From: Andreas Steffen Date: Thu, 14 Oct 2010 19:10:03 +0000 (+0200) Subject: do not send certificate requests in EAP-ONLY scenarios X-Git-Tag: 4.5.0~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d01a80819c2f20a58c8d8fa44239d5641f451b6;p=thirdparty%2Fstrongswan.git do not send certificate requests in EAP-ONLY scenarios --- diff --git a/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat index 014322510b..2304df23ef 100644 --- a/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat @@ -6,7 +6,7 @@ dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO moon::cat /var/log/daemon.log::added group membership 'allow'::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf index 834c9037c7..c19192dae6 100755 --- a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf @@ -18,5 +18,6 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightsendcert=never rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf index 836965aacd..7d5ea8b838 100755 --- a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf @@ -18,5 +18,6 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightsendcert=never rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc/evaltest.dat index cebfff25f3..a027551481 100644 --- a/testing/tests/ikev2/rw-eap-tnc/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tnc/evaltest.dat @@ -7,7 +7,7 @@ dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established :: dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES moon::cat /var/log/daemon.log::added group membership 'allow'::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES moon::cat /var/log/daemon.log::added group membership 'isolate'::YES moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf index 834c9037c7..c19192dae6 100755 --- a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf @@ -18,5 +18,6 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightsendcert=never rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf index 836965aacd..7d5ea8b838 100755 --- a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf @@ -18,5 +18,6 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightsendcert=never rightsubnet=10.1.0.0/16 auto=add