From: Andreas Steffen Date: Sat, 27 Mar 2021 13:44:47 +0000 (+0100) Subject: testing: Migrated ha/active-passive scenario to vici X-Git-Tag: 5.9.3dr1~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c22e94f0fb2e4d591f5a9624743b98c9efd5218;p=thirdparty%2Fstrongswan.git testing: Migrated ha/active-passive scenario to vici --- diff --git a/testing/tests/ha/active-passive/evaltest.dat b/testing/tests/ha/active-passive/evaltest.dat index bc5d642019..dddd337df7 100644 --- a/testing/tests/ha/active-passive/evaltest.dat +++ b/testing/tests/ha/active-passive/evaltest.dat @@ -1,13 +1,15 @@ alice::cat /var/log/daemon.log::HA segment 1 was not handled, taking::YES moon:: cat /var/log/daemon.log::remote node takes segment 1::YES -alice::ipsec status 2> /dev/null::ha.*ESTABLISHED.*10.1.0.10.*10.1.0.1::YES -alice::ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES -alice::ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES -moon:: ipsec status 2> /dev/null::ha.*ESTABLISHED.*10.1.0.1.*10.1.0.10::YES -moon:: ipsec status 2> /dev/null::rw.*PASSIVE.*mars.strongswan.org.*carol@strongswan.org::YES -moon:: ipsec status 2> /dev/null::rw.*PASSIVE.*mars.strongswan.org.*dave@strongswan.org::YES -carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*mars.strongswan.org::YES -dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*mars.strongswan.org::YES +alice::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=500 local-id=10.1.0.10 remote-host=10.1.0.1 remote-port=500 remote-id=10.1.0.1.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]] remote-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]]::YES +alice::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.10 local-port=500 local-id=10.1.0.10 remote-host=10.1.0.1 remote-port=500 remote-id=10.1.0.1.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]] remote-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]]::YES +alice::swanctl --list-sas --ike-id 3 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +alice::swanctl --list-sas --ike-id 4 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=3 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.1 local-port=500 local-id=10.1.0.1 remote-host=10.1.0.10 remote-port=500 remote-id=10.1.0.10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]] remote-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]]::YES +moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::ha.*version=2 state=ESTABLISHED local-host=10.1.0.1 local-port=500 local-id=10.1.0.1 remote-host=10.1.0.10 remote-port=500 remote-id=10.1.0.10.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*ha.*reqid=1 state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.1/32\[icmp] 10.1.0.1/32\[udp/4510]] remote-ts=\[10.1.0.10/32\[icmp] 10.1.0.10/32\[udp/4510]]::YES +moon ::swanctl --list-sas --ike-id 3 --raw 2> /dev/null::rw.*version=2 state=PASSIVE local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon ::swanctl --list-sas --ike-id 4 --raw 2> /dev/null::rw.*version=2 state=PASSIVE local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=3 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES +carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.5 remote-port=4500 remote-id=mars.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES +dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.5 remote-port=4500 remote-id=mars.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES alice::cat /var/log/daemon.log::HA segment 1 activated::YES alice::cat /var/log/daemon.log::handling HA CHILD_SA::YES moon:: cat /var/log/daemon.log::installed HA CHILD_SA::YES @@ -15,11 +17,11 @@ carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES alice::ip xfrm policy flush::no output expected::NO alice::ip xfrm state flush::no output expected::NO -alice::killall -9 starter charon::no output expected::NO +alice::systemctl kill -s SIGKILL strongswan::no output expected::NO carol::sleep 2::no output expected::NO moon:: cat /var/log/daemon.log::no heartbeat received, taking all segments::YES -moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*carol@strongswan.org::YES -moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*mars.strongswan.org.*dave@strongswan.org::YES +moon ::swanctl --list-sas --ike-id 3 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES +moon ::swanctl --list-sas --ike-id 4 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.5 local-port=4500 local-id=mars.