From: Andreas Steffen Date: Fri, 11 May 2012 09:00:32 +0000 (+0200) Subject: upgraded ikev2 scenarios to 5.0.0 X-Git-Tag: 5.0.0~275 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a56fdff194990ea55f91bdccfc74f52d85176a92;p=thirdparty%2Fstrongswan.git upgraded ikev2 scenarios to 5.0.0 --- diff --git a/testing/tests/ikev2/after-2038-certs/evaltest.dat b/testing/tests/ikev2/after-2038-certs/evaltest.dat index 1bb9c105ff..3efaa5a989 100644 --- a/testing/tests/ikev2/after-2038-certs/evaltest.dat +++ b/testing/tests/ikev2/after-2038-certs/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf index bcdb8641bb..d0e7ae27fa 100755 --- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf index 274521386a..00a5220697 100755 --- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-3des-md5/evaltest.dat b/testing/tests/ikev2/alg-3des-md5/evaltest.dat index 6f598c6f3f..a553ff1688 100644 --- a/testing/tests/ikev2/alg-3des-md5/evaltest.dat +++ b/testing/tests/ikev2/alg-3des-md5/evaltest.dat @@ -1,13 +1,15 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES -carol::ipsec statusall::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*3DES_CBC/HMAC_MD5_96,::YES -carol::ipsec statusall::home.*3DES_CBC/HMAC_MD5_96,::YES -moon::ip xfrm state::enc cbc(des3_ede)::YES +moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES +carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES +moon:: ip xfrm state::enc cbc(des3_ede)::YES carol::ip xfrm state::enc cbc(des3_ede)::YES -moon::ip xfrm state::auth hmac(md5)::YES +moon:: ip xfrm state::auth hmac(md5)::YES carol::ip xfrm state::auth hmac(md5)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf index f2c71061df..e89334423e 100755 --- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf index c4fd80fc08..c218ad4bba 100755 --- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat index 0834a8db06..e2cf773eae 100644 --- a/testing/tests/ikev2/alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ccm/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::IKE proposal: AES_CCM_12_128::YES -carol::ipsec statusall::IKE proposal: AES_CCM_12_128::YES -moon::ipsec statusall::AES_CCM_12_128,::YES -carol::ipsec statusall::AES_CCM_12_128,::YES -moon::ip xfrm state::aead rfc4309(ccm(aes))::YES +moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CCM_12_128::YES +moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES +carol::ipsec statusall 2> /dev/null::AES_CCM_12_128,::YES +moon:: ip xfrm state::aead rfc4309(ccm(aes))::YES carol::ip xfrm state::aead rfc4309(ccm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf index 6bcfbc28de..a5af62796a 100755 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf index 1d6f138612..74dc0170bb 100755 --- a/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ccm/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat index 522ce60888..177e0ea623 100644 --- a/testing/tests/ikev2/alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-ctr/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::IKE proposal: AES_CTR_128::YES -carol::ipsec statusall::IKE proposal: AES_CTR_128::YES -moon::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES -carol::ipsec statusall::AES_CTR_128/AES_XCBC_96,::YES -moon::ip xfrm state::rfc3686(ctr(aes))::YES +moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: AES_CTR_128::YES +moon:: ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES +carol::ipsec statusall 2> /dev/null::AES_CTR_128/AES_XCBC_96,::YES +moon:: ip xfrm state::rfc3686(ctr(aes))::YES carol::ip xfrm state::rfc3686(ctr(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf index 70c4828355..97db0816c9 100755 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf index bf103742f0..dbfef04822 100755 --- a/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-ctr/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat index 9cd3e8e155..39f8b1cc4f 100644 --- a/testing/tests/ikev2/alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-gcm/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::IKE proposal: AES_GCM_16_256::YES -carol::ipsec statusall::IKE proposal: AES_GCM_16_256::YES -moon::ipsec statusall::AES_GCM_16_256,::YES -carol::ipsec statusall::AES_GCM_16_256,::YES -moon::ip xfrm state::aead rfc4106(gcm(aes))::YES +moon:: ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: AES_GCM_16_256::YES +moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES +carol::ipsec statusall 2> /dev/null::AES_GCM_16_256,::YES +moon:: ip xfrm state::aead rfc4106(gcm(aes))::YES carol::ip xfrm state::aead rfc4106(gcm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf index e3f19aff82..f70a558d42 100755 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf index 0d51a3ea8c..30c4a7dc03 100755 --- a/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-gcm/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat index 24e36eb770..7a98745289 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/ikev2/alg-aes-xcbc/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES -carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES -moon::ip xfrm state::auth xcbc(aes)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES +moon:: ip xfrm state::auth xcbc(aes)::YES carol::ip xfrm state::auth xcbc(aes)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index 