From: Reto Buerki Date: Mon, 19 Nov 2012 16:30:58 +0000 (+0100) Subject: Adapt test configurations X-Git-Tag: 5.0.2rc1~1^2~100 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=533177003c85fa3f2fd77afd7cf63e63ea0d75d7;p=thirdparty%2Fstrongswan.git Adapt test configurations Adapt test configurations to the new Debian-based system. --- diff --git a/testing/tests/af-alg/alg-camellia/evaltest.dat b/testing/tests/af-alg/alg-camellia/evaltest.dat index 72e3c5e29e..2096cb9945 100644 --- a/testing/tests/af-alg/alg-camellia/evaltest.dat +++ b/testing/tests/af-alg/alg-camellia/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/af-alg/rw-cert/evaltest.dat b/testing/tests/af-alg/rw-cert/evaltest.dat index f8cfb111b9..ba661975b1 100644 --- a/testing/tests/af-alg/rw-cert/evaltest.dat +++ b/testing/tests/af-alg/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat index 81e413f985..db5a762042 100644 --- a/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-serpent/evaltest.dat @@ -4,7 +4,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: SERPENT_CBC_256/HMAC_SHA2_512_256::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES carol::ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES moon:: ipsec statusall 2> /dev/null::SERPENT_CBC_256/HMAC_SHA2_512_256,::YES carol::ip xfrm state::enc cbc(serpent)::YES diff --git a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat index 7003977f9e..ac3b5e0b00 100644 --- a/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat +++ b/testing/tests/gcrypt-ikev1/alg-twofish/evaltest.dat @@ -4,7 +4,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: TWOFISH_CBC_256/HMAC_SHA2_512_256::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES carol::ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES moon:: ipsec statusall 2> /dev/null::TWOFISH_CBC_256/HMAC_SHA2_512_256,::YES carol::ip xfrm state::enc cbc(twofish)::YES diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat index d82b68dcbe..5f0bb3cdc2 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat +++ b/testing/tests/gcrypt-ikev2/alg-camellia/evaltest.dat @@ -4,7 +4,7 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA2_384_192::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat index b545c2289b..2342d024b2 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat +++ b/testing/tests/gcrypt-ikev2/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ha/both-active/evaltest.dat b/testing/tests/ha/both-active/evaltest.dat index 36d72ff97c..89e5f4b6e3 100644 --- a/testing/tests/ha/both-active/evaltest.dat +++ b/testing/tests/ha/both-active/evaltest.dat @@ -8,8 +8,8 @@ alice::cat /var/log/daemon.log::HA segment 1 activated::YES moon:: cat /var/log/daemon.log::HA segment 2 activated::YES alice::cat /var/log/daemon.log::handling HA CHILD_SA::YES moon:: cat /var/log/daemon.log::installed HA CHILD_SA::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES carol::tcpdump::IP mars.strongswan.org > carol.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > mars.strongswan.org: ESP::YES diff --git a/testing/tests/ha/both-active/posttest.dat b/testing/tests/ha/both-active/posttest.dat index 49bf760550..ea03fbdd06 100644 --- a/testing/tests/ha/both-active/posttest.dat +++ b/testing/tests/ha/both-active/posttest.dat @@ -10,7 +10,7 @@ moon::ip addr del 192.168.0.5/24 dev eth0 moon::ip addr del 10.1.0.5/16 dev eth1 alice::ip addr del 192.168.0.5/24 dev eth1 alice::ip addr del 10.1.0.5/16 dev eth0 -alice::/etc/init.d/net.eth1 stop +alice::ifdown eth1 venus::ip route del default via 10.1.0.5 dev eth0 venus::ip route add default via 10.1.0.1 dev eth0 moon::conntrack -F diff --git a/testing/tests/ha/both-active/pretest.dat b/testing/tests/ha/both-active/pretest.dat index e2e5098551..bb276f0021 100644 --- a/testing/tests/ha/both-active/pretest.dat +++ b/testing/tests/ha/both-active/pretest.dat @@ -1,6 +1,6 @@ moon::ip addr add 192.168.0.5/24 dev eth0 moon::ip addr add 10.1.0.5/16 dev eth1 -alice::/etc/init.d/net.eth1 start +alice::ifup eth1 alice::ip addr add 192.168.0.5/24 dev eth1 alice::ip addr add 10.1.0.5/16 dev eth0 venus::ip route del default via 10.1.0.1 dev eth0 diff --git a/testing/tests/ike/rw-cert/evaltest.dat b/testing/tests/ike/rw-cert/evaltest.dat index c8fcb2370b..e431ce5334 100644 --- a/testing/tests/ike/rw-cert/evaltest.dat +++ b/testing/tests/ike/rw-cert/evaltest.dat @@ -10,8 +10,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ike/rw_v1-net_v2/evaltest.dat b/testing/tests/ike/rw_v1-net_v2/evaltest.dat index f12b19e3dd..847a2d92d7 100644 --- a/testing/tests/ike/rw_v1-net_v2/evaltest.dat +++ b/testing/tests/ike/rw_v1-net_v2/evaltest.dat @@ -2,13 +2,13 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/alg-3des-md5/evaltest.dat b/testing/tests/ikev1/alg-3des-md5/evaltest.dat index a553ff1688..abd29e97e9 100644 --- a/testing/tests/ikev1/alg-3des-md5/evaltest.dat +++ b/testing/tests/ikev1/alg-3des-md5/evaltest.dat @@ -4,12 +4,12 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES carol::ipsec status 2> /dev/null::home.*INSTALLED::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES moon:: ip xfrm state::enc cbc(des3_ede)::YES carol::ip xfrm state::enc cbc(des3_ede)::YES -moon:: ip xfrm state::auth hmac(md5)::YES -carol::ip xfrm state::auth hmac(md5)::YES +moon:: ip xfrm state::auth-trunc hmac(md5)::YES +carol::ip xfrm state::auth-trunc hmac(md5)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat index 3787bdb68c..cd83c56b4b 100644 --- a/testing/tests/ikev1/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat index c07c176b59..8230ee30c7 100644 --- a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat +++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat index 7b5640af80..eba856742e 100644 --- a/testing/tests/ikev1/alg-sha256/evaltest.dat +++ b/testing/tests/ikev1/alg-sha256/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES -moon:: ip xfrm state::auth hmac(sha256)::YES -carol::ip xfrm state::auth hmac(sha256)::YES +moon:: ip xfrm state::auth-trunc hmac(sha256)::YES +carol::ip xfrm state::auth-trunc hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat index 21b3d5a4fe..3b24217c5e 100644 --- a/testing/tests/ikev1/alg-sha384/evaltest.dat +++ b/testing/tests/ikev1/alg-sha384/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES -moon:: ip xfrm state::auth hmac(sha384)::YES -carol::ip xfrm state::auth hmac(sha384)::YES +moon:: ip xfrm state::auth-trunc hmac(sha384)::YES +carol::ip xfrm state::auth-trunc hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev1/alg-sha512/evaltest.dat b/testing/tests/ikev1/alg-sha512/evaltest.dat index 7b94d21827..6bdceeb447 100644 --- a/testing/tests/ikev1/alg-sha512/evaltest.dat +++ b/testing/tests/ikev1/alg-sha512/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES -moon:: ip xfrm state::auth hmac(sha512)::YES -carol::ip xfrm state::auth hmac(sha512)::YES +moon:: ip xfrm state::auth-trunc hmac(sha512)::YES +carol::ip xfrm state::auth-trunc hmac(sha512)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/ikev1/config-payload/evaltest.dat b/testing/tests/ikev1/config-payload/evaltest.dat index a429e9b32b..b46dfddf65 100644 --- a/testing/tests/ikev1/config-payload/evaltest.dat +++ b/testing/tests/ikev1/config-payload/evaltest.dat @@ -5,13 +5,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev1/double-nat-net/evaltest.dat b/testing/tests/ikev1/double-nat-net/evaltest.dat index 05dc82d701..52c5619647 100644 --- a/testing/tests/ikev1/double-nat-net/evaltest.dat +++ b/testing/tests/ikev1/double-nat-net/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES -alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev1/double-nat/evaltest.dat b/testing/tests/ikev1/double-nat/evaltest.dat index b080482f94..9ddad2de52 100644 --- a/testing/tests/ikev1/double-nat/evaltest.dat +++ b/testing/tests/ikev1/double-nat/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev1/dynamic-initiator/evaltest.dat b/testing/tests/ikev1/dynamic-initiator/evaltest.dat index f22f1247f9..61546f4179 100644 --- a/testing/tests/ikev1/dynamic-initiator/evaltest.dat +++ b/testing/tests/ikev1/dynamic-initiator/evaltest.dat @@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol@strongswan.org.*due to uniqueness policy::YES moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/dynamic-initiator/posttest.dat b/testing/tests/ikev1/dynamic-initiator/posttest.dat index 4dbf3d4a43..32ac12ddcf 100644 --- a/testing/tests/ikev1/dynamic-initiator/posttest.dat +++ b/testing/tests/ikev1/dynamic-initiator/posttest.dat @@ -2,8 +2,6 @@ dave::ipsec stop carol::ipsec stop dave::sleep 1 moon::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null -dave::/etc/init.d/iptables stop 2> /dev/null +carol::iptables-restore < /etc/iptables.flush dave::rm /etc/ipsec.d/certs/* dave::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev1/dynamic-initiator/pretest.dat b/testing/tests/ikev1/dynamic-initiator/pretest.dat index 92681011fe..9aadb2a4cf 100644 --- a/testing/tests/ikev1/dynamic-initiator/pretest.dat +++ b/testing/tests/ikev1/dynamic-initiator/pretest.dat @@ -1,6 +1,4 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -dave::/etc/init.d/iptables start 2> /dev/null +carol::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start @@ -10,4 +8,4 @@ carol::sleep 1 carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT dave::ipsec up moon -dave::sleep 2 +dave::sleep 2 diff --git a/testing/tests/ikev1/dynamic-responder/evaltest.dat b/testing/tests/ikev1/dynamic-responder/evaltest.dat index f22f1247f9..61546f4179 100644 --- a/testing/tests/ikev1/dynamic-responder/evaltest.dat +++ b/testing/tests/ikev1/dynamic-responder/evaltest.dat @@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES moon:: cat /var/log/daemon.log::deleting duplicate IKE_SA for.*carol@strongswan.org.*due to uniqueness policy::YES moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/dynamic-responder/posttest.dat b/testing/tests/ikev1/dynamic-responder/posttest.dat index 4dbf3d4a43..32ac12ddcf 100644 --- a/testing/tests/ikev1/dynamic-responder/posttest.dat +++ b/testing/tests/ikev1/dynamic-responder/posttest.dat @@ -2,8 +2,6 @@ dave::ipsec stop carol::ipsec stop dave::sleep 1 moon::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null -dave::/etc/init.d/iptables stop 2> /dev/null +carol::iptables-restore < /etc/iptables.flush dave::rm /etc/ipsec.d/certs/* dave::rm /etc/ipsec.d/private/* diff --git a/testing/tests/ikev1/dynamic-responder/pretest.dat b/testing/tests/ikev1/dynamic-responder/pretest.dat index c0f166ff40..8dc744f9ab 100644 --- a/testing/tests/ikev1/dynamic-responder/pretest.dat +++ b/testing/tests/ikev1/dynamic-responder/pretest.dat @@ -1,6 +1,4 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -dave::/etc/init.d/iptables start 2> /dev/null +carol::iptables-restore < /etc/iptables.rules carol::ipsec start dave::ipsec start moon::ipsec start @@ -10,4 +8,4 @@ moon::sleep 1 carol::iptables -D INPUT -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT dave::ipsec up moon -dave::sleep 2 +dave::sleep 2 diff --git a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat index 1d5ff68ecd..82d2e73183 100644 --- a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat +++ b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat index 6f7c137040..6489201053 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128::YES carol::ipsec statusall 2> /dev/null::AES_CCM_12_128::YES carol::ip xfrm state::aead rfc4309(ccm(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat index 9a8b46897f..c86f58081a 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES carol::ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES moon:: ip xfrm state::rfc3686(ctr(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat index 9d5fb7cc35..a7f52c72e4 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256::YES carol::ipsec statusall 2> /dev/null::AES_GCM_16_256::YES carol::ip xfrm state::aead rfc4106(gcm(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat index 74150fb04b..d5d3bc0d32 100644 --- a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ip xfrm state::aead rfc4543(gcm(aes))::YES diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat index 6f5b893324..b466813fe4 100644 --- a/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat @@ -2,10 +2,10 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES carol::ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES moon:: ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES -carol::ip xfrm state::auth xcbc(aes)::YES -moon:: ip xfrm state::auth xcbc(aes)::YES +carol::ip xfrm state::auth-trunc xcbc(aes)::YES +moon:: ip xfrm state::auth-trunc xcbc(aes)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat index 937d85ed2b..1b9c6c27e9 100644 --- a/testing/tests/ikev1/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES diff --git a/testing/tests/ikev1/host2host-cert/evaltest.dat b/testing/tests/ikev1/host2host-cert/evaltest.dat index 53e5589cab..3305f4558f 100644 --- a/testing/tests/ikev1/host2host-cert/evaltest.dat +++ b/testing/tests/ikev1/host2host-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/host2host-transport/evaltest.dat b/testing/tests/ikev1/host2host-transport/evaltest.dat index 3021b5e045..fc49e57d89 100644 --- a/testing/tests/ikev1/host2host-transport/evaltest.dat +++ b/testing/tests/ikev1/host2host-transport/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/ip-pool-db/evaltest.dat b/testing/tests/ikev1/ip-pool-db/evaltest.dat index 941cb34c06..42e3530846 100644 --- a/testing/tests/ikev1/ip-pool-db/evaltest.dat +++ b/testing/tests/ikev1/ip-pool-db/evaltest.dat @@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES @@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat index db46646a6e..1fdc3f0870 100644 --- a/testing/tests/ikev1/ip-pool/evaltest.dat +++ b/testing/tests/ikev1/ip-pool/evaltest.dat @@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev1/nat-rw/evaltest.dat b/testing/tests/ikev1/nat-rw/evaltest.dat index e0b458dba1..387dbae232 100644 --- a/testing/tests/ikev1/nat-rw/evaltest.dat +++ b/testing/tests/ikev1/nat-rw/evaltest.dat @@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES moon:: sleep 6::no output expected::NO -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES alice::cat /var/log/daemon.log::sending keep alive::YES venus::cat /var/log/daemon.log::sending keep alive::YES diff --git a/testing/tests/ikev1/net2net-cert/evaltest.dat b/testing/tests/ikev1/net2net-cert/evaltest.dat index c98f5d78de..2b37cad994 100644 --- a/testing/tests/ikev1/net2net-cert/evaltest.dat +++ b/testing/tests/ikev1/net2net-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/net2net-psk/evaltest.dat b/testing/tests/ikev1/net2net-psk/evaltest.dat index c98f5d78de..2b37cad994 100644 --- a/testing/tests/ikev1/net2net-psk/evaltest.dat +++ b/testing/tests/ikev1/net2net-psk/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/protoport-dual/evaltest.dat b/testing/tests/ikev1/protoport-dual/evaltest.dat index a65460cc8d..cf45f3b528 100644 --- a/testing/tests/ikev1/protoport-dual/evaltest.dat +++ b/testing/tests/ikev1/protoport-dual/evaltest.dat @@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat index f8cfb111b9..ba661975b1 100644 --- a/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat +++ b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-cert-unity/evaltest.dat b/testing/tests/ikev1/rw-cert-unity/evaltest.dat index b6a860b866..c183f48e97 100644 --- a/testing/tests/ikev1/rw-cert-unity/evaltest.dat +++ b/testing/tests/ikev1/rw-cert-unity/evaltest.dat @@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::10.2.1.1/32 === 192.168.0.0/24 PASS::YES carol::ipsec status 2> /dev/null::home.