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=3 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES dave:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_.eq=1::YES carol::tcpdump::IP carol.strongswan.org > mars.strongswan.org: ESP::YES diff --git a/testing/tests/ha/active-passive/hosts/alice/etc/ipsec.conf b/testing/tests/ha/active-passive/hosts/alice/etc/ipsec.conf deleted file mode 100644 index 363473bddc..0000000000 --- a/testing/tests/ha/active-passive/hosts/alice/etc/ipsec.conf +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn rw - left=192.168.0.5 - leftcert=marsCert.pem - leftid=@mars.strongswan.org - leftsubnet=10.1.0.0/16 - leftfirewall=yes - right=%any - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ha/active-passive/hosts/alice/etc/ipsec.secrets b/testing/tests/ha/active-passive/hosts/alice/etc/ipsec.secrets deleted file mode 100644 index d65b96e340..0000000000 --- a/testing/tests/ha/active-passive/hosts/alice/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA marsKey.pem diff --git a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf index 5072d77d8c..812976d5ac 100644 --- a/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf @@ -1,14 +1,14 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha plugins { ha { local = PH_IP_ALICE remote = PH_IP_MOON1 secret = PliyxREnfoPaSXDJx1NrlH0kkKXT/LWZ - segment_count = 1 + segment_count = 1 fifo_interface = yes monitor = yes } diff --git a/testing/tests/ha/active-passive/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/ha/active-passive/hosts/alice/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..fc2aba4cbc --- /dev/null +++ b/testing/tests/ha/active-passive/hosts/alice/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.5 + + local { + auth = pubkey + certs = marsCert.pem + id = mars.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ha/active-passive/hosts/carol/etc/ipsec.conf b/testing/tests/ha/active-passive/hosts/carol/etc/ipsec.conf deleted file mode 100644 index 3040f6afab..0000000000 --- a/testing/tests/ha/active-passive/hosts/carol/etc/ipsec.conf +++ /dev/null @@ -1,20 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn home - left=PH_IP_CAROL - leftcert=carolCert.pem - leftid=carol@strongswan.org - leftfirewall=yes - right=192.168.0.5 - rightid=@mars.strongswan.org - rightsubnet=10.1.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf index af5fa19ef1..b116cbfbec 100644 --- a/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { - load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown +charon-systemd { + load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown } diff --git a/testing/tests/ha/active-passive/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/ha/active-passive/hosts/carol/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..b8c6219488 --- /dev/null +++ b/testing/tests/ha/active-passive/hosts/carol/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.100 + remote_addrs = 192.168.0.5 + + local { + auth = pubkey + certs = carolCert.pem + id = carol@strongswan.org + } + remote { + auth = pubkey + id = mars.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ha/active-passive/hosts/dave/etc/ipsec.conf b/testing/tests/ha/active-passive/hosts/dave/etc/ipsec.conf deleted file mode 100644 index 27d6b8d99f..0000000000 --- a/testing/tests/ha/active-passive/hosts/dave/etc/ipsec.conf +++ /dev/null @@ -1,20 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn home - left=PH_IP_DAVE - leftcert=daveCert.pem - leftid=dave@strongswan.org - leftfirewall=yes - right=192.168.0.5 - rightid=@mars.strongswan.org - rightsubnet=10.1.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf index 16a0a8ca0c..e810522e7e 100644 --- a/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown } diff --git a/testing/tests/ha/active-passive/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/ha/active-passive/hosts/dave/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..c655be9d57 --- /dev/null +++ b/testing/tests/ha/active-passive/hosts/dave/etc/swanctl/swanctl.conf @@ -0,0 +1,27 @@ +connections { + + home { + local_addrs = 192.168.0.200 + remote_addrs = 192.168.0.5 + + local { + auth = pubkey + certs = daveCert.pem + id = dave@strongswan.org + } + remote { + auth = pubkey + id = mars.strongswan.org + } + children { + home { + remote_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ha/active-passive/hosts/moon/etc/ipsec.conf b/testing/tests/ha/active-passive/hosts/moon/etc/ipsec.conf deleted file mode 100644 index 363473bddc..0000000000 --- a/testing/tests/ha/active-passive/hosts/moon/etc/ipsec.conf +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - -conn rw - left=192.168.0.5 - leftcert=marsCert.pem - leftid=@mars.strongswan.org - leftsubnet=10.1.0.0/16 - leftfirewall=yes - right=%any - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ha/active-passive/hosts/moon/etc/ipsec.secrets