33e6a842b7..806923e30d 100755 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index 208477deb4..5f55bb7e79 100755 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-blowfish/evaltest.dat b/testing/tests/ikev2/alg-blowfish/evaltest.dat index f1b33895be..a458f02414 100644 --- a/testing/tests/ikev2/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev2/alg-blowfish/evaltest.dat @@ -1,14 +1,15 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES +dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -carol::ipsec statusall::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES +dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES +dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES -dave::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES -dave::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec statusall::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES -dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES +dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf index a787249269..2c059148b5 100755 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf index 26f3f3a040..a3c6f1bafc 100755 --- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf index 5183e26d26..9490dbf3f5 100755 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat index 80df206bfd..0acd6d2ce1 100644 --- a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat +++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat @@ -1,13 +1,17 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[4]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES -dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES -moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES -dave::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES +dave:: cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES +dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf index 257923d028..947dbe72b9 100755 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf index 9b52479739..268f298d59 100755 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf index 2b66e3400e..78e27877dd 100755 --- a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256-96/evaltest.dat b/testing/tests/ikev2/alg-sha256-96/evaltest.dat index 7ec47aadf5..4bbc82d9b2 100644 --- a/testing/tests/ikev2/alg-sha256-96/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256-96/evaltest.dat @@ -1,13 +1,15 @@ -moon::cat /var/log/daemon.log::received strongSwan vendor id::YES -carol::cat /var/log/daemon.log::received strongSwan vendor id::YES -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::received strongSwan vendor ID::YES +carol::cat /var/log/daemon.log::received strongSwan vendor ID::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES -carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES -moon::ip xfrm state::auth hmac(sha256)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_96,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_96,::YES +moon:: ip xfrm state::auth hmac(sha256)::YES carol::ip xfrm state::auth hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf index 47cf1e12c7..2353884c3d 100755 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf index d340aaf70a..c1e415d5b3 100755 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256/evaltest.dat b/testing/tests/ikev2/alg-sha256/evaltest.dat index 2d1cc92bb9..7b5640af80 100644 --- a/testing/tests/ikev2/alg-sha256/evaltest.dat +++ b/testing/tests/ikev2/alg-sha256/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES -carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES -moon::ip xfrm state::auth hmac(sha256)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES +moon:: ip xfrm state::auth hmac(sha256)::YES carol::ip xfrm state::auth hmac(sha256)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf index d2b763a1b7..e3c424606b 100755 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf index 0e38bbb84c..9f8e902ae4 100755 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha384/evaltest.dat b/testing/tests/ikev2/alg-sha384/evaltest.dat index 31bb64c5e4..21b3d5a4fe 100644 --- a/testing/tests/ikev2/alg-sha384/evaltest.dat +++ b/testing/tests/ikev2/alg-sha384/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES -carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES -moon::ip xfrm state::auth hmac(sha384)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES +moon:: ip xfrm state::auth hmac(sha384)::YES carol::ip xfrm state::auth hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf index d38b7dfcfe..14fce03171 100755 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf index ea84cd8a47..06a887f5c6 100755 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha512/evaltest.dat b/testing/tests/ikev2/alg-sha512/evaltest.dat index e0f5fb7a30..7b94d21827 100644 --- a/testing/tests/ikev2/alg-sha512/evaltest.dat +++ b/testing/tests/ikev2/alg-sha512/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES -carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES -moon::ip xfrm state::auth hmac(sha512)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES +moon:: ip xfrm state::auth hmac(sha512)::YES carol::ip xfrm state::auth hmac(sha512)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf index 583522d1bf..33f619eabf 100755 --- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf index 40fec93c0d..f76a4264bb 100755 --- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/evaltest.dat b/testing/tests/ikev2/any-interface/evaltest.dat index f475ba70bc..800ae4353a 100644 --- a/testing/tests/ikev2/any-interface/evaltest.dat +++ b/testing/tests/ikev2/any-interface/evaltest.dat @@ -1,10 +1,17 @@ -moon::cat /var/log/daemon.log::creating acquire job::YES -bob::cat /var/log/daemon.log::creating acquire job::YES -moon::ipsec statusall::alice.