*10.2.1.1/32 === 10.1.0.0/16 10.2.1.0/24::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 10.2.1.0/24 === 10.2.1.1/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-cert/evaltest.dat b/testing/tests/ikev1/rw-cert/evaltest.dat index f8cfb111b9..ba661975b1 100644 --- a/testing/tests/ikev1/rw-cert/evaltest.dat +++ b/testing/tests/ikev1/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat index b545c2289b..2342d024b2 100644 --- a/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat +++ b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat index ef964a2344..77f548848b 100644 --- a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat index d56c5220f1..df37719e94 100644 --- a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/virtual-ip/evaltest.dat b/testing/tests/ikev1/virtual-ip/evaltest.dat index dd3143ae77..0f5df71d7b 100644 --- a/testing/tests/ikev1/virtual-ip/evaltest.dat +++ b/testing/tests/ikev1/virtual-ip/evaltest.dat @@ -14,12 +14,12 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::src PH_IP_DAVE1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES +moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat index 02ed911baf..cd4ebd8ecc 100644 --- a/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat index 5b021a09a2..34c124c957 100644 --- a/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-aggressive/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat index 198dd3782f..7604a1527b 100644 --- a/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-config/evaltest.dat @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YE moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat index 5b021a09a2..34c124c957 100644 --- a/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat +++ b/testing/tests/ikev1/xauth-id-rsa-hybrid/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-psk/evaltest.dat b/testing/tests/ikev1/xauth-psk/evaltest.dat index 988a6c5414..c6637cbfe7 100644 --- a/testing/tests/ikev1/xauth-psk/evaltest.dat +++ b/testing/tests/ikev1/xauth-psk/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat index 0591e22b6d..d568273d17 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/evaltest.dat @@ -5,6 +5,6 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default index 802fcfd8d0..dd0825858a 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default @@ -41,4 +41,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/posttest.dat b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/posttest.dat index 920d6a20de..6c3d14592c 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/posttest.dat +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/posttest.dat @@ -1,5 +1,5 @@ moon::ipsec stop carol::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat index 280d62e3c1..c9b389e65c 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat +++ b/testing/tests/ikev1/xauth-rsa-eap-md5-radius/pretest.dat @@ -1,6 +1,6 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null -alice::/etc/init.d/radiusd start +alice::radiusd moon::ipsec start carol::ipsec start carol::sleep 1 diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat index 988a6c5414..c6637cbfe7 100644 --- a/testing/tests/ikev1/xauth-rsa/evaltest.dat +++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat index 3efaa5a989..427aa74da1 100644 --- a/testing/tests/ikev2/after-2038-certs/evaltest.dat +++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/alg-3des-md5/evaltest.dat b/testing/tests/ikev2/alg-3des-md5/evaltest.dat index a553ff1688..abd29e97e9 100644 --- a/testing/tests/ikev2/alg-3des-md5/evaltest.dat +++ b/testing/tests/ikev2/alg-3des-md5/evaltest.dat @@ -4,12 +4,12 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES carol::ipsec status 2> /dev/null::home.*INSTALLED::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES moon:: ip xfrm state::enc cbc(des3_ede)::YES carol::ip xfrm state::enc cbc(des3_ede)::YES -moon:: ip xfrm state::auth hmac(md5)::YES -carol::ip xfrm state::auth hmac(md5)::YES +moon:: ip xfrm state::auth-trunc hmac(md5)::YES +carol::ip xfrm state::auth-trunc hmac(md5)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat index e2cf773eae..5a14b98d62 100644 --- a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES diff --git a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat index 177e0ea623..6a5203a2d6 100644 --- a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES diff --git a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat index 39f8b1cc4f..ce27fcc05e 100644 --- a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat index 7a98745289..f11018347c 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat @@ -4,11 +4,11 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES -moon:: ip xfrm state::auth xcbc(aes)::YES -carol::ip xfrm state::auth xcbc(aes)::YES +moon:: ip xfrm state::auth-trunc xcbc(aes)::YES +carol::ip xfrm state::auth-trunc xcbc(aes)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat index a458f02414..f76522c5c9 100644 --- a/testing/tests/ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat index 0acd6d2ce1..5e4ab98b37 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat +++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat index 4bbc82d9b2..6c4e237106 100644 --- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat @@ -6,10 +6,10 @@ moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES -moon:: ip xfrm state::auth hmac(sha256)::YES -carol::ip xfrm state::auth hmac(sha256)::YES +moon:: ip xfrm state::auth-trunc hmac(sha256)::YES +carol::ip xfrm state::auth-trunc hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat index 7b5640af80..eba856742e 100644 --- a/testing/tests/ikev2/alg-sha256/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES -moon:: ip xfrm state::auth hmac(sha256)::YES -carol::ip xfrm state::auth hmac(sha256)::YES +moon:: ip xfrm state::auth-trunc hmac(sha256)::YES +carol::ip xfrm state::auth-trunc hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat index 21b3d5a4fe..3b24217c5e 100644 --- a/testing/tests/ikev2/alg-sha384/evaltest.dat +++ b/testing/tests/ikev2/alg-sha384/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES -moon:: ip xfrm state::auth hmac(sha384)::YES -carol::ip xfrm state::auth hmac(sha384)::YES +moon:: ip xfrm state::auth-trunc hmac(sha384)::YES +carol::ip xfrm state::auth-trunc hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev2/alg-sha512/evaltest.dat b/testing/tests/ikev2/alg-sha512/evaltest.dat index 7b94d21827..6bdceeb447 100644 --- a/testing/tests/ikev2/alg-sha512/evaltest.dat +++ b/testing/tests/ikev2/alg-sha512/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES -moon:: ip xfrm state::auth hmac(sha512)::YES -carol::ip xfrm state::auth hmac(sha512)::YES +moon:: ip xfrm state::auth-trunc hmac(sha512)::YES +carol::ip xfrm state::auth-trunc hmac(sha512)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat index 3c41a596c2..b6a1c96a6c 100644 --- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat +++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat @@ -3,13 +3,13 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index a429e9b32b..b46dfddf65 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -5,13 +5,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat index 1c206fff0a..4df2d1e112 100644 --- a/testing/tests/ikev2/default-keys/evaltest.dat +++ b/testing/tests/ikev2/default-keys/evaltest.dat @@ -4,6 +4,6 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat index 88f9a2ca93..54da4730d0 100644 --- a/testing/tests/ikev2/default-keys/pretest.dat +++ b/testing/tests/ikev2/default-keys/pretest.dat @@ -10,9 +10,10 @@ moon::rm /etc/ipsec.d/private/* moon::rm /etc/ipsec.d/certs/* moon::rm /etc/ipsec.d/cacerts/* moon::ipsec start -moon::sleep 5 +moon::sleep 5 moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der -moon::ipsec reload -carol::ipsec reload +moon::ipsec reload +carol::ipsec reload +carol::sleep 1 carol::ipsec up home diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat index 4b0ddace70..252c030f8c 100644 --- a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES @@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES -alice::tcpdump::arp reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo request::YES alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo reply::YES -alice::tcpdump::arp reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo request::YES alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf similarity index 55% rename from testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf rename to testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf index 2176af7027..7a178505f0 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcp/dhcpd.conf @@ -4,11 +4,11 @@ ddns-update-style none; subnet 10.1.0.0 netmask 255.255.0.0 { option domain-name "strongswan.org"; - option domain-name-servers 10.1.0.20; - option netbios-name-servers 10.1.0.10; - option routers 10.1.0.1; + option domain-name-servers PH_IP_VENUS; + option netbios-name-servers PH_IP_ALICE; + option routers PH_IP_MOON1; option broadcast-address 10.1.255.255; - next-server 10.1.0.20; + next-server PH_IP_VENUS; range 10.1.0.50 10.1.0.60; } diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf index 2d35dfd641..ec8c945a7f 100644 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf @@ -1,7 +1,7 @@ interface=eth0 dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255 -dhcp-option=option:router,10.1.0.1 -dhcp-option=option:dns-server,10.1.0.20 -dhcp-option=option:netbios-ns,10.1.0.10 +dhcp-option=option:router,PH_IP_MOON1 +dhcp-option=option:dns-server,PH_IP_VENUS +dhcp-option=option:netbios-ns,PH_IP_ALICE dhcp-option=option:domain-name,strongswan.org log-dhcp diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat index 1f54875969..24986c62b1 100644 --- a/testing/tests/ikev2/dhcp-dynamic/posttest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat @@ -2,7 +2,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop venus::cat /var/state/dhcp/dhcpd.leases -venus::/etc/init.d/dhcpd stop 2> /dev/null +venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat index bd36b4fe3e..60729fcff0 100644 --- a/testing/tests/ikev2/dhcp-dynamic/pretest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat @@ -1,12 +1,12 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -venus::cat /etc/dhcpd.conf -venus::/etc/init.d/dhcpd start 2> /dev/null +venus::cat /etc/dhcp/dhcpd.conf +venus::/etc/init.d/isc-dhcp-server start 2> /dev/null carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::sleep 2 carol::ipsec up home dave::ipsec up home carol::sleep 1 diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat index 830094c7a7..efb7b89968 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES @@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES -alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES -alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcp/dhcpd.conf similarity index 70% rename from testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf rename to testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcp/dhcpd.conf index 44ee681b6f..334ea30e2d 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcp/dhcpd.conf @@ -4,11 +4,11 @@ ddns-update-style none; subnet 10.1.0.0 netmask 255.255.0.0 { option domain-name "strongswan.org"; - option domain-name-servers 10.1.0.20; - option netbios-name-servers 10.1.0.10; - option routers 10.1.0.1; + option domain-name-servers PH_IP_VENUS; + option netbios-name-servers PH_IP_ALICE; + option routers PH_IP_MOON1; option broadcast-address 10.1.255.255; - next-server 10.1.0.20; + next-server PH_IP_VENUS; range 10.1.0.50 10.1.0.60; } @@ -22,4 +22,3 @@ host dave { option dhcp-client-identifier "dave@strongswan.org"; fixed-address 10.1.0.40; } - diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf index 5672236a08..aca225955d 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf @@ -2,8 +2,8 @@ interface=eth0 dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255 dhcp-host=id:carol@strongswan.org,10.1.0.30 dhcp-host=id:dave@strongswan.org,10.1.0.40 -dhcp-option=option:router,10.1.0.1 -dhcp-option=option:dns-server,10.1.0.20 -dhcp-option=option:netbios-ns,10.1.0.10 +dhcp-option=option:router,PH_IP_MOON1 +dhcp-option=option:dns-server,PH_IP_VENUS +dhcp-option=option:netbios-ns,PH_IP_ALICE dhcp-option=option:domain-name,strongswan.org log-dhcp diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat index e1aadc618d..497e908041 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -venus::/etc/init.d/dhcpd stop 2> /dev/null +venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat index bd36b4fe3e..60729fcff0 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat @@ -1,12 +1,12 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -venus::cat /etc/dhcpd.conf -venus::/etc/init.d/dhcpd start 2> /dev/null +venus::cat /etc/dhcp/dhcpd.conf +venus::/etc/init.d/isc-dhcp-server start 2> /dev/null carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::sleep 2 carol::ipsec up home dave::ipsec up home carol::sleep 1 diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat index 830094c7a7..efb7b89968 100644 --- a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES @@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES -alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES -alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcp/dhcpd.conf similarity index 71% rename from testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf rename to testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcp/dhcpd.conf index 20666f7018..cdade2f2e6 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcp/dhcpd.conf @@ -4,11 +4,11 @@ ddns-update-style none; subnet 10.1.0.0 netmask 255.255.0.0 { option domain-name "strongswan.org"; - option domain-name-servers 10.1.0.20; - option netbios-name-servers 10.1.0.10; - option routers 10.1.0.1; + option domain-name-servers PH_IP_VENUS; + option netbios-name-servers PH_IP_ALICE; + option routers PH_IP_MOON1; option broadcast-address 10.1.255.255; - next-server 10.1.0.20; + next-server PH_IP_VENUS; range 10.1.0.50 10.1.0.60; } @@ -22,4 +22,3 @@ host dave { hardware ethernet 7a:a7:35:78:bc:85; fixed-address 10.1.0.40; } - diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf index e3729081f5..61d31a0bab 100644 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf @@ -2,8 +2,8 @@ interface=eth0 dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255 dhcp-host=7a:a7:8f:fc:db:3b,10.1.0.30 dhcp-host=7a:a7:35:78:bc:85,10.1.0.40 -dhcp-option=option:router,10.1.0.1 -dhcp-option=option:dns-server,10.1.0.20 -dhcp-option=option:netbios-ns,10.1.0.10 +dhcp-option=option:router,PH_IP_MOON1 +dhcp-option=option:dns-server,PH_IP_VENUS +dhcp-option=option:netbios-ns,PH_IP_ALICE dhcp-option=option:domain-name,strongswan.org log-dhcp diff --git a/testing/tests/ikev2/dhcp-static-mac/posttest.dat b/testing/tests/ikev2/dhcp-static-mac/posttest.dat index e1aadc618d..497e908041 100644 --- a/testing/tests/ikev2/dhcp-static-mac/posttest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -venus::/etc/init.d/dhcpd stop 2> /dev/null +venus::/etc/init.d/isc-dhcp-server stop 2> /dev/null moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat index bd36b4fe3e..60729fcff0 100644 --- a/testing/tests/ikev2/dhcp-static-mac/pretest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat @@ -1,12 +1,12 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -venus::cat /etc/dhcpd.conf -venus::/etc/init.d/dhcpd start 2> /dev/null +venus::cat /etc/dhcp/dhcpd.conf +venus::/etc/init.d/isc-dhcp-server start 2> /dev/null carol::ipsec start dave::ipsec start moon::ipsec start -carol::sleep 2 +carol::sleep 2 carol::ipsec up home dave::ipsec up home carol::sleep 1 diff --git a/testing/tests/ikev2/double-nat-net/evaltest.dat b/testing/tests/ikev2/double-nat-net/evaltest.dat index 05dc82d701..52c5619647 100644 --- a/testing/tests/ikev2/double-nat-net/evaltest.dat +++ b/testing/tests/ikev2/double-nat-net/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES -alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/double-nat/evaltest.dat b/testing/tests/ikev2/double-nat/evaltest.dat index b080482f94..9ddad2de52 100644 --- a/testing/tests/ikev2/double-nat/evaltest.dat +++ b/testing/tests/ikev2/double-nat/evaltest.dat @@ -2,6 +2,6 @@ alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@ bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/dynamic-initiator/evaltest.dat b/testing/tests/ikev2/dynamic-initiator/evaltest.dat index 9d050ecde9..3db70be714 100644 --- a/testing/tests/ikev2/dynamic-initiator/evaltest.dat +++ b/testing/tests/ikev2/dynamic-initiator/evaltest.dat @@ -5,6 +5,6 @@ dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES moon:: cat /var/log/daemon.log::destroying duplicate IKE_SA for.