b/testing/tests/ha/active-passive/hosts/moon/etc/ipsec.secrets deleted file mode 100644 index d65b96e340..0000000000 --- a/testing/tests/ha/active-passive/hosts/moon/etc/ipsec.secrets +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/ipsec.secrets - strongSwan IPsec secrets file - -: RSA marsKey.pem diff --git a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf index 68d4414bae..ce3f5f349d 100644 --- a/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf @@ -1,14 +1,14 @@ # /etc/strongswan.conf - strongSwan configuration file -charon { - load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default ha +charon-systemd { + load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha plugins { ha { local = PH_IP_MOON1 remote = PH_IP_ALICE secret = PliyxREnfoPaSXDJx1NrlH0kkKXT/LWZ - segment_count = 1 + segment_count = 1 fifo_interface = yes monitor = yes } diff --git a/testing/tests/ha/active-passive/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/ha/active-passive/hosts/moon/etc/swanctl/swanctl.conf new file mode 100755 index 0000000000..fc2aba4cbc --- /dev/null +++ b/testing/tests/ha/active-passive/hosts/moon/etc/swanctl/swanctl.conf @@ -0,0 +1,25 @@ +connections { + + rw { + local_addrs = 192.168.0.5 + + local { + auth = pubkey + certs = marsCert.pem + id = mars.strongswan.org + } + remote { + auth = pubkey + } + children { + net { + local_ts = 10.1.0.0/16 + + updown = /usr/local/libexec/ipsec/_updown iptables + esp_proposals = aes128gcm128-x25519 + } + } + version = 2 + proposals = aes128-sha256-x25519 + } +} diff --git a/testing/tests/ha/active-passive/posttest.dat b/testing/tests/ha/active-passive/posttest.dat index c21aac9aaa..e62d23ef52 100644 --- a/testing/tests/ha/active-passive/posttest.dat +++ b/testing/tests/ha/active-passive/posttest.dat @@ -1,7 +1,10 @@ -carol::ipsec stop -dave::ipsec stop -moon::ipsec stop -alice::rm /var/run/charon.pid /var/run/starter.charon.pid +carol::systemctl stop strongswan +dave::systemctl stop strongswan +moon::ip xfrm policy flush::no output expected::NO +moon::ip xfrm state flush::no output expected::NO +moon::systemctl kill -s SIGKILL strongswan::no output expected::NO +moon::cd /etc/swanctl; rm rsa/marsKey.pem x509/marsCert.pem +alice::cd /etc/swanctl; rm rsa/marsKey.pem x509/marsCert.pem moon::iptables-restore < /etc/iptables.flush alice::iptables-restore < /etc/iptables.flush carol::iptables-restore < /etc/iptables.flush @@ -13,3 +16,7 @@ alice::ip addr del 10.1.0.5/16 dev eth0 alice::ifdown eth1 venus::ip route del default via 10.1.0.5 dev eth0 venus::ip route add default via 10.1.0.1 dev eth0 +alice::sed -i s/Restart=no/Restart=on-abnormal/ /lib/systemd/system/strongswan.service +alice::systemctl daemon-reload +moon::sed -i s/Restart=no/Restart=on-abnormal/ /lib/systemd/system/strongswan.service +moon::systemctl daemon-reload diff --git a/testing/tests/ha/active-passive/pretest.dat b/testing/tests/ha/active-passive/pretest.dat index f82e484370..bf5eb8329e 100644 --- a/testing/tests/ha/active-passive/pretest.dat +++ b/testing/tests/ha/active-passive/pretest.dat @@ -1,3 +1,7 @@ +alice::sed -i s/Restart=on-abnormal/Restart=no/ /lib/systemd/system/strongswan.service +alice::systemctl daemon-reload +moon::sed -i s/Restart=on-abnormal/Restart=no/ /lib/systemd/system/strongswan.service +moon::systemctl daemon-reload moon::ip addr add 192.168.0.5/24 dev eth0 moon::ip addr add 10.1.0.5/16 dev eth1 alice::ifup eth1 @@ -9,13 +13,15 @@ moon::iptables-restore < /etc/iptables.rules alice::iptables-restore < /etc/iptables.rules carol::iptables-restore < /etc/iptables.rules dave::iptables-restore < /etc/iptables.rules -moon::ipsec start -alice::ipsec start +moon::cd /etc/swanctl; rm rsa/moonKey.pem x509/moonCert.pem +alice::cd /etc/swanctl; rm rsa/aliceKey.pem x509/aliceCert.pem +moon::systemctl start strongswan +alice::systemctl start strongswan moon::sleep 2 alice::echo "+1" > /var/run/charon.ha -carol::ipsec start -dave::ipsec start +carol::systemctl start strongswan +dave::systemctl start strongswan carol::expect-connection home dave::expect-connection home -carol::ipsec up home -dave::ipsec up home +carol::swanctl --initiate --child home +dave::swanctl --initiate --child home diff --git a/testing/tests/ha/active-passive/test.conf b/testing/tests/ha/active-passive/test.conf index 8056d9ce45..43f8bbcc37 100644 --- a/testing/tests/ha/active-passive/test.conf +++ b/testing/tests/ha/active-passive/test.conf @@ -19,3 +19,7 @@ TCPDUMPHOSTS="venus carol dave" # Used for IPsec logging purposes # IPSECHOSTS="alice moon carol dave" + +# charon controlled by swanctl +# +SWANCTL=1