*INSTALLED, TRANSPORT::YES -moon::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES -alice::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES -sun::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES -bob::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES +moon:: cat /var/log/daemon.log::creating acquire job::YES +bob:: cat /var/log/daemon.log::creating acquire job::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*CN=moon.strongswan.org.*CN=alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=moon.strongswan.org.*CN=sun.strongswan.org::YES +alice::ipsec status 2> /dev/null::remote.*ESTABLISHED.*CN=alice@strongswan.org.*CN=moon.strongswan.org::YES +sun:: ipsec status 2> /dev/null::remote\[1]: ESTABLISHED.*CN=sun.strongswan.org.*CN=moon.strongswan.org::YES +sun:: ipsec status 2> /dev/null::remote\[2]: ESTABLISHED.*CN=sun.strongswan.org.*CN=bob@strongswan.org::YES +bob:: ipsec status 2> /dev/null::sun.*ESTABLISHED.*CN=bob@strongswan.org.*CN=sun.strongswan.org::YES +moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TRANSPORT::YES +moon:: ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES +alice::ipsec status 2> /dev/null::remote.*INSTALLED, TRANSPORT::YES +sun:: ipsec status 2> /dev/null::remote[{]1}.*INSTALLED, TRANSPORT::YES +sun:: ipsec status 2> /dev/null::remote[{]2}.*INSTALLED, TRANSPORT::YES +bob:: ipsec status 2> /dev/null::sun.*INSTALLED, TRANSPORT::YES alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf index eb7dfe8484..e71d34729a 100755 --- a/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf index 40d029b3e3..c4ded50282 100755 --- a/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf index ab05343316..e1880ee1de 100755 --- a/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf index 71699b08e9..0bab2caace 100755 --- a/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/compress/evaltest.dat b/testing/tests/ikev2/compress/evaltest.dat index 22dd948668..b989a77744 100644 --- a/testing/tests/ikev2/compress/evaltest.dat +++ b/testing/tests/ikev2/compress/evaltest.dat @@ -1,8 +1,10 @@ -moon::cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES -moon::cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES -carol::ipsec status::home.*INSTALLED::YES -moon::ipsec status::rw.*INSTALLED::YES -moon::ip xfrm state::proto comp spi::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL.*IPCOMP::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL.*IPCOMP::YES +moon:: cat /var/log/daemon.log::IKE_AUTH request.*N(IPCOMP_SUP)::YES +moon:: cat /var/log/daemon.log::IKE_AUTH response.*N(IPCOMP_SUP)::YES +moon:: ip xfrm state::proto comp spi::YES carol::ip xfrm state::proto comp spi::YES carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf index 670a50c00c..24815976db 100755 --- a/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf index 91abfd4da9..4eaffb809e 100755 --- a/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload-swapped/evaltest.dat b/testing/tests/ikev2/config-payload-swapped/evaltest.dat index 73d5ea206d..3c41a596c2 100644 --- a/testing/tests/ikev2/config-payload-swapped/evaltest.dat +++ b/testing/tests/ikev2/config-payload-swapped/evaltest.dat @@ -1,15 +1,19 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw-carol.*INSTALLED::YES -moon::ipsec status::rw-dave.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf index 6894a952c3..7d8031b1c3 100755 --- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf index cefbc82707..f665448967 100755 --- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf index 222673704f..1e2dc5c423 100755 --- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/evaltest.dat b/testing/tests/ikev2/config-payload/evaltest.dat index 3451112ccc..a429e9b32b 100644 --- a/testing/tests/ikev2/config-payload/evaltest.dat +++ b/testing/tests/ikev2/config-payload/evaltest.dat @@ -1,17 +1,21 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES -carol::ipsec status::home.*INSTALLED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw-carol.*INSTALLED::YES -moon::ipsec status::rw-dave.