*carol@strongswan.org.*received INITIAL_CONTACT::YES moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/dynamic-two-peers/evaltest.dat b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat index 1d5ff68ecd..82d2e73183 100644 --- a/testing/tests/ikev2/dynamic-two-peers/evaltest.dat +++ b/testing/tests/ikev2/dynamic-two-peers/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::dave.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat index 74150fb04b..d5d3bc0d32 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ip xfrm state::aead rfc4543(gcm(aes))::YES diff --git a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat index a66edc5fe9..366539936c 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat @@ -2,10 +2,10 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES -moon:: ip xfrm state::auth hmac(md5)::YES -carol::ip xfrm state::auth hmac(md5)::YES +moon:: ip xfrm state::auth-trunc hmac(md5)::YES +carol::ip xfrm state::auth-trunc hmac(md5)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat index 937d85ed2b..1b9c6c27e9 100644 --- a/testing/tests/ikev2/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES diff --git a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat index 52c27cba58..00c353686d 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat @@ -2,10 +2,10 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES -moon:: ip xfrm state::auth hmac(sha1)::YES -carol::ip xfrm state::auth hmac(sha1)::YES +moon:: ip xfrm state::auth-trunc hmac(sha1)::YES +carol::ip xfrm state::auth-trunc hmac(sha1)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 204::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 204::YES diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat index 21b10d1703..cc941307a1 100644 --- a/testing/tests/ikev2/farp/evaltest.dat +++ b/testing/tests/ikev2/farp/evaltest.dat @@ -1,11 +1,11 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_req=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES @@ -14,12 +14,12 @@ moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES -alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES -alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::ARP, Reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat index d7fe707ab0..36af646d24 100644 --- a/testing/tests/ikev2/force-udp-encaps/evaltest.dat +++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat @@ -3,6 +3,6 @@ sun:: ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES -alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES +alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > alice.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/host2host-cert/evaltest.dat b/testing/tests/ikev2/host2host-cert/evaltest.dat index 53e5589cab..3305f4558f 100644 --- a/testing/tests/ikev2/host2host-cert/evaltest.dat +++ b/testing/tests/ikev2/host2host-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-swapped/evaltest.dat b/testing/tests/ikev2/host2host-swapped/evaltest.dat index 53e5589cab..3305f4558f 100644 --- a/testing/tests/ikev2/host2host-swapped/evaltest.dat +++ b/testing/tests/ikev2/host2host-swapped/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat index 3021b5e045..fc49e57d89 100644 --- a/testing/tests/ikev2/host2host-transport/evaltest.dat +++ b/testing/tests/ikev2/host2host-transport/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*su sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat index dceceaef69..221c593186 100644 --- a/testing/tests/ikev2/inactivity-timeout/evaltest.dat +++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat @@ -1,8 +1,8 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES carol::sleep 15::NO carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO carol::ipsec status 2> /dev/null::home.*INSTALLED::NO -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::NO +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/inactivity-timeout/posttest.dat b/testing/tests/ikev2/inactivity-timeout/posttest.dat index 94a400606a..6ca9c5b350 100644 --- a/testing/tests/ikev2/inactivity-timeout/posttest.dat +++ b/testing/tests/ikev2/inactivity-timeout/posttest.dat @@ -1,4 +1,3 @@ moon::ipsec stop carol::ipsec stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null +carol::iptables-restore < /etc/iptables.flush diff --git a/testing/tests/ikev2/inactivity-timeout/pretest.dat b/testing/tests/ikev2/inactivity-timeout/pretest.dat index 3c3df01967..b949aaeafe 100644 --- a/testing/tests/ikev2/inactivity-timeout/pretest.dat +++ b/testing/tests/ikev2/inactivity-timeout/pretest.dat @@ -1,7 +1,6 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null +carol::iptables-restore < /etc/iptables.rules moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::sleep 1 carol::ipsec up home carol::sleep 1 diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat index 941cb34c06..42e3530846 100644 --- a/testing/tests/ikev2/ip-pool-db/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat @@ -6,7 +6,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES @@ -15,7 +15,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev2/ip-pool-wish/evaltest.dat b/testing/tests/ikev2/ip-pool-wish/evaltest.dat index fd15d52097..44310cd16b 100644 --- a/testing/tests/ikev2/ip-pool-wish/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-wish/evaltest.dat @@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org.::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/ikev2/ip-pool/evaltest.dat b/testing/tests/ikev2/ip-pool/evaltest.dat index db46646a6e..8ea7960b5f 100644 --- a/testing/tests/ikev2/ip-pool/evaltest.dat +++ b/testing/tests/ikev2/ip-pool/evaltest.dat @@ -3,19 +3,19 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES moon:: ipsec leases 10.3.0.0/28 2> /dev/null::2/14, 2 online::YES -moon:: ipsec leases 10.3.0.0/28 10.3.0.1 2> /dev/null::carol@strongswan.org::YES -moon:: ipsec leases 10.3.0.0/28 10.3.0.2 2> /dev/null::dave@strongswan.org::YES +moon:: ipsec leases 10.3.0.0/28 PH_IP_CAROL1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec leases 10.3.0.0/28 PH_IP_DAVE1 2> /dev/null::dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP diff --git a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat index fd0413d113..fdc3d4d3f9 100644 --- a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat @@ -28,10 +28,10 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/res dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES -alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES -dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES +alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES +dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES +alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES +dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_req=1::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat index 3b09b32bdb..0d7a36452e 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat @@ -13,8 +13,8 @@ moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.* moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES -carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES -alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat index 7a0c1ed6ff..0bf3500b59 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6/evaltest.dat @@ -5,5 +5,5 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES -carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat index fafe030c1d..bb20cae058 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6/posttest.dat @@ -1,5 +1,4 @@ alice::ip -6 route del default via fec1:\:1 carol::ipsec stop -moon::echo 0 > /proc/sys/net/ipv6/conf/all/forwarding moon::ipsec stop moon::conntrack -F diff --git a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat index f97ff54b5c..04139badf0 100644 --- a/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat +++ b/testing/tests/ikev2/ip-two-pools-v4v6/pretest.dat @@ -1,5 +1,4 @@ alice::ip -6 route add default via fec1:\:1 -moon::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding moon::ipsec start carol::ipsec start carol::sleep 2 diff --git a/testing/tests/ikev2/ip-two-pools/evaltest.dat b/testing/tests/ikev2/ip-two-pools/evaltest.dat index 5de62e447f..fad3781d7b 100644 --- a/testing/tests/ikev2/ip-two-pools/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools/evaltest.dat @@ -10,12 +10,12 @@ moon:: cat /var/log/daemon.log::adding virtual IP address pool.*10.4.0.0/28::YES moon:: cat /var/log/daemon.log::adding virtual IP address pool.*10.3.0.0/28::YES moon:: ipsec leases 10.3.0.0/28 2> /dev/null::1/14, 1 online::YES moon:: ipsec leases 10.4.0.0/28 2> /dev/null::1/14, 1 online::YES -moon:: ipsec leases 10.3.0.0/28 10.3.0.1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec leases 10.3.0.0/28 PH_IP_CAROL1 2> /dev/null::carol@strongswan.org::YES moon:: ipsec leases 10.4.0.0/28 10.4.0.1 2> /dev/null::alice@strongswan.org::YES -carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES +carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES -carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES -alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_req=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat index aded7a0405..c71e3f7c10 100644 --- a/testing/tests/ikev2/mobike-nat/evaltest.dat +++ b/testing/tests/ikev2/mobike-nat/evaltest.dat @@ -2,14 +2,14 @@ alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN:: sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -alice::/etc/init.d/net.eth1 stop::No output expected::NO +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ifdown eth1::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES moon::tcpdump::moon.strongswan.org.*sun.strongswan.org.*: UDP-encap: ESP.*seq=0x2::YES diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf index efbce1fb2a..ffb7f563a7 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf @@ -10,7 +10,7 @@ conn %default keyexchange=ikev2 conn mobike - left=PH_IP_ALICE1 + left=192.168.0.50 leftsourceip=%config leftcert=aliceCert.pem leftid=alice@strongswan.org diff --git a/testing/tests/ikev2/mobike-nat/pretest.dat b/testing/tests/ikev2/mobike-nat/pretest.dat index 08c2be95cf..ec7e5234f1 100644 --- a/testing/tests/ikev2/mobike-nat/pretest.dat +++ b/testing/tests/ikev2/mobike-nat/pretest.dat @@ -1,4 +1,4 @@ -alice::/etc/init.d/net.eth1 start +alice::ifup eth1 alice::/etc/init.d/iptables start 2> /dev/null sun::/etc/init.d/iptables start 2> /dev/null moon::conntrack -F @@ -7,6 +7,6 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to- moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 alice::ipsec start sun::ipsec start -alice::sleep 2 +alice::sleep 2 alice::ipsec up mobike alice::sleep 1 diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat index c4c7b0b6f3..17593ef825 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat @@ -1,15 +1,15 @@ -alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -alice::/etc/init.d/net.eth1 stop::No output expected::NO +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ifdown eth1::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES moon::tcpdump::alice.strongswan.org.*sun.strongswan.org.*: ESP.*seq=0x2::YES diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf index efbce1fb2a..ffb7f563a7 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf @@ -10,7 +10,7 @@ conn %default keyexchange=ikev2 conn mobike - left=PH_IP_ALICE1 + left=192.168.0.50 leftsourceip=%config leftcert=aliceCert.pem leftid=alice@strongswan.org diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf index eeee6ffb0d..2b0c8aebd6 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf @@ -14,7 +14,7 @@ conn mobike leftcert=sunCert.pem leftid=@sun.strongswan.org leftsubnet=10.2.0.0/16 - right=PH_IP_ALICE1 + right=192.168.0.50 rightsourceip=10.3.0.3 rightid=alice@strongswan.org auto=add diff --git a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat index 6666e77947..1ae84d94e6 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/pretest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/pretest.dat @@ -1,10 +1,10 @@ -alice::/etc/init.d/net.eth1 start +alice::ifup eth1 alice::/etc/init.d/iptables start 2> /dev/null sun::/etc/init.d/iptables start 2> /dev/null moon::echo 1 > /proc/sys/net/ipv4/ip_forward sun::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start -alice::sleep 2 +alice::sleep 2 alice::ipsec up mobike alice::sleep 1 diff --git a/testing/tests/ikev2/mobike/evaltest.dat b/testing/tests/ikev2/mobike/evaltest.dat index ebf5ad4cfe..e3464040e7 100644 --- a/testing/tests/ikev2/mobike/evaltest.dat +++ b/testing/tests/ikev2/mobike/evaltest.dat @@ -1,15 +1,15 @@ -alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall 2> /dev/null::PH_IP_ALICE1/32 === 10.2.0.0/16::YES -sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE1/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -alice::/etc/init.d/net.eth1 stop::No output expected::NO +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*192.168.0.50.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*192.168.0.50::YES +alice::ipsec statusall 2> /dev/null::192.168.0.50/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 192.168.0.50/32::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ifdown eth1::No output expected::NO alice::sleep 1::No output expected::NO alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES moon::tcpdump::alice.strongswan.org.*sun.strongswan.org: ESP.*seq=0x2::YES diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf index 66cbce781d..95683fdc3e 100644 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf @@ -10,7 +10,7 @@ conn %default keyexchange=ikev2 conn mobike - left=PH_IP_ALICE1 + left=192.168.0.50 leftcert=aliceCert.pem leftid=alice@strongswan.org right=PH_IP_SUN diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf index f3fa9209cd..f7693106ff 100644 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf @@ -14,6 +14,6 @@ conn mobike leftcert=sunCert.pem leftid=@sun.strongswan.org leftsubnet=10.2.0.0/16 - right=PH_IP_ALICE1 + right=192.168.0.50 rightid=alice@strongswan.org auto=add diff --git a/testing/tests/ikev2/mobike/posttest.dat b/testing/tests/ikev2/mobike/posttest.dat index 32fdf0053e..e71b349dfe 100644 --- a/testing/tests/ikev2/mobike/posttest.dat +++ b/testing/tests/ikev2/mobike/posttest.dat @@ -1,5 +1,3 @@ alice::ipsec stop sun::ipsec stop -alice::/etc/init.d/iptables stop 2> /dev/null -sun::/etc/init.d/iptables stop 2> /dev/null sun::ip route del 10.1.0.0/16 via PH_IP_MOON diff --git a/testing/tests/ikev2/mobike/pretest.dat b/testing/tests/ikev2/mobike/pretest.dat index 6666e77947..12f05d8faa 100644 --- a/testing/tests/ikev2/mobike/pretest.dat +++ b/testing/tests/ikev2/mobike/pretest.dat @@ -1,10 +1,7 @@ -alice::/etc/init.d/net.eth1 start -alice::/etc/init.d/iptables start 2> /dev/null -sun::/etc/init.d/iptables start 2> /dev/null -moon::echo 1 > /proc/sys/net/ipv4/ip_forward +alice::ifup eth1 sun::ip route add 10.1.0.0/16 via PH_IP_MOON alice::ipsec start sun::ipsec start -alice::sleep 2 +alice::sleep 2 alice::ipsec up mobike alice::sleep 1 diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat index 4a72b4392b..65a003d23f 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat @@ -6,7 +6,7 @@ moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001@strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::cat /var/log/daemon.log::authentication of .*dave@strongswan.org.* with RSA signature successful::YES @@ -18,4 +18,4 @@ moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 22806012345600 moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/eap.