb319be2c84594058212cf4e1542ed50e92 100644 (file)
--- a/testing/tests/pfkey/shunt-policies/evaltest.dat
+++ b/testing/tests/pfkey/shunt-policies/evaltest.dat
@@ -1,15 +1,19 @@
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::local-net.*PASS::YES
+moon:: ipsec status 2> /dev/null::venus-icmp.*DROP::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun::  ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
 venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO
 venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-moon::ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
+moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
 venus::ssh PH_IP_BOB hostname::bob::YES

diff --git a/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf
index a4958f295ec1e144fbe308201c5bea894af963de..f87bfa8e583e69bbb29010b82e8db6a17df002e5 100755 (executable)
--- a/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default

diff --git a/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf
index c3b36fb7c0b2a1c3a27f9a6db8049c4c0707321b..f952be18bb0355183a42b902ed3a1f2f145d5a5b 100755 (executable)
--- a/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,6 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-       strictcrlpolicy=no
        plutostart=no
 
 conn %default