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf index cb5f6406bf..57829ad2c2 100644 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf index cb5f6406bf..57829ad2c2 100644 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf index bb558fe255..ee2d120941 100755 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf index f763e3ef13..1ec24a257a 100644 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,8 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown attr + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown attr + dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS } diff --git a/testing/tests/ikev2/critical-extension/evaltest.dat b/testing/tests/ikev2/critical-extension/evaltest.dat index 8c2f8ec9dc..05c2c2f4d4 100644 --- a/testing/tests/ikev2/critical-extension/evaltest.dat +++ b/testing/tests/ikev2/critical-extension/evaltest.dat @@ -1,6 +1,8 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED::NO moon::cat /var/log/daemon.log::sending end entity cert::YES moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -sun::cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES -sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES -sun::cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES -sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES +sun:: cat /var/log/daemon.log::critical 'strongSwan' extension not supported::YES +sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES +sun:: cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES +sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES diff --git a/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf index 2e3c9dde45..11d2aefe68 100755 --- a/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/critical-extension/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf index 19e1971318..15ba692a09 100755 --- a/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/critical-extension/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/crl-from-cache/evaltest.dat b/testing/tests/ikev2/crl-from-cache/evaltest.dat index 2f4cf7afab..2d649bbee9 100644 --- a/testing/tests/ikev2/crl-from-cache/evaltest.dat +++ b/testing/tests/ikev2/crl-from-cache/evaltest.dat @@ -1,10 +1,12 @@ -moon::cat /var/log/daemon.log::loaded crl from::YES -moon::cat /var/log/daemon.log::crl is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec listcrls:: ok::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::loaded crl from::YES +moon:: cat /var/log/daemon.log::crl is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES +moon:: cat /var/log/daemon.log::using cached crl::YES +moon:: ipsec listcrls 2> /dev/null:: ok::YES carol::cat /var/log/daemon.log::loaded crl from::YES carol::cat /var/log/daemon.log::crl is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -carol::ipsec listcrls:: ok::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +carol::cat /var/log/daemon.log::using cached crl::YES +carol::ipsec listcrls 2> /dev/null:: ok::YES diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf index 4d47c831c8..633d921add 100755 --- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf index 9488a68229..cc5f11ddea 100755 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-ldap/evaltest.dat b/testing/tests/ikev2/crl-ldap/evaltest.dat index 5ab094401b..b0774c64dd 100644 --- a/testing/tests/ikev2/crl-ldap/evaltest.dat +++ b/testing/tests/ikev2/crl-ldap/evaltest.dat @@ -1,12 +1,12 @@ -moon::cat /var/log/daemon.log::loaded crl from::YES -moon::cat /var/log/daemon.log::crl is stale::YES -moon::cat /var/log/daemon.log::fetching crl from.*ldap::YES -moon::cat /var/log/daemon.log::crl is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::loaded crl from::YES +moon:: cat /var/log/daemon.log::crl is stale::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap::YES +moon:: cat /var/log/daemon.log::crl is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::loaded crl from::YES carol::cat /var/log/daemon.log::crl is stale::YES carol::cat /var/log/daemon.log::fetching crl from.*ldap::YES carol::cat /var/log/daemon.log::crl is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf index 26d34de477..35967d7504 100755 --- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf index 1d2a685280..6a6b9129fb 100755 --- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-revoked/evaltest.dat b/testing/tests/ikev2/crl-revoked/evaltest.dat index 62ed8676a0..4f3e10ba17 100644 --- a/testing/tests/ikev2/crl-revoked/evaltest.dat +++ b/testing/tests/ikev2/crl-revoked/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::certificate was revoked::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO +moon:: cat /var/log/daemon.log::certificate was revoked::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf index cbab29414a..9b8a8c2932 100755 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf index dd50c335b6..8eff71e615 100755 --- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/crl-to-cache/evaltest.dat b/testing/tests/ikev2/crl-to-cache/evaltest.dat index afc8f67e41..fe6a55aaef 100644 --- a/testing/tests/ikev2/crl-to-cache/evaltest.dat +++ b/testing/tests/ikev2/crl-to-cache/evaltest.dat @@ -1,4 +1,4 @@ -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES carol::cat /var/log/daemon.log::written crl .*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf index 4d47c831c8..633d921add 100755 --- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf index 9488a68229..cc5f11ddea 100755 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes cachecrls=yes plutostart=no diff --git a/testing/tests/ikev2/default-keys/evaltest.dat b/testing/tests/ikev2/default-keys/evaltest.dat index 2c1e11c972..1c206fff0a 100644 --- a/testing/tests/ikev2/default-keys/evaltest.dat +++ b/testing/tests/ikev2/default-keys/evaltest.dat @@ -1,7 +1,9 @@ carol::cat /var/log/auth.log::scepclient::YES -moon::cat /var/log/auth.log::scepclient::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -moon::ipsec statusall::carol.*ESTABLISHED::YES +moon:: cat /var/log/auth.log::scepclient::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*CN=carol.