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/eap.conf new file mode 100644 index 0000000000..7d8023951b --- /dev/null +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/modules/sim_files b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/modules/sim_files new file mode 100644 index 0000000000..10c26aa150 --- /dev/null +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/modules/sim_files @@ -0,0 +1,3 @@ +sim_files { + simtriplets = "/etc/freeradius/triplets.dat" +} diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/sites-available/default index dfceb037d9..91425f812a 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/sites-available/default @@ -59,4 +59,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/triplets.dat similarity index 99% rename from testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/triplets.dat rename to testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/triplets.dat index 002ee94d1d..aaabab89eb 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/triplets.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/triplets.dat @@ -4,4 +4,3 @@ 228060123456002,33000000000000000000000000000000,33112233,335566778899AABB 228060123456002,34000000000000000000000000000000,34112233,345566778899AABB 228060123456002,35000000000000000000000000000000,35112233,355566778899AABB - diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/users b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/eap.conf deleted file mode 100644 index a2020424e1..0000000000 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/eap.conf +++ /dev/null @@ -1,5 +0,0 @@ -eap { - default_eap_type = sim - sim { - } -} diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index d77b818fe6..0000000000 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,123 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf - sim_files { - simtriplets = "/etc/raddb/triplets.dat" - } -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/posttest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/posttest.dat index dbe56013ae..6a4da66315 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/posttest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/posttest.dat @@ -1,7 +1,4 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -alice::/etc/init.d/radiusd stop -moon::/etc/init.d/iptables stop 2> /dev/null -carol::/etc/init.d/iptables stop 2> /dev/null -dave::/etc/init.d/iptables stop 2> /dev/null +alice::killall radiusd diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat index b3fd4cbf1d..2d54c6027e 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/pretest.dat @@ -1,11 +1,8 @@ -moon::/etc/init.d/iptables start 2> /dev/null -carol::/etc/init.d/iptables start 2> /dev/null -dave::/etc/init.d/iptables start 2> /dev/null -alice::cat /etc/raddb/clients.conf -alice::cat /etc/raddb/eap.conf -alice::cat /etc/raddb/proxy.conf -alice::cat /etc/raddb/triplets.dat -alice::/etc/init.d/radiusd start +alice::cat /etc/freeradius/clients.conf +alice::cat /etc/freeradius/eap.conf +alice::cat /etc/freeradius/proxy.conf +alice::cat /etc/freeradius/triplets.dat +alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/test.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/test.conf index 70416826e6..1cdb0b522f 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/test.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="moon" # Used for IPsec logging purposes # IPSECHOSTS="moon carol dave" + +# UML instances on which FreeRadius is started +# +RADIUSHOSTS="alice" diff --git a/testing/tests/ikev2/nat-rw-mark/description.txt b/testing/tests/ikev2/nat-rw-mark/description.txt index 2a93d11d87..b8074e6659 100644 --- a/testing/tests/ikev2/nat-rw-mark/description.txt +++ b/testing/tests/ikev2/nat-rw-mark/description.txt @@ -1,7 +1,7 @@ The roadwarriors alice and venus sitting behind the NAT router moon set up tunnels to gateway sun. UDP encapsulation is used to traverse the NAT router. Since both roadwarriors possess the same 10.1.0.0/25 subnet, gateway sun uses Source NAT -after ESP decryption to map these subnets to 10.3.0.10 and 10.3.0.20, respectively. +after ESP decryption to map these subnets to PH_IP_CAROL10 and PH_IP_DAVE10, respectively.

In order to differentiate between the tunnels to alice and venus, respectively, XFRM marks are defined for both the inbound and outbound IPsec SAs and policies using diff --git a/testing/tests/ikev2/nat-rw-mark/evaltest.dat b/testing/tests/ikev2/nat-rw-mark/evaltest.dat index db9e969d2c..bb8e856cce 100644 --- a/testing/tests/ikev2/nat-rw-mark/evaltest.dat +++ b/testing/tests/ikev2/nat-rw-mark/evaltest.dat @@ -6,13 +6,13 @@ sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@ sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.4510.*: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.4520.*: UDP::YES -bob::tcpdump::10.3.0.10 > bob.strongswan.org: ICMP echo request::YES -bob::tcpdump::10.3.0.20 > bob.strongswan.org: ICMP echo request::YES -bob::tcpdump::bob.strongswan.org > 10.3.0.10: ICMP echo reply::YES -bob::tcpdump::bob.strongswan.org > 10.3.0.20: ICMP echo reply::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4510.*: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.4520.*: UDP::YES +bob::tcpdump::PH_IP_CAROL10 > bob.strongswan.org: ICMP echo request::YES +bob::tcpdump::PH_IP_DAVE10 > bob.strongswan.org: ICMP echo request::YES +bob::tcpdump::bob.strongswan.org > PH_IP_CAROL10: ICMP echo reply::YES +bob::tcpdump::bob.strongswan.org > PH_IP_DAVE10: ICMP echo reply::YES diff --git a/testing/tests/ikev2/nat-rw-mark/posttest.dat b/testing/tests/ikev2/nat-rw-mark/posttest.dat index 89d5f534b6..2636ae8e38 100644 --- a/testing/tests/ikev2/nat-rw-mark/posttest.dat +++ b/testing/tests/ikev2/nat-rw-mark/posttest.dat @@ -5,7 +5,8 @@ venus::ipsec stop alice::/etc/init.d/iptables stop 2> /dev/null venus::/etc/init.d/iptables stop 2> /dev/null sun::/etc/init.d/iptables stop 2> /dev/null -moon::iptables -t nat -F +moon::iptables-restore < /etc/iptables.flush moon::conntrack -F +sun::iptables-restore < /etc/iptables.flush sun::conntrack -F sun::rm /etc/mark_updown diff --git a/testing/tests/ikev2/nat-rw-mark/pretest.dat b/testing/tests/ikev2/nat-rw-mark/pretest.dat index 3ed13d5fa3..17c77623a8 100644 --- a/testing/tests/ikev2/nat-rw-mark/pretest.dat +++ b/testing/tests/ikev2/nat-rw-mark/pretest.dat @@ -1,21 +1,20 @@ sun::/etc/init.d/iptables start 2> /dev/null alice::/etc/init.d/iptables start 2> /dev/null venus::/etc/init.d/iptables start 2> /dev/null -moon::echo 1 > /proc/sys/net/ipv4/ip_forward moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 500 -j SNAT --to PH_IP_MOON:510 moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_VENUS -p udp --sport 500 -j SNAT --to PH_IP_MOON:520 moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 4500 -j SNAT --to PH_IP_MOON:4510 moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_VENUS -p udp --sport 4500 -j SNAT --to PH_IP_MOON:4520 -sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3.0.10 -sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20 -sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 10 -sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 20 +sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to PH_IP_CAROL10 +sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to PH_IP_DAVE10 +sun::iptables -t mangle -A PREROUTING -d PH_IP_CAROL10 -j MARK --set-mark 10 +sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 20 sun::ipsec start alice::ipsec start venus::ipsec start -alice::sleep 2 +alice::sleep 2 alice::ipsec up nat-t -venus::sleep 2 +venus::sleep 2 venus::ipsec up nat-t venus::sleep 2 diff --git a/testing/tests/ikev2/nat-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-rw-psk/evaltest.dat index 051db978a7..6ec29c7791 100644 --- a/testing/tests/ikev2/nat-rw-psk/evaltest.dat +++ b/testing/tests/ikev2/nat-rw-psk/evaltest.dat @@ -3,7 +3,7 @@ venus::ipsec status 2> /dev/null::nat-t.*INSTALLED. TUNNEL, ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_ALICE\]::YES sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_VENUS\]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-rw/evaltest.dat b/testing/tests/ikev2/nat-rw/evaltest.dat index e0b458dba1..387dbae232 100644 --- a/testing/tests/ikev2/nat-rw/evaltest.dat +++ b/testing/tests/ikev2/nat-rw/evaltest.dat @@ -6,13 +6,13 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES moon:: sleep 6::no output expected::NO -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: isakmp-nat-keep-alive::YES alice::cat /var/log/daemon.log::sending keep alive::YES venus::cat /var/log/daemon.log::sending keep alive::YES diff --git a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat index 9c98e312ae..c60ffc7725 100644 --- a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat @@ -1,7 +1,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES diff --git a/testing/tests/ikev2/net2net-cert/evaltest.dat b/testing/tests/ikev2/net2net-cert/evaltest.dat index c98f5d78de..2b37cad994 100644 --- a/testing/tests/ikev2/net2net-cert/evaltest.dat +++ b/testing/tests/ikev2/net2net-cert/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat index 97dd63c5ac..460c659d95 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18: sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun .*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat index 4615c3ed84..f74eb6a198 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*b4: sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat index 1556143cfb..113c3d9c05 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*moon-be.*sun-be::YES moon:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*moon-ef.*sun-ef::YES sun:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*sun-be.*moon-be::YES sun:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*sun-ef.*moon-ef::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk/evaltest.dat b/testing/tests/ikev2/net2net-psk/evaltest.dat index c98f5d78de..2b37cad994 100644 --- a/testing/tests/ikev2/net2net-psk/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk/evaltest.dat @@ -2,6 +2,6 @@ moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun. sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.secrets index cbdddfb185..ba909a2343 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.secrets @@ -8,5 +8,5 @@ : PSK 'My "home" is my "castle"!' -192.168.0.1 : PSK "Andi's home" +PH_IP_MOON : PSK "Andi's home" diff --git a/testing/tests/ikev2/net2net-pubkey/evaltest.dat b/testing/tests/ikev2/net2net-pubkey/evaltest.dat index e47e709e24..bc03a39fbc 100644 --- a/testing/tests/ikev2/net2net-pubkey/evaltest.dat +++ b/testing/tests/ikev2/net2net-pubkey/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat index 59d0372dcb..e8e1a46e4e 100644 --- a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat +++ b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat @@ -1,15 +1,15 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES -moon:: cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES +moon:: cat /var/log/daemon.log::subject address block PH_IP_SUN/32 is contained in issuer address block 192.168.0.0/24::YES moon:: cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES moon:: cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES sun:: cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES -sun:: cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES +sun:: cat /var/log/daemon.log::subject address block PH_IP_MOON/32 is contained in issuer address block 192.168.0.0/24::YES sun:: cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES sun:: cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES moon:: cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES sun:: cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-route/evaltest.dat b/testing/tests/ikev2/net2net-route/evaltest.dat index 63d1cde243..77ab6e7c69 100644 --- a/testing/tests/ikev2/net2net-route/evaltest.dat +++ b/testing/tests/ikev2/net2net-route/evaltest.dat @@ -3,6 +3,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rsa/evaltest.dat b/testing/tests/ikev2/net2net-rsa/evaltest.dat index e47e709e24..bc03a39fbc 100644 --- a/testing/tests/ikev2/net2net-rsa/evaltest.dat +++ b/testing/tests/ikev2/net2net-rsa/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-same-nets/evaltest.dat b/testing/tests/ikev2/net2net-same-nets/evaltest.dat index 1ca7e2d607..3b479cefa8 100644 --- a/testing/tests/ikev2/net2net-same-nets/evaltest.dat +++ b/testing/tests/ikev2/net2net-same-nets/evaltest.dat @@ -2,8 +2,8 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_seq=1::YES -bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES +alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_req=1::YES +bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown index c64158a2f8..2a08ab3191 100755 --- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown +++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/mark_updown @@ -196,8 +196,8 @@ up-client:) iptables -t nat -A PREROUTING -i $INT_INTERFACE -m mark --mark $PLUTO_MARK_OUT \ -d $OUT_NET -j NETMAP --to $SAME_NET iptables -I FORWARD 1 -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT -j ACCEPT - iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT \ - -s $SAME_NET -j NETMAP --to $IN_NET + iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT \ + -s $SAME_NET -j NETMAP --to $IN_NET fi ;; down-client:) @@ -215,7 +215,11 @@ down-client:) if [ -n "$PLUTO_MARK_OUT" ] then iptables -t mangle -D PREROUTING $SET_MARK_OUT + iptables -t nat -D PREROUTING -i $INT_INTERFACE -m mark --mark $PLUTO_MARK_OUT \ + -d $OUT_NET -j NETMAP --to $SAME_NET iptables -D FORWARD -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT -j ACCEPT + iptables -t nat -D POSTROUTING -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT \ + -s $SAME_NET -j NETMAP --to $IN_NET fi ;; *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 diff --git a/testing/tests/ikev2/net2net-start/evaltest.dat b/testing/tests/ikev2/net2net-start/evaltest.dat index dbd06104f9..f003f822f4 100644 --- a/testing/tests/ikev2/net2net-start/evaltest.dat +++ b/testing/tests/ikev2/net2net-start/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi index dda793f444..4e2cc2860e 100755 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi @@ -5,7 +5,7 @@ cd /etc/openssl echo "Content-type: application/ocsp-response" echo "" -/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ - -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \ - -resp_no_certs -nmin 5 \ - -reqin /dev/stdin -respout /dev/stdout +cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ + -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \ + -resp_no_certs -nmin 5 \ + -reqin /dev/stdin -respout /dev/stdout | cat diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi index 74d22b90d6..429061376a 100755 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi @@ -5,7 +5,7 @@ cd /etc/openssl echo "Content-type: application/ocsp-response" echo "" -/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ - -rkey winnetouKey.pem -rsigner winnetouCert.pem \ - -nmin 5 \ - -reqin /dev/stdin -respout /dev/stdout +cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ + -rkey winnetouKey.pem -rsigner winnetouCert.pem \ + -nmin 5 \ + -reqin /dev/stdin -respout /dev/stdout | cat diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-root-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi index e998b6ad02..59c3563027 100755 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi @@ -5,7 +5,7 @@ cd /etc/openssl echo "Content-type: application/ocsp-response" echo "" -/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ - -rkey strongswanKey.pem -rsigner strongswanCert.pem \ - -resp_no_certs -nmin 5 \ - -reqin /dev/stdin -respout /dev/stdout +cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ + -rkey strongswanKey.pem -rsigner strongswanCert.pem \ + -resp_no_certs -nmin 5 \ + -reqin /dev/stdin -respout /dev/stdout | cat diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi index 92aa920aa0..aa70321d5b 100755 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi @@ -6,9 +6,9 @@ echo "Content-type: application/ocsp-response" echo "" # simulate a delayed