--crl ${SHA3_RSA_CDP} --digest sha3_256 --outform pem > ${MOON_CERT}
cp ${MOON_CERT} ${SHA3_RSA_DIR}/certs/${SERIAL}.pem
-# Put a copy in the botan and wolfssl net2net-sha3-rsa-cert scenarios
-for d in botan wolfssl
+# Put a copy in the botan net2net-sha3-rsa-cert scenarios
+for d in botan
do
TEST="${TEST_DIR}/${d}/net2net-sha3-rsa-cert"
cd ${TEST}/hosts/moon/${SWANCTL_DIR}
+++ /dev/null
-A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-The authentication is based on <b>X.509 certificates</b> with signatures consisting of
-<b>RSA-encrypted SHA-3 hashes</b>.
-<p/>
-Upon the successful establishment of the IPsec tunnel, the updown script automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
-pings client <b>bob</b> located behind gateway <b>sun</b>.
+++ /dev/null
-moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
-sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = pem wolfssl pkcs1 x509 revocation constraints pubkeyrandom
-}
-
-charon-systemd {
- load = random nonce pem wolfssl pkcs1 x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
-}
+++ /dev/null
-connections {
-
- gw-gw {
- local_addrs = 192.168.0.1
- remote_addrs = 192.168.0.2
-
- local {
- auth = pubkey
- certs = moonCert.pem
- id = moon.strongswan.org
- }
- remote {
- auth = pubkey
- id = sun.strongswan.org
- }
- children {
- net-net {
- local_ts = 10.1.0.0/16
- remote_ts = 10.2.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- rekey_time = 5400
- rekey_bytes = 500000000
- rekey_packets = 1000000
- esp_proposals = aes128gcm128-x25519
- }
- }
- version = 2
- mobike = no
- reauth_time = 10800
- proposals = aes128-sha256-x25519
- }
-}
+++ /dev/null
-# /etc/strongswan.conf - strongSwan configuration file
-
-swanctl {
- load = pem wolfssl pkcs1 x509 revocation constraints pubkey random
-}
-
-charon-systemd {
- load = random nonce pem wolfssl pkcs1 x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
-}
+++ /dev/null
-connections {
-
- gw-gw {
- local_addrs = 192.168.0.2
- remote_addrs = 192.168.0.1
-
- local {
- auth = pubkey
- certs = sunCert.pem
- id = sun.strongswan.org
- }
- remote {
- auth = pubkey
- id = moon.strongswan.org
- }
- children {
- net-net {
- local_ts = 10.2.0.0/16
- remote_ts = 10.1.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- rekey_time = 5400
- rekey_bytes = 500000000
- rekey_packets = 1000000
- esp_proposals = aes128gcm128-x25519
- }
- }
- version = 2
- mobike = no
- reauth_time = 10800
- proposals = aes128-sha256-x25519
- }
-}
+++ /dev/null
-moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::systemctl stop strongswan
-sun::systemctl stop strongswan
-moon::iptables-restore < /etc/iptables.flush
-sun::iptables-restore < /etc/iptables.flush
+++ /dev/null
-moon::iptables-restore < /etc/iptables.rules
-sun::iptables-restore < /etc/iptables.rules
-moon::systemctl start strongswan
-sun::systemctl start strongswan
-moon::expect-connection gw-gw
-sun::expect-connection gw-gw
-moon::swanctl --initiate --child net-net 2> /dev/null
+++ /dev/null
-#!/bin/bash
-#
-# This configuration file provides information on the
-# guest instances used for this test
-
-# All guest instances that are required for this test
-#
-VIRTHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
-
-# Guest instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# Guest instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
-
-# charon controlled by swanctl
-#
-SWANCTL=1
projects / thirdparty / strongswan.git / commitdiff