*CN=moon::YES +moon:: ipsec status 2> /dev/null::carol.*ESTABLISHED.*CN=moon.*CN=carol::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::carol.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf index 9574f18bba..7f3df2d691 100755 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf index 5b2c4e3f42..165dc54639 100755 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat index b3814084f7..4b0ddace70 100644 --- a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat +++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.50/32::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.51/32::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf index 3868a7a385..642a7cd2e4 100755 --- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat index 8abd2416a6..830094c7a7 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf index 3868a7a385..642a7cd2e4 100755 --- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat index 8abd2416a6..830094c7a7 100644 --- a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES -moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*10.1.0.0/16 === 10.1.0.30/32::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*10.1.0.0/16 === 10.1.0.40/32::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf index 3868a7a385..642a7cd2e4 100755 --- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat-net/evaltest.dat b/testing/tests/ikev2/double-nat-net/evaltest.dat index aa69dabfad..2fe67cb9aa 100644 --- a/testing/tests/ikev2/double-nat-net/evaltest.dat +++ b/testing/tests/ikev2/double-nat-net/evaltest.dat @@ -1,5 +1,7 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -bob::ipsec statusall::nat-t.*INSTALLED::YES +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES +bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf index c8aa460cf9..2d52634a2f 100755 --- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf index f0c5b6f157..57880fa29b 100755 --- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat/evaltest.dat b/testing/tests/ikev2/double-nat/evaltest.dat index 77deea2a7f..0812bae4ee 100644 --- a/testing/tests/ikev2/double-nat/evaltest.dat +++ b/testing/tests/ikev2/double-nat/evaltest.dat @@ -1,5 +1,7 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -bob::ipsec statusall::nat-t.*INSTALLED::YES +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES +bob:: ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +bob:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf index 26830f3907..310fda677d 100755 --- a/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf index b4a24cb1fa..f1f02b1833 100755 --- a/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf +++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-clear/evaltest.dat b/testing/tests/ikev2/dpd-clear/evaltest.dat index 86c0227bd5..c1a2719031 100644 --- a/testing/tests/ikev2/dpd-clear/evaltest.dat +++ b/testing/tests/ikev2/dpd-clear/evaltest.dat @@ -1,6 +1,8 @@ -carol::ipsec statusall::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -moon::sleep 180::no output expected::NO -moon::cat /var/log/daemon.log::sending DPD request::YES -moon::cat /var/log/daemon.log::retransmit.*of request::YES -moon::cat /var/log/daemon.log::giving up after 5 retransmits::YES +moon:: sleep 180::no output expected::NO +moon:: cat /var/log/daemon.log::sending DPD request::YES +moon:: cat /var/log/daemon.log::retransmit.*of request::YES +moon:: cat /var/log/daemon.log::giving up after 5 retransmits::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf index bcdb8641bb..d0e7ae27fa 100755 --- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf index cdb40d72d9..ae01a624bd 100755 --- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-hold/evaltest.dat b/testing/tests/ikev2/dpd-hold/evaltest.dat index 2cf0637620..4c035a6e97 100644 --- a/testing/tests/ikev2/dpd-hold/evaltest.dat +++ b/testing/tests/ikev2/dpd-hold/evaltest.dat @@ -1,14 +1,14 @@ -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES -moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO carol::sleep 180::no output expected::NO carol::cat /var/log/daemon.log::sending DPD request::YES carol::cat /var/log/daemon.log::retransmit.*of request::YES carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::ping -c 1 PH_IP_ALICE::trigger route::NO carol::sleep 2::no output expected::NO -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf index bfc8ac34c1..d5cc10d591 100755 --- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf index cdb40d72d9..ae01a624bd 100755 --- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-restart/evaltest.dat b/testing/tests/ikev2/dpd-restart/evaltest.dat index 28edd4823c..962bd06367 100644 --- a/testing/tests/ikev2/dpd-restart/evaltest.dat +++ b/testing/tests/ikev2/dpd-restart/evaltest.dat @@ -1,13 +1,13 @@ -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES -moon::iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO carol::sleep 180::no output expected::NO carol::cat /var/log/daemon.log::sending DPD request::YES carol::cat /var/log/daemon.log::retransmit.