response -sleep 5 +sleep 5 -/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ - -rkey ocspKey.pem -rsigner ocspCert.pem \ - -nmin 5 \ - -reqin /dev/stdin -respout /dev/stdout +cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ + -rkey ocspKey.pem -rsigner ocspCert.pem \ + -nmin 5 \ + -reqin /dev/stdin -respout /dev/stdout | cat diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi index 20c4b2a224..72aa7a6c49 100755 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi @@ -5,7 +5,7 @@ cd /etc/openssl echo "Content-type: application/ocsp-response" echo "" -/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ - -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \ - -nmin 5 \ - -reqin /dev/stdin -respout /dev/stdout +cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \ + -rkey ocspKey-self.pem -rsigner ocspCert-self.pem \ + -nmin 5 \ + -reqin /dev/stdin -respout /dev/stdout | cat diff --git a/testing/tests/ikev2/protoport-dual/evaltest.dat b/testing/tests/ikev2/protoport-dual/evaltest.dat index a65460cc8d..cf45f3b528 100644 --- a/testing/tests/ikev2/protoport-dual/evaltest.dat +++ b/testing/tests/ikev2/protoport-dual/evaltest.dat @@ -2,8 +2,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/protoport-route/evaltest.dat b/testing/tests/ikev2/protoport-route/evaltest.dat index 83a5e1bde3..75c547995c 100644 --- a/testing/tests/ikev2/protoport-route/evaltest.dat +++ b/testing/tests/ikev2/protoport-route/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req::YES carol::ssh PH_IP_ALICE hostname::alice::YES carol::cat /var/log/daemon.log::creating acquire job::YES carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED::YES diff --git a/testing/tests/ikev2/reauth-early/evaltest.dat b/testing/tests/ikev2/reauth-early/evaltest.dat index 1d3a35916a..dbc6f8d97e 100644 --- a/testing/tests/ikev2/reauth-early/evaltest.dat +++ b/testing/tests/ikev2/reauth-early/evaltest.dat @@ -1,6 +1,6 @@ moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/reauth-late/evaltest.dat b/testing/tests/ikev2/reauth-late/evaltest.dat index d86758f9a8..205a4d9e73 100644 --- a/testing/tests/ikev2/reauth-late/evaltest.dat +++ b/testing/tests/ikev2/reauth-late/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat index f8cfb111b9..ba661975b1 100644 --- a/testing/tests/ikev2/rw-cert/evaltest.dat +++ b/testing/tests/ikev2/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat index a39bf3afeb..d59eef5139 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat @@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat index 2abfdd19bf..0ea4e21ab1 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat @@ -6,7 +6,7 @@ moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.* carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat index 9c6ae73e9a..6a20b8e8c0 100644 --- a/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-dynamic/evaltest.dat @@ -15,8 +15,8 @@ moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat index 705d9ba6e8..aa6d4291bd 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/evaltest.dat @@ -18,8 +18,9 @@ dave ::ipsec status 2> /dev/null::alice.*ESTABLISHED.*PH_IP_DAVE.*moon.strongswa moon ::ipsec status 2> /dev/null::accounting.*INSTALLED, TUNNEL::YES dave ::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::NO dave ::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org::ESP::YES -moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org::ESP:YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/sites-available/default index 2de32a6f2a..a67a5dcb42 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/sites-available/default @@ -40,4 +40,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/posttest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/posttest.dat index dbe56013ae..34057da379 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat index 6d6ad38ba8..4d4c83d919 100644 --- a/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-class-radius/pretest.dat @@ -1,7 +1,7 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -alice::/etc/init.d/radiusd start +alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start @@ -9,5 +9,5 @@ carol::sleep 1 carol::ipsec up alice carol::ipsec up venus dave::ipsec up alice -dave::ipsec up venus +dave::ipsec up venus dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat index a239b56e73..42d2c319e1 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat @@ -2,13 +2,13 @@ carol::cat /var/log/daemon.log::configured EAP-Identity carol::YES carol::cat /var/log/daemon.log::added EAP secret for carol moon.strongswan.org::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES +moon:: cat /var/log/daemon.log::authentication of 'PH_IP_CAROL' with EAP successful::YES moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES -moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[PH_IP_CAROL]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_CAROL].*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat index 73f606be3f..8f813395a9 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat @@ -7,7 +7,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/sites-available/default index 2de32a6f2a..a67a5dcb42 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/sites-available/default @@ -40,4 +40,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat index 920d6a20de..6c3d14592c 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/posttest.dat @@ -1,5 +1,5 @@ moon::ipsec stop carol::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat index 280d62e3c1..c9b389e65c 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/pretest.dat @@ -1,6 +1,6 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null -alice::/etc/init.d/radiusd start +alice::radiusd moon::ipsec start carol::ipsec start carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat index 525d987af9..a8019b3e70 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat @@ -6,6 +6,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default index 802fcfd8d0..dd0825858a 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/sites-available/default @@ -41,4 +41,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat b/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat index 920d6a20de..6c3d14592c 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/posttest.dat @@ -1,5 +1,5 @@ moon::ipsec stop carol::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat index 280d62e3c1..c9b389e65c 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/pretest.dat @@ -1,6 +1,6 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null -alice::/etc/init.d/radiusd start +alice::radiusd moon::ipsec start carol::ipsec start carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat index dd67704eb7..84f41fd93f 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat @@ -5,7 +5,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat index eafd09b80c..010f483153 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat @@ -3,11 +3,11 @@ carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YE carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES moon:: cat /var/log/daemon.log::authentication of .*PH_IP_CAROL.* with EAP successful::YES -moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[PH_IP_CAROL]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_CAROL].*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat index 871d3b9314..4ed5257b12 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat @@ -18,6 +18,6 @@ moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED::NO carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat index 643b2c39d1..fc75e1c9a7 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@stronswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat index 81244bd85c..95c29b7f55 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/eap.conf similarity index 93% rename from testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/eap.conf index df50901d5a..11d3e2acdb 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/eap.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/eap.conf @@ -1,7 +1,7 @@ eap { md5 { } - default_eap_type = peap + default_eap_type = peap tls { private_key_file = /etc/raddb/certs/aaaKey.pem certificate_file = /etc/raddb/certs/aaaCert.pem diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/sites-available/default index 802fcfd8d0..dd0825858a 100644 --- a/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/sites-available/default @@ -41,4 +41,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel similarity index 100% rename from testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel rename to testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat b/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat index dbe56013ae..34057da379 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat index cbe1ae2291..00cf7e31e9 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/pretest.dat @@ -1,7 +1,7 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -alice::/etc/init.d/radiusd start +alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat index 7f1def4a5e..f1a68bc195 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat @@ -7,6 +7,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*caro carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/eap.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/eap.conf new file mode 100644 index 0000000000..7d8023951b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/modules/sim_files b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/modules/sim_files new file mode 100644 index 0000000000..10c26aa150 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/modules/sim_files @@ -0,0 +1,3 @@ +sim_files { + simtriplets = "/etc/freeradius/triplets.dat" +} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default index 92896b11e9..8935293240 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/sites-available/default @@ -40,4 +40,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/triplets.dat similarity index 100% rename from testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/triplets.dat rename to testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/triplets.dat diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf deleted file mode 100644 index a2020424e1..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/eap.conf +++ /dev/null @@ -1,5 +0,0 @@ -eap { - default_eap_type = sim - sim { - } -} diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index d77b818fe6..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,123 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf - sim_files { - simtriplets = "/etc/raddb/triplets.dat" - } -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat index 920d6a20de..6c3d14592c 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/posttest.dat @@ -1,5 +1,5 @@ moon::ipsec stop carol::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat index 0da980c07d..67c81748b6 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/pretest.dat @@ -1,7 +1,7 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null -alice::cat /etc/raddb/triplets.dat -alice::/etc/init.d/radiusd start +alice::cat /etc/freeradius/triplets.dat +alice::radiusd moon::ipsec start carol::ipsec start carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat index f2654766a4..f434ddfc64 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat @@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES @@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongsw moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/eap.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/eap.conf new file mode 100644 index 0000000000..7d8023951b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/modules/sim_files b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/modules/sim_files new file mode 100644 index 0000000000..10c26aa150 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/modules/sim_files @@ -0,0 +1,3 @@ +sim_files { + simtriplets = "/etc/freeradius/triplets.dat" +} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/sites-available/default index 126d61d057..fbdf75f4c1 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/sites-available/default @@ -41,4 +41,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/triplets.dat similarity index 99% rename from testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat rename to testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/triplets.dat index fd0eb19b99..3e9a644eb9 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/triplets.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/triplets.dat @@ -4,4 +4,3 @@ carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB dave@strongswan.org,33000000000000000000000000000000,33112233,335566778899AABB dave@strongswan.org,34000000000000000000000000000000,34112233,345566778899AABB dave@strongswan.org,35000000000000000000000000000000,35112233,355566778899AABB - diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf deleted file mode 100644 index a2020424e1..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/eap.conf +++ /dev/null @@ -1,5 +0,0 @@ -eap { - default_eap_type = sim - sim { - } -} diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index d77b818fe6..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,123 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf - sim_files { - simtriplets = "/etc/raddb/triplets.dat" - } -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat index dbe56013ae..34057da379 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat index 5a51733dc1..066fcff5fc 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/pretest.dat @@ -4,8 +4,8 @@ dave::/etc/init.d/iptables start 2> /dev/null moon::rm /etc/ipsec.d/cacerts/* carol::rm /etc/ipsec.d/cacerts/* dave::rm /etc/ipsec.d/cacerts/* -alice::cat /etc/raddb/triplets.dat -alice::/etc/init.d/radiusd start +alice::cat /etc/freeradius/triplets.dat +alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat index 8e12c29d04..21cfe429a9 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat @@ -4,7 +4,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES @@ -12,4 +12,4 @@ moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongsw moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/eap.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/eap.conf new file mode 100644 index 0000000000..7d8023951b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/eap.conf @@ -0,0 +1,5 @@ +eap { + default_eap_type = sim + sim { + } +} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/sites-available/default index dfceb037d9..91425f812a 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/sites-available/default @@ -59,4 +59,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/triplets.dat similarity index 99% rename from testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat rename to testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/triplets.dat index fd0eb19b99..3e9a644eb9 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/triplets.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/triplets.dat @@ -4,4 +4,3 @@ carol@strongswan.org,32000000000000000000000000000000,32112233,325566778899AABB dave@strongswan.org,33000000000000000000000000000000,33112233,335566778899AABB dave@strongswan.org,34000000000000000000000000000000,34112233,345566778899AABB dave@strongswan.org,35000000000000000000000000000000,35112233,355566778899AABB - diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf deleted file mode 100644 index a2020424e1..