From: Tobias Brunner Date: Wed, 5 Oct 2016 10:25:29 +0000 (+0200) Subject: testing: Remove ikev2/default-keys scenario X-Git-Tag: 5.5.1rc1~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=597e057b9e355b883ec56b549483a767cc87c216;p=thirdparty%2Fstrongswan.git testing: Remove ikev2/default-keys scenario No default keys are generated anymore. --- diff --git a/testing/tests/ikev2/default-keys/description.txt b/testing/tests/ikev2/default-keys/description.txt deleted file mode 100644 index 889f8297ac..0000000000 --- a/testing/tests/ikev2/default-keys/description.txt +++ /dev/null @@ -1,8 +0,0 @@ -Because of the missing /etc/ipsec.secrets file, roadwarrior carol -and gateway moon each automatically generate a PKCS#1 RSA private key -and a self-signed X.509 certificate. Because the virtual testing environment -does not offer enough entropy, the non-blocking /dev/urandom device is used in -place of /dev/random for generating the random primes. -

-The self-signed certificates are then distributed to the peers via scp -and are used to set up a road warrior connection initiated by carol diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat deleted file mode 100644 index 43d85d06fe..0000000000 --- a/testing/tests/ikev2/default-keys/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -carol::cat /var/log/auth.log::scepclient::YES -moon:: cat /var/log/auth.log::scepclient::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES -moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES -carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES -moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES -moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES -moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf deleted file mode 100644 index 15aba18e53..0000000000 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn home - left=PH_IP_CAROL - leftcert=selfCert.der - leftsendcert=never - leftfirewall=yes - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightcert=peerCert.der - rightsendcert=never - auto=add diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf deleted file mode 100644 index 5cfec3e9b0..0000000000 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown -} - -scepclient { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce -} diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 278943d28b..0000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - -conn carol - left=PH_IP_MOON - leftcert=selfCert.der - leftsendcert=never - leftsubnet=10.1.0.0/16 - leftfirewall=yes - right=%any - rightcert=peerCert.der - rightsendcert=never - auto=add diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules deleted file mode 100644 index 72a1c17c37..0000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/iptables.rules +++ /dev/null @@ -1,30 +0,0 @@ -*filter - -# default policy is DROP --P INPUT DROP --P OUTPUT DROP --P FORWARD DROP - -# allow esp --A INPUT -i eth0 -p 50 -j ACCEPT --A OUTPUT -o eth0 -p 50 -j ACCEPT - -# allow IKE --A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT - -# allow MobIKE --A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT --A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT - -# allow ssh --A INPUT -p tcp --sport 22 -j ACCEPT --A INPUT -p tcp --dport 22 -j ACCEPT --A OUTPUT -p tcp --sport 22 -j ACCEPT --A OUTPUT -p tcp --dport 22 -j ACCEPT - -# allow crl fetch from winnetou --A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT --A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT - -COMMIT diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf deleted file mode 100644 index 5cfec3e9b0..0000000000 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf +++ /dev/null @@ -1,9 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown -} - -scepclient { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce -} diff --git a/testing/tests/ikev2/default-keys/posttest.dat b/testing/tests/ikev2/default-keys/posttest.dat deleted file mode 100644 index 25f737ecc6..0000000000 --- a/testing/tests/ikev2/default-keys/posttest.dat +++ /dev/null @@ -1,8 +0,0 @@ -moon::ipsec stop -carol::ipsec stop -moon::iptables-restore < /etc/iptables.flush -carol::iptables-restore < /etc/iptables.flush -carol::rm /etc/ipsec.d/private/* -carol::rm /etc/ipsec.d/certs/* -moon::rm /etc/ipsec.d/private/* -moon::rm /etc/ipsec.d/certs/* diff --git a/testing/tests/ikev2/default-keys/pretest.dat b/testing/tests/ikev2/default-keys/pretest.dat deleted file mode 100644 index 8ae506253f..0000000000 --- a/testing/tests/ikev2/default-keys/pretest.dat +++ /dev/null @@ -1,20 +0,0 @@ -moon::iptables-restore < /etc/iptables.rules -carol::iptables-restore < /etc/iptables.rules -carol::rm /etc/ipsec.secrets -carol::rm /etc/ipsec.d/private/* -carol::rm /etc/ipsec.d/certs/* -carol::rm /etc/ipsec.d/cacerts/* -carol::ipsec start -moon::rm /etc/ipsec.secrets -moon::rm /etc/ipsec.d/private/* -moon::rm /etc/ipsec.d/certs/* -moon::rm /etc/ipsec.d/cacerts/* -moon::ipsec start -moon::expect-connection carol -moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der -moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der -moon::ipsec reload -carol::ipsec reload -moon::expect-connection carol -carol::expect-connection home -carol::ipsec up home diff --git a/testing/tests/ikev2/default-keys/test.conf b/testing/tests/ikev2/default-keys/test.conf deleted file mode 100644 index ce84ce41ab..0000000000 --- a/testing/tests/ikev2/default-keys/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# guest instances used for this test - -# All guest instances that are required for this test -# -VIRTHOSTS="alice moon carol" - -# Corresponding block diagram -# -DIAGRAM="a-m-c.png" - -# Guest instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# Guest instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="moon carol"