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/eap.conf +++ /dev/null @@ -1,5 +0,0 @@ -eap { - default_eap_type = sim - sim { - } -} diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index d77b818fe6..0000000000 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,123 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf - sim_files { - simtriplets = "/etc/raddb/triplets.dat" - } -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat b/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat index dbe56013ae..34057da379 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat index b3fd4cbf1d..c762a3471d 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/pretest.dat @@ -1,11 +1,11 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -alice::cat /etc/raddb/clients.conf -alice::cat /etc/raddb/eap.conf -alice::cat /etc/raddb/proxy.conf -alice::cat /etc/raddb/triplets.dat -alice::/etc/init.d/radiusd start +alice::cat /etc/freeradius/clients.conf +alice::cat /etc/freeradius/eap.conf +alice::cat /etc/freeradius/proxy.conf +alice::cat /etc/freeradius/triplets.dat +alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat index ade9306cfc..ab27b45102 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat @@ -5,6 +5,6 @@ moon:: ipsec status 2> /dev/null::rw-eap-sim.*ESTABLISHED.*moon.strongswan.org.* carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap-sim.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat index 4db0a30b44..314769b3eb 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat @@ -4,6 +4,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, C moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat index 96417facee..a436131bf2 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat @@ -4,6 +4,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN= moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat index 21190669ed..7584e14dc0 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat @@ -4,6 +4,6 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN= moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/sites-available/default index 990184919c..18ebf9e9d9 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/sites-available/default @@ -39,4 +39,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-tls-radius/posttest.dat b/testing/tests/ikev2/rw-eap-tls-radius/posttest.dat index 920d6a20de..6c3d14592c 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/posttest.dat @@ -1,5 +1,5 @@ moon::ipsec stop carol::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat index 280d62e3c1..c9b389e65c 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/pretest.dat @@ -1,6 +1,6 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null -alice::/etc/init.d/radiusd start +alice::radiusd moon::ipsec start carol::ipsec start carol::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat index 941bb29853..d22dd18db1 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat index 369596177a..72c93c14da 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-only/pretest.dat @@ -4,7 +4,7 @@ dave::/etc/init.d/iptables start 2> /dev/null moon::ipsec start carol::ipsec start dave::ipsec start -carol::sleep 1 +carol::sleep 2 carol::ipsec up home dave::ipsec up home -dave::sleep 1 +dave::sleep 2 diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat index 941bb29853..d22dd18db1 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat @@ -14,6 +14,6 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat index ff08ae7921..a471a2cfa7 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat @@ -14,7 +14,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/sites-available/default index 802fcfd8d0..dd0825858a 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/sites-available/default @@ -41,4 +41,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel similarity index 100% rename from testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel rename to testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/posttest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/posttest.dat index dbe56013ae..34057da379 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/posttest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/posttest.dat @@ -1,7 +1,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop -alice::/etc/init.d/radiusd stop +alice::killall radiusd moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat index cbe1ae2291..00cf7e31e9 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/pretest.dat @@ -1,7 +1,7 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -alice::/etc/init.d/radiusd start +alice::radiusd moon::ipsec start carol::ipsec start dave::ipsec start diff --git a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat index c52036028c..7a9a709393 100644 --- a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat +++ b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat @@ -10,8 +10,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-mark-in-out/description.txt b/testing/tests/ikev2/rw-mark-in-out/description.txt index 4c35081b15..3012fc656a 100644 --- a/testing/tests/ikev2/rw-mark-in-out/description.txt +++ b/testing/tests/ikev2/rw-mark-in-out/description.txt @@ -1,7 +1,7 @@ The roadwarriors alice and venus sitting behind the router moon set up tunnels to gateway sun. Since both roadwarriors possess the same 10.1.0.0/25 subnet, -gateway sun uses Source NAT after ESP decryption to map these subnets to 10.3.0.10 -and 10.3.0.20, respectively. +gateway sun uses Source NAT after ESP decryption to map these subnets to PH_IP_CAROL10 +and PH_IP_DAVE10, respectively.

In order to differentiate between the tunnels to alice and venus, respectively, XFRM marks are defined for both the inbound and outbound IPsec SAs and policies using diff --git a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat index 4a93dc921b..26b26204cb 100644 --- a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat +++ b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat @@ -3,9 +3,9 @@ venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES -sun:: ipsec statusall 2>::venus.*10.2.0.0/16 === 10.1.0.0/25::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES moon::tcpdump::IP alice.strongswan.org > sun.strongswan.org: ESP::YES moon::tcpdump::IP venus.strongswan.org > sun.strongswan.org: ESP::YES moon::tcpdump::IP sun.strongswan.org > alice.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-mark-in-out/pretest.dat b/testing/tests/ikev2/rw-mark-in-out/pretest.dat index 3d9a5f3402..2dbd4f9677 100644 --- a/testing/tests/ikev2/rw-mark-in-out/pretest.dat +++ b/testing/tests/ikev2/rw-mark-in-out/pretest.dat @@ -4,10 +4,10 @@ sun::/etc/init.d/iptables start 2> /dev/null moon::echo 1 > /proc/sys/net/ipv4/ip_forward moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON sun::ip route add 10.1.0.0/16 via PH_IP_MOON -sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3.0.10 -sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20 -sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 11 -sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 21 +sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to PH_IP_CAROL10 +sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to PH_IP_DAVE10 +sun::iptables -t mangle -A PREROUTING -d PH_IP_CAROL10 -j MARK --set-mark 11 +sun::iptables -t mangle -A PREROUTING -d PH_IP_DAVE10 -j MARK --set-mark 21 alice::ipsec start venus::ipsec start sun::ipsec start diff --git a/testing/tests/ikev2/rw-pkcs8/evaltest.dat b/testing/tests/ikev2/rw-pkcs8/evaltest.dat index b545c2289b..2342d024b2 100644 --- a/testing/tests/ikev2/rw-pkcs8/evaltest.dat +++ b/testing/tests/ikev2/rw-pkcs8/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat index 683173c302..2fbcc474f1 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat @@ -7,8 +7,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat index 1ad36fcaf9..2bd97b76c4 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat @@ -1,13 +1,13 @@ -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*\[192.168.0.1]::YES -dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*\[192.168.0.1]::YES -moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES -moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_CAROL].*\[PH_IP_MOON]::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[PH_IP_DAVE].*\[PH_IP_MOON]::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[PH_IP_MOON].*\[PH_IP_CAROL]::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[PH_IP_MOON].*\[PH_IP_DAVE]::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets index 18a0744721..57ce85d61f 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx +PH_IP_CAROL : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets index e989540e92..111de272b6 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets @@ -1,3 +1,3 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN +PH_IP_DAVE : PSK 0sjVzONCF02ncsgiSlmIXeqhGN diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets index ab3fb129bf..6706534eb1 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets @@ -1,5 +1,5 @@ # /etc/ipsec.secrets - strongSwan IPsec secrets file -192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx +PH_IP_CAROL : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx -192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN +PH_IP_DAVE : PSK 0sjVzONCF02ncsgiSlmIXeqhGN diff --git a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat index b545c2289b..2342d024b2 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat index 51e8687609..ab398a3bbb 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat @@ -1,13 +1,13 @@ moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES moon:: cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-shared key::YES moon:: ipsec status 2> /dev/null::rw-psk.*INSTALLED, TUNNEL::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*\[192.168.0.1]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*\[PH_IP_MOON]::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES moon:: ipsec status 2> /dev/null::rw-rsasig.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat index 9a1ab3f8f4..1648c9557e 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat @@ -9,8 +9,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat index 5c453f8b48..ccbc769e20 100644 --- a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat +++ b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat @@ -9,6 +9,6 @@ carol::ping -c 5 -s 1392 PH_IP_ALICE::1400 bytes from PH_IP_ALICE::YES carol::ipsec down home 2> /dev/null::no output expected::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -alice::cat /var/log/radius/radacct/10.1.0.1/*::User-Name =.*carol::YES -alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Output-Octets = 7100::YES -alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Input-Octets = 7100::YES +alice::cat /var/log/freeradius/radacct/PH_IP_MOON1/*::User-Name =.*carol::YES +alice::cat /var/log/freeradius/radacct/PH_IP_MOON1/*::Acct-Output-Octets = 7100::YES +alice::cat /var/log/freeradius/radacct/PH_IP_MOON1/*::Acct-Input-Octets = 7100::YES diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/eap.conf rename to testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/sites-available/default similarity index 99% rename from testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/sites-available/default rename to testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/sites-available/default index 2de32a6f2a..a67a5dcb42 100644 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/sites-available/default +++ b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/sites-available/default @@ -40,4 +40,3 @@ pre-proxy { post-proxy { eap } - diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/users rename to testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/freeradius/users diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-radius-accounting/posttest.dat b/testing/tests/ikev2/rw-radius-accounting/posttest.dat index b1f9714029..4ccbcb9b90 100644 --- a/testing/tests/ikev2/rw-radius-accounting/posttest.dat +++ b/testing/tests/ikev2/rw-radius-accounting/posttest.dat @@ -1,7 +1,7 @@ carol::ipsec stop moon::ipsec stop -alice::/etc/init.d/radiusd stop -alice::cat /var/log/radius/radacct/10.1.0.1/* +alice::killall radiusd +alice::cat /var/log/freeradius/radacct/PH_IP_MOON1/* carol::/etc/init.d/iptables stop 2> /dev/null moon::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-radius-accounting/pretest.dat b/testing/tests/ikev2/rw-radius-accounting/pretest.dat index 30c8bd5737..dbe1802fba 100644 --- a/testing/tests/ikev2/rw-radius-accounting/pretest.dat +++ b/testing/tests/ikev2/rw-radius-accounting/pretest.dat @@ -1,7 +1,7 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null -alice::rm /var/log/radius/radacct/10.1.0.1/* -alice::/etc/init.d/radiusd start +alice::rm /var/log/freeradius/radacct/PH_IP_MOON1/* +alice::radiusd moon::ipsec start carol::ipsec start carol::sleep 1 diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat index d6f71d7c01..9418d6ee16 100644 --- a/testing/tests/ikev2/rw-whitelist/evaltest.dat +++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat @@ -3,10 +3,10 @@ moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RS moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES moon:: cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/shunt-policies/evaltest.dat b/testing/tests/ikev2/shunt-policies/evaltest.dat index f40437e3e3..a6e40a8179 100644 --- a/testing/tests/ikev2/shunt-policies/evaltest.dat +++ b/testing/tests/ikev2/shunt-policies/evaltest.dat @@ -1,15 +1,15 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO -venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::NO +venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES venus::ssh PH_IP_BOB hostname::bob::YES diff --git a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf index 90a5d61b13..46ca4cdc3a 100644 --- a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf @@ -18,7 +18,7 @@ conn local-net auto=route conn venus-icmp - leftsubnet=10.1.0.20/32 + leftsubnet=PH_IP_VENUS/32 rightsubnet=0.0.0.0/0 leftprotoport=icmp rightprotoport=icmp diff --git a/testing/tests/ikev2/strong-keys-certs/evaltest.dat b/testing/tests/ikev2/strong-keys-certs/evaltest.dat index b545c2289b..2342d024b2 100644 --- a/testing/tests/ikev2/strong-keys-certs/evaltest.dat +++ b/testing/tests/ikev2/strong-keys-certs/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat index f50e7c30de..2b4476afac 100644 --- a/testing/tests/ikev2/two-certs/evaltest.dat +++ b/testing/tests/ikev2/two-certs/evaltest.dat @@ -1,11 +1,11 @@ moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf index a0f44e3121..9ec202e3d4 100644 --- a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf @@ -18,11 +18,11 @@ conn %default conn alice leftcert=carolCert.pem - rightsubnet=10.1.0.10/32 + rightsubnet=PH_IP_ALICE/32 auto=add conn venus leftcert=carolCert-002.pem - rightsubnet=10.1.0.20/32 + rightsubnet=PH_IP_VENUS/32 auto=add diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf index dac656243f..d8f1443ac8 100644 --- a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf @@ -23,10 +23,10 @@ conn %default keyexchange=ikev2 conn alice - leftsubnet=10.1.0.10/32 + leftsubnet=PH_IP_ALICE/32 auto=add conn venus - leftsubnet=10.1.0.20/32 + leftsubnet=PH_IP_VENUS/32 auto=add diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat index dd3143ae77..0f5df71d7b 100644 --- a/testing/tests/ikev2/virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip/evaltest.dat @@ -14,12 +14,12 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::src PH_IP_DAVE1::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_req=1::YES +moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat index 3b3200418d..151b73c273 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat index 3b3200418d..151b73c273 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net.net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net.net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP6 ip6-moon.strongswan.org > ip6-sun.strongswan.org: ESP::YES sun::tcpdump::IP6 ip6-sun.strongswan.org > ip6-moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat index 5b5c94fb1d..4d614bf7e3 100644 --- a/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat +++ b/testing/tests/openssl-ikev1/alg-camellia/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA1_96::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat index 2ba48e5ce4..ac7d8cd984 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat +++ b/testing/tests/openssl-ikev1/alg-ecp-high/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat index 6cf2438d4e..178d541daa 100644 --- a/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat +++ b/testing/tests/openssl-ikev1/alg-ecp-low/evaltest.dat @@ -8,8 +8,8 @@ moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat b/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat index 244ea0331a..69c893f0c8 100644 --- a/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat +++ b/testing/tests/openssl-ikev1/ecdsa-certs/evaltest.dat @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with EC moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA successful::YES carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA successful::YES dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat index 3787bdb68c..cd83c56b4b 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-blowfish/evaltest.dat @@ -4,8 +4,8 @@ moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*caro moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES diff --git a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat index 5b5c94fb1d..4d614bf7e3 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-camellia/evaltest.dat @@ -2,7 +2,7 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES carol::ipsec statusall 2> /dev/null::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::CAMELLIA_CBC_192/HMAC_SHA1_96::YES moon:: ip xfrm state::enc cbc(camellia)::YES diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat index 2540eb106b..375ed86a10 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-high/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_256.*ECP_384::YES dave:: cat /var/log/daemon.log::ECP_256.*ECP_521::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat b/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat index f82159e7c0..c46ed1dd2d 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat +++ b/testing/tests/openssl-ikev2/alg-ecp-low/evaltest.dat @@ -10,8 +10,8 @@ carol::cat /var/log/daemon.log::ECP_192.*ECP_224::YES dave:: cat /var/log/daemon.log::ECP_192.*ECP_256::YES carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat b/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat index 5918faa8cb..0110bb996c 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat +++ b/testing/tests/openssl-ikev2/ecdsa-certs/evaltest.dat @@ -10,8 +10,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with EC moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful::YES carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat b/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat index 52913759f0..8a4215dcc4 100644 --- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat +++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/evaltest.dat @@ -6,8 +6,8 @@ moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with EC moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful::YES carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/rw-cert/evaltest.dat b/testing/tests/openssl-ikev2/rw-cert/evaltest.dat index f8cfb111b9..ba661975b1 100644 --- a/testing/tests/openssl-ikev2/rw-cert/evaltest.dat +++ b/testing/tests/openssl-ikev2/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat index e476da03f4..1ae780e4b5 100644 --- a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat +++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat @@ -5,6 +5,6 @@ carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_W carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/p2pnat/behind-same-nat/evaltest.dat b/testing/tests/p2pnat/behind-same-nat/evaltest.dat index 8c79a28c13..3785205963 100644 --- a/testing/tests/p2pnat/behind-same-nat/evaltest.dat +++ b/testing/tests/p2pnat/behind-same-nat/evaltest.dat @@ -7,5 +7,5 @@ alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice@strongswan.org.*venus venus::ipsec status 2> /dev/null::peer.*ESTABLISHED.*venus.strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES venus::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +venus::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES diff --git a/testing/tests/p2pnat/behind-same-nat/posttest.dat b/testing/tests/p2pnat/behind-same-nat/posttest.dat index 36cd0f36d4..9e9b0b9387 100644 --- a/testing/tests/p2pnat/behind-same-nat/posttest.dat +++ b/testing/tests/p2pnat/behind-same-nat/posttest.dat @@ -2,7 +2,7 @@ venus::ipsec stop alice::ipsec stop carol::ipsec stop alice::/etc/init.d/iptables stop 2> /dev/null -moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null venus::/etc/init.d/iptables stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush moon::conntrack -F diff --git a/testing/tests/p2pnat/behind-same-nat/pretest.dat b/testing/tests/p2pnat/behind-same-nat/pretest.dat index f1e33dc396..7c6d9089fb 100644 --- a/testing/tests/p2pnat/behind-same-nat/pretest.dat +++ b/testing/tests/p2pnat/behind-same-nat/pretest.dat @@ -1,7 +1,7 @@ alice::/etc/init.d/iptables start 2> /dev/null venus::/etc/init.d/iptables start 2> /dev/null -moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null +moon::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1100-1200 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT @@ -10,5 +10,5 @@ carol::ipsec start carol::sleep 1 alice::ipsec start alice::sleep 1 -venus::ipsec start -venus::sleep 4 +venus::ipsec start +venus::sleep 4 diff --git a/testing/tests/p2pnat/medsrv-psk/evaltest.dat b/testing/tests/p2pnat/medsrv-psk/evaltest.dat index 1b89c7ebef..2c60807754 100644 --- a/testing/tests/p2pnat/medsrv-psk/evaltest.dat +++ b/testing/tests/p2pnat/medsrv-psk/evaltest.dat @@ -6,7 +6,7 @@ alice::ipsec status 2> /dev/null::peer.*ESTABLISHED.*alice@strongswan.org.*bob@s bob:: ipsec status 2> /dev/null::peer.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES alice::ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES bob:: ipsec status 2> /dev/null::peer.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.*: UDP::YES moon::tcpdump::IP sun.strongswan.org.* > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/p2pnat/medsrv-psk/posttest.dat b/testing/tests/p2pnat/medsrv-psk/posttest.dat index ca3cebc0ae..ffa00e1aca 100644 --- a/testing/tests/p2pnat/medsrv-psk/posttest.dat +++ b/testing/tests/p2pnat/medsrv-psk/posttest.dat @@ -2,9 +2,9 @@ bob::ipsec stop alice::ipsec stop carol::ipsec stop alice::/etc/init.d/iptables stop 2> /dev/null -moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null -sun::/etc/init.d/iptables stop 2> /dev/null bob::/etc/init.d/iptables stop 2> /dev/null +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush moon::conntrack -F sun::conntrack -F diff --git a/testing/tests/p2pnat/medsrv-psk/pretest.dat b/testing/tests/p2pnat/medsrv-psk/pretest.dat index fba7be01d5..0c567fc949 100644 --- a/testing/tests/p2pnat/medsrv-psk/pretest.dat +++ b/testing/tests/p2pnat/medsrv-psk/pretest.dat @@ -1,8 +1,8 @@ alice::/etc/init.d/iptables start 2> /dev/null -moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null -sun::/etc/init.d/iptables start 2> /dev/null bob::/etc/init.d/iptables start 2> /dev/null +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1100-1200 moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 moon::iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -j ACCEPT @@ -15,5 +15,5 @@ carol::ipsec start carol::sleep 1 bob::ipsec start bob::sleep 1 -alice::ipsec start -alice::sleep 4 +alice::ipsec start +alice::sleep 4 diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat index 9ca168e827..590b7fe9c9 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES -moon:: ip xfrm state::auth xcbc(aes)::YES -carol::ip xfrm state::auth xcbc(aes)::YES +moon:: ip xfrm state::auth-trunc xcbc(aes)::YES +carol::ip xfrm state::auth-trunc xcbc(aes)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/pfkey/alg-sha384/evaltest.dat b/testing/tests/pfkey/alg-sha384/evaltest.dat index 21b3d5a4fe..3b24217c5e 100644 --- a/testing/tests/pfkey/alg-sha384/evaltest.dat +++ b/testing/tests/pfkey/alg-sha384/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES -moon:: ip xfrm state::auth hmac(sha384)::YES -carol::ip xfrm state::auth hmac(sha384)::YES +moon:: ip xfrm state::auth-trunc hmac(sha384)::YES +carol::ip xfrm state::auth-trunc hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/pfkey/alg-sha512/evaltest.dat b/testing/tests/pfkey/alg-sha512/evaltest.dat index 7b94d21827..6bdceeb447 100644 --- a/testing/tests/pfkey/alg-sha512/evaltest.dat +++ b/testing/tests/pfkey/alg-sha512/evaltest.dat @@ -4,10 +4,10 @@ moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES -moon:: ip xfrm state::auth hmac(sha512)::YES -carol::ip xfrm state::auth hmac(sha512)::YES +moon:: ip xfrm state::auth-trunc hmac(sha512)::YES +carol::ip xfrm state::auth-trunc hmac(sha512)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/pfkey/esp-alg-null/evaltest.dat b/testing/tests/pfkey/esp-alg-null/evaltest.dat index 271e274c8f..c50b188bb0 100644 --- a/testing/tests/pfkey/esp-alg-null/evaltest.dat +++ b/testing/tests/pfkey/esp-alg-null/evaltest.dat @@ -2,7 +2,7 @@ moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@st carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES moon:: ip xfrm state::enc ecb(cipher_null)::YES diff --git a/testing/tests/pfkey/host2host-transport/evaltest.dat b/testing/tests/pfkey/host2host-transport/evaltest.dat index 5ef5bed9c3..fbd0c1c961 100644 --- a/testing/tests/pfkey/host2host-transport/evaltest.dat +++ b/testing/tests/pfkey/host2host-transport/evaltest.dat @@ -5,6 +5,6 @@ sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES moon::ip xfrm state::mode transport::YES sun:: ip xfrm state::mode transport::YES -moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES +moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/nat-rw/evaltest.dat b/testing/tests/pfkey/nat-rw/evaltest.dat index a0b9c678f4..ac09e2d6b4 100644 --- a/testing/tests/pfkey/nat-rw/evaltest.dat +++ b/testing/tests/pfkey/nat-rw/evaltest.dat @@ -6,7 +6,7 @@ alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.4500: UDP::YES +moon::tcpdump::IP sun.strongswan.org.4500 > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/pfkey/net2net-route/evaltest.dat b/testing/tests/pfkey/net2net-route/evaltest.dat index 9adb31e973..1de6ca8e1e 100644 --- a/testing/tests/pfkey/net2net-route/evaltest.dat +++ b/testing/tests/pfkey/net2net-route/evaltest.dat @@ -4,6 +4,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/protoport-dual/evaltest.dat b/testing/tests/pfkey/protoport-dual/evaltest.dat index d2fc698f9d..50b53cc00b 100644 --- a/testing/tests/pfkey/protoport-dual/evaltest.dat +++ b/testing/tests/pfkey/protoport-dual/evaltest.dat @@ -4,8 +4,8 @@ carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/protoport-route/evaltest.dat b/testing/tests/pfkey/protoport-route/evaltest.dat index 09dfd8f42e..9e970f0553 100644 --- a/testing/tests/pfkey/protoport-route/evaltest.dat +++ b/testing/tests/pfkey/protoport-route/evaltest.dat @@ -1,5 +1,5 @@ -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES -carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req::YES +carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req::YES carol::ssh PH_IP_ALICE hostname::alice::YES carol::cat /var/log/daemon.log::creating acquire job::YES carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/pfkey/rw-cert/evaltest.dat b/testing/tests/pfkey/rw-cert/evaltest.dat index b545c2289b..2342d024b2 100644 --- a/testing/tests/pfkey/rw-cert/evaltest.dat +++ b/testing/tests/pfkey/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/shunt-policies/evaltest.dat b/testing/tests/pfkey/shunt-policies/evaltest.dat index 87368fb319..6ba3a988fc 100644 --- a/testing/tests/pfkey/shunt-policies/evaltest.dat +++ b/testing/tests/pfkey/shunt-policies/evaltest.dat @@ -4,16 +4,16 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO -venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::NO +venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES venus::ssh PH_IP_BOB hostname::bob::YES diff --git a/testing/tests/sql/ip-pool-db-expired/evaltest.dat b/testing/tests/sql/ip-pool-db-expired/evaltest.dat index 3239dfe1f6..5ff5edbf87 100644 --- a/testing/tests/sql/ip-pool-db-expired/evaltest.dat +++ b/testing/tests/sql/ip-pool-db-expired/evaltest.dat @@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/sql/ip-pool-db-restart/evaltest.dat b/testing/tests/sql/ip-pool-db-restart/evaltest.dat index 58706fa488..f70e2d2dea 100644 --- a/testing/tests/sql/ip-pool-db-restart/evaltest.dat +++ b/testing/tests/sql/ip-pool-db-restart/evaltest.dat @@ -3,13 +3,13 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired existing lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/sql/ip-pool-db/evaltest.dat b/testing/tests/sql/ip-pool-db/evaltest.dat index 3910ab9c2c..cfa87ae3f0 100644 --- a/testing/tests/sql/ip-pool-db/evaltest.dat +++ b/testing/tests/sql/ip-pool-db/evaltest.dat @@ -7,7 +7,7 @@ carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES @@ -18,7 +18,7 @@ dave:: ip addr list dev eth0::PH_IP_DAVE1::YES dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES dave:: ipsec status 2> /dev/null::.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES moon:: cat /var/log/daemon.log::assigning virtual IP::YES diff --git a/testing/tests/sql/multi-level-ca/evaltest.dat b/testing/tests/sql/multi-level-ca/evaltest.dat index dfdd36a51c..72a555d4bc 100644 --- a/testing/tests/sql/multi-level-ca/evaltest.dat +++ b/testing/tests/sql/multi-level-ca/evaltest.dat @@ -14,8 +14,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-cert/evaltest.dat b/testing/tests/sql/net2net-cert/evaltest.dat index dbd06104f9..f003f822f4 100644 --- a/testing/tests/sql/net2net-cert/evaltest.dat +++ b/testing/tests/sql/net2net-cert/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-psk/evaltest.dat b/testing/tests/sql/net2net-psk/evaltest.dat index dbd06104f9..f003f822f4 100644 --- a/testing/tests/sql/net2net-psk/evaltest.dat +++ b/testing/tests/sql/net2net-psk/evaltest.dat @@ -2,6 +2,6 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-route-pem/evaltest.dat b/testing/tests/sql/net2net-route-pem/evaltest.dat index 719ba09ff4..3fd32907c6 100644 --- a/testing/tests/sql/net2net-route-pem/evaltest.dat +++ b/testing/tests/sql/net2net-route-pem/evaltest.dat @@ -10,7 +10,7 @@ moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES moon:: ipsec status 2> /dev/null::net-2.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-2.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/net2net-start-pem/evaltest.dat b/testing/tests/sql/net2net-start-pem/evaltest.dat index e6b8890f96..6534adc07c 100644 --- a/testing/tests/sql/net2net-start-pem/evaltest.dat +++ b/testing/tests/sql/net2net-start-pem/evaltest.dat @@ -6,7 +6,7 @@ moon:: ipsec status 2> /dev/null::net-2.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-2.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::net-3.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-3.*INSTALLED, TUNNEL::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-cert/evaltest.dat b/testing/tests/sql/rw-cert/evaltest.dat index b545c2289b..2342d024b2 100644 --- a/testing/tests/sql/rw-cert/evaltest.dat +++ b/testing/tests/sql/rw-cert/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat index 65a7c8e09c..e1d33feb74 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/sql/rw-eap-aka-rsa/evaltest.dat @@ -5,7 +5,7 @@ carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon. moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-psk-ipv4/evaltest.dat b/testing/tests/sql/rw-psk-ipv4/evaltest.dat index 1ad36fcaf9..eaf47395ec 100644 --- a/testing/tests/sql/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/sql/rw-psk-ipv4/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-psk-rsa-split/evaltest.dat b/testing/tests/sql/rw-psk-rsa-split/evaltest.dat index 9a1ab3f8f4..1648c9557e 100644 --- a/testing/tests/sql/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/sql/rw-psk-rsa-split/evaltest.dat @@ -9,8 +9,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-rsa-keyid/evaltest.dat b/testing/tests/sql/rw-rsa-keyid/evaltest.dat index 26f82653ae..4f5cd724c6 100644 --- a/testing/tests/sql/rw-rsa-keyid/evaltest.dat +++ b/testing/tests/sql/rw-rsa-keyid/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/rw-rsa/evaltest.dat b/testing/tests/sql/rw-rsa/evaltest.dat index f8cfb111b9..ba661975b1 100644 --- a/testing/tests/sql/rw-rsa/evaltest.dat +++ b/testing/tests/sql/rw-rsa/evaltest.dat @@ -6,8 +6,8 @@ carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/sql/shunt-policies/evaltest.dat b/testing/tests/sql/shunt-policies/evaltest.dat index 70aea411ee..51dd9610b2 100644 --- a/testing/tests/sql/shunt-policies/evaltest.dat +++ b/testing/tests/sql/shunt-policies/evaltest.dat @@ -4,16 +4,16 @@ moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES moon:: ipsec status 2> /dev/null::local-net.*PASS::YES moon:: ipsec status 2> /dev/null::venus-icmp.*DROP::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO -venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::NO +venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_req=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES venus::ssh PH_IP_BOB hostname::bob::YES diff --git a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat index b6663ea5ea..6b7c713eff 100644 --- a/testing/tests/tnc/tnccs-11-fhh/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-fhh/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat index b875eed49b..d934074347 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/evaltest.dat @@ -9,6 +9,6 @@ dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/3 moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/eap.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/eap.conf rename to testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/proxy.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/default new file mode 100644 index 0000000000..dd0825858a --- /dev/null +++ b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/default @@ -0,0 +1,43 @@ +authorize { + suffix + eap { + ok = return + } + files +} + +authenticate { + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel similarity index 100% rename from testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel rename to testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second similarity index 100% rename from testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second rename to testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/users b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/users rename to testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/freeradius/users diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary deleted file mode 100644 index 1a27a02fc8..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary +++ /dev/null @@ -1,2 +0,0 @@ -$INCLUDE /usr/share/freeradius/dictionary -$INCLUDE /etc/raddb/dictionary.tnc diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc deleted file mode 100644 index f295467a93..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/dictionary.tnc +++ /dev/null @@ -1,5 +0,0 @@ -ATTRIBUTE TNC-Status 3001 integer - -VALUE TNC-Status Access 0 -VALUE TNC-Status Isolate 1 -VALUE TNC-Status None 2 diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default b/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default deleted file mode 100644 index 802fcfd8d0..0000000000 --- a/testing/tests/tnc/tnccs-11-radius-block/hosts/alice/etc/raddb/sites-available/default +++ /dev/null @@ -1,44 +0,0 @@ -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -preacct { - preprocess - acct_unique - suffix - files -} - -accounting { - detail - unix - radutmp - attr_filter.accounting_response -} - -session { - radutmp -} - -post-auth { - exec - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} - diff --git a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat index 51d8ca1b3c..17ae486930 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/posttest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/posttest.dat @@ -2,7 +2,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop alice::killall radiusd -alice::rm /etc/raddb/sites-enabled/inner-tunnel-second +alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat index 0fa88dbc7d..46b4999718 100644 --- a/testing/tests/tnc/tnccs-11-radius-block/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius-block/pretest.dat @@ -2,8 +2,8 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/apache2 start 2> /dev/null -alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second -alice::cat /etc/raddb/sites-enabled/inner-tunnel-second +alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second +alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd moon::ipsec start carol::LEAK_DETECTIVE_DISABLE=1 ipsec start diff --git a/testing/tests/tnc/tnccs-11-radius/evaltest.dat b/testing/tests/tnc/tnccs-11-radius/evaltest.dat index d72239e8ec..e22b767f71 100644 --- a/testing/tests/tnc/tnccs-11-radius/evaltest.dat +++ b/testing/tests/tnc/tnccs-11-radius/evaltest.dat @@ -1,10 +1,10 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate':: moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf similarity index 100% rename from testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/eap.conf rename to testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/eap.conf diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf similarity index 100% rename from testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/proxy.conf rename to testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/proxy.conf diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default new file mode 100644 index 0000000000..dd0825858a --- /dev/null +++ b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/default @@ -0,0 +1,43 @@ +authorize { + suffix + eap { + ok = return + } + files +} + +authenticate { + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel similarity index 100% rename from testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel rename to testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second similarity index 83% rename from testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second rename to testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second index f91bccc723..c5bde6a9e3 100644 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second +++ b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/sites-available/inner-tunnel-second @@ -17,14 +17,14 @@ session { post-auth { if (control:TNC-Status == "Access") { update reply { - Tunnel-Type := ESP + Tunnel-Type := ESP Filter-Id := "allow" } } elsif (control:TNC-Status == "Isolate") { update reply { - Tunnel-Type := ESP - Filter-Id := "isolate" + Tunnel-Type := ESP + Filter-Id := "isolate" } } diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/users b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users similarity index 100% rename from testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/users rename to testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/freeradius/users diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf deleted file mode 100644 index f4e179aa4a..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/clients.conf +++ /dev/null @@ -1,4 +0,0 @@ -client PH_IP_MOON1 { - secret = gv6URkSs - shortname = moon -} diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary deleted file mode 100644 index 1a27a02fc8..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary +++ /dev/null @@ -1,2 +0,0 @@ -$INCLUDE /usr/share/freeradius/dictionary -$INCLUDE /etc/raddb/dictionary.tnc diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc deleted file mode 100644 index f295467a93..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/dictionary.tnc +++ /dev/null @@ -1,5 +0,0 @@ -ATTRIBUTE TNC-Status 3001 integer - -VALUE TNC-Status Access 0 -VALUE TNC-Status Isolate 1 -VALUE TNC-Status None 2 diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf deleted file mode 100644 index 1143a0473f..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/radiusd.conf +++ /dev/null @@ -1,120 +0,0 @@ -# radiusd.conf -- FreeRADIUS server configuration file. - -prefix = /usr -exec_prefix = ${prefix} -sysconfdir = /etc -localstatedir = /var -sbindir = ${exec_prefix}/sbin -logdir = ${localstatedir}/log/radius -raddbdir = ${sysconfdir}/raddb -radacctdir = ${logdir}/radacct - -# name of the running server. See also the "-n" command-line option. -name = radiusd - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} - -# libdir: Where to find the rlm_* modules. -libdir = ${exec_prefix}/lib - -# pidfile: Where to place the PID of the RADIUS server. -pidfile = ${run_dir}/${name}.pid - -# max_request_time: The maximum time (in seconds) to handle a request. -max_request_time = 30 - -# cleanup_delay: The time to wait (in seconds) before cleaning up -cleanup_delay = 5 - -# max_requests: The maximum number of requests which the server keeps -max_requests = 1024 - -# listen: Make the server listen on a particular IP address, and send -listen { - type = auth - ipaddr = PH_IP_ALICE - port = 0 -} - -# This second "listen" section is for listening on the accounting -# port, too. -# -listen { - type = acct - ipaddr = PH_IP_ALICE - port = 0 -} - -# hostname_lookups: Log the names of clients or just their IP addresses -hostname_lookups = no - -# Core dumps are a bad thing. This should only be set to 'yes' -allow_core_dumps = no - -# Regular expressions -regular_expressions = yes -extended_expressions = yes - -# Logging section. The various "log_*" configuration items -log { - destination = files - file = ${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = yes - auth_badpass = yes - auth_goodpass = yes -} - -# The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad - -# Security considerations -security { - max_attributes = 200 - reject_delay = 1 - status_server = yes -} - -# PROXY CONFIGURATION -proxy_requests = yes -$INCLUDE proxy.conf - -# CLIENTS CONFIGURATION -$INCLUDE clients.conf - -# THREAD POOL CONFIGURATION -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} - -# MODULE CONFIGURATION -modules { - $INCLUDE ${confdir}/modules/ - $INCLUDE eap.conf - $INCLUDE sql.conf - $INCLUDE sql/mysql/counter.conf -} - -# Instantiation -instantiate { - exec - expr - expiration - logintime -} - -# Policies -$INCLUDE policy.conf - -# Include all enabled virtual hosts -$INCLUDE sites-enabled/ diff --git a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default deleted file mode 100644 index 802fcfd8d0..0000000000 --- a/testing/tests/tnc/tnccs-11-radius/hosts/alice/etc/raddb/sites-available/default +++ /dev/null @@ -1,44 +0,0 @@ -authorize { - suffix - eap { - ok = return - } - files -} - -authenticate { - eap -} - -preacct { - preprocess - acct_unique - suffix - files -} - -accounting { - detail - unix - radutmp - attr_filter.accounting_response -} - -session { - radutmp -} - -post-auth { - exec - Post-Auth-Type REJECT { - attr_filter.access_reject - } -} - -pre-proxy { -} - -post-proxy { - eap -} - diff --git a/testing/tests/tnc/tnccs-11-radius/posttest.dat b/testing/tests/tnc/tnccs-11-radius/posttest.dat index 86bd89deaf..ffe82ea22f 100644 --- a/testing/tests/tnc/tnccs-11-radius/posttest.dat +++ b/testing/tests/tnc/tnccs-11-radius/posttest.dat @@ -2,7 +2,7 @@ moon::ipsec stop carol::ipsec stop dave::ipsec stop alice::killall radiusd -alice::rm /etc/raddb/sites-enabled/inner-tunnel-second +alice::rm /etc/freeradius/sites-enabled/inner-tunnel-second moon::/etc/init.d/iptables stop 2> /dev/null carol::/etc/init.d/iptables stop 2> /dev/null dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/tnc/tnccs-11-radius/pretest.dat b/testing/tests/tnc/tnccs-11-radius/pretest.dat index b5d2842783..50037f3e0a 100644 --- a/testing/tests/tnc/tnccs-11-radius/pretest.dat +++ b/testing/tests/tnc/tnccs-11-radius/pretest.dat @@ -1,8 +1,8 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null dave::/etc/init.d/iptables start 2> /dev/null -alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second -alice::cat /etc/raddb/sites-enabled/inner-tunnel-second +alice::ln -s /etc/freeradius/sites-available/inner-tunnel-second /etc/freeradius/sites-enabled/inner-tunnel-second +alice::cat /etc/freeradius/sites-enabled/inner-tunnel-second alice::LEAK_DETECTIVE_DISABLE=1 LOG4CXX_CONFIGURATION=/etc/tnc/log4cxx.properties radiusd alice::cat /etc/tnc_config carol::cat /etc/tnc_config diff --git a/testing/tests/tnc/tnccs-11/evaltest.dat b/testing/tests/tnc/tnccs-11/evaltest.dat index b6663ea5ea..6b7c713eff 100644 --- a/testing/tests/tnc/tnccs-11/evaltest.dat +++ b/testing/tests/tnc/tnccs-11/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-block/evaltest.dat b/testing/tests/tnc/tnccs-20-block/evaltest.dat index 881f442b7f..03b576efa7 100644 --- a/testing/tests/tnc/tnccs-20-block/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-block/evaltest.dat @@ -8,5 +8,5 @@ dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/3 moon:: cat /var/log/daemon.log::added group membership 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat index 3d84f81e31..bac7294b27 100644 --- a/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-client-retry/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat index 3d84f81e31..bac7294b27 100644 --- a/testing/tests/tnc/tnccs-20-fhh/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-fhh/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-os/evaltest.dat b/testing/tests/tnc/tnccs-20-os/evaltest.dat index 3d84f81e31..3c13e5ffa2 100644 --- a/testing/tests/tnc/tnccs-20-os/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-os/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp/evaltest.dat index 83739b70af..67b180ecdb 100644 --- a/testing/tests/tnc/tnccs-20-pdp/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-pdp/evaltest.dat @@ -1,10 +1,10 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Allowed::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES @@ -12,7 +12,7 @@ moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate':: moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2>/dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2>/dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat index 3d84f81e31..bac7294b27 100644 --- a/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-server-retry/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-tls/evaltest.dat index 3d84f81e31..bac7294b27 100644 --- a/testing/tests/tnc/tnccs-20-tls/evaltest.dat +++ b/testing/tests/tnc/tnccs-20-tls/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-20/evaltest.dat b/testing/tests/tnc/tnccs-20/evaltest.dat index 3d84f81e31..bac7294b27 100644 --- a/testing/tests/tnc/tnccs-20/evaltest.dat +++ b/testing/tests/tnc/tnccs-20/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::PB-TNC access recommendation is 'Access Allowed'::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::added group membership 'allow'::YES @@ -12,8 +12,8 @@ moon:: cat /var/log/daemon.log::added group membership 'isolate'::YES moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO diff --git a/testing/tests/tnc/tnccs-dynamic/evaltest.dat b/testing/tests/tnc/tnccs-dynamic/evaltest.dat index 69baaf592b..405298381b 100644 --- a/testing/tests/tnc/tnccs-dynamic/evaltest.dat +++ b/testing/tests/tnc/tnccs-dynamic/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES -carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES dave:: cat /var/log/daemon.log::PB-TNC access recommendation is 'Quarantined'::YES -dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon:: cat /var/log/daemon.log::TNCCS 1.1 protocol detected dynamically::YES @@ -20,8 +20,8 @@ moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP moon:: cat /var/log/daemon.log::removed TNCCS Connection ID 2::YES moon:: ipsec statusall 2> /dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES moon:: ipsec statusall 2> /dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_req=1::NO +dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_req=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_req=1::NO