*of request::YES carol::cat /var/log/daemon.log::giving up after 5 retransmits::YES carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO -moon::iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO +moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO carol::sleep 10::no output expected::NO -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf index 631eac9b69..f1c4669766 100755 --- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf index cdb40d72d9..ae01a624bd 100755 --- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat index 9377d9fd22..74150fb04b 100644 --- a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::NULL_AES_GMAC_256::YES -carol::ipsec statusall::NULL_AES_GMAC_256::YES +moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES +carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES carol::ip xfrm state::aead rfc4543(gcm(aes))::YES -moon::ip xfrm state::aead rfc4543(gcm(aes))::YES +moon:: ip xfrm state::aead rfc4543(gcm(aes))::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf index f3a266c7da..44babd983d 100755 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf index bbdb383018..71697b12ec 100755 --- a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat index d65d712405..a66edc5fe9 100644 --- a/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-md5-128/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES -carol::ipsec statusall::3DES_CBC/HMAC_MD5_128::YES -moon::ip xfrm state::auth hmac(md5)::YES +moon:: ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES +carol::ipsec statusall 2> /dev/null::3DES_CBC/HMAC_MD5_128::YES +moon:: ip xfrm state::auth hmac(md5)::YES carol::ip xfrm state::auth hmac(md5)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf index 09797799f6..ae5800beba 100755 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf index ae83aaf584..7af2b0dd98 100755 --- a/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-md5-128/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-null/evaltest.dat b/testing/tests/ikev2/esp-alg-null/evaltest.dat index bebca1f616..937d85ed2b 100644 --- a/testing/tests/ikev2/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-null/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::NULL/HMAC_SHA1_96::YES -carol::ipsec statusall::NULL/HMAC_SHA1_96::YES -moon::ip xfrm state::enc ecb(cipher_null)::YES +moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +moon:: ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf index 5640d74fcd..dbf53b56ab 100755 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf index 91f4a7c7f8..deb022fed1 100755 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat index b0277271dd..52c27cba58 100644 --- a/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat +++ b/testing/tests/ikev2/esp-alg-sha1-160/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES -carol::ipsec statusall::AES_CBC_128/HMAC_SHA1_160::YES -moon::ip xfrm state::auth hmac(sha1)::YES +moon:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES +carol::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_160::YES +moon:: ip xfrm state::auth hmac(sha1)::YES carol::ip xfrm state::auth hmac(sha1)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 204::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 204::YES diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf index 3991d517d2..d2a4b5ea1d 100755 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf index 893419585a..25aa11a76d 100755 --- a/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/esp-alg-sha1-160/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat index d48812f476..21b10d1703 100644 --- a/testing/tests/ikev2/farp/evaltest.dat +++ b/testing/tests/ikev2/farp/evaltest.dat @@ -1,11 +1,15 @@ -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ipsec status::home.*INSTALLED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec status::rw-carol.*INSTALLED::YES -moon::ipsec status::rw-dave.*INSTALLED::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf index 19dd5d3e67..457b7a9b95 100755 --- a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/force-udp-encaps/evaltest.dat b/testing/tests/ikev2/force-udp-encaps/evaltest.dat index 35f01d4919..d7fe707ab0 100644 --- a/testing/tests/ikev2/force-udp-encaps/evaltest.dat +++ b/testing/tests/ikev2/force-udp-encaps/evaltest.dat @@ -1,6 +1,8 @@ +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat.t.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES alice::cat /var/log/daemon.log::faking NAT situation to enforce UDP encapsulation::YES -alice::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +alice:: ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP alice.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > alice.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf index 2074646cc5..842b72d470 100755 --- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf index a2c168601f..0592ad3138 100755 --- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-cert/evaltest.dat b/testing/tests/ikev2/host2host-cert/evaltest.dat index 8d5d8167a8..53e5589cab 100644 --- a/testing/tests/ikev2/host2host-cert/evaltest.dat +++ b/testing/tests/ikev2/host2host-cert/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::host-host.*ESTABLISHED::YES -sun::ipsec statusall::host-host.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf index ec9ac5b800..37ac6a6111 100755 --- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf index 484eb995ff..d47a5c2e1d 100755 --- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-swapped/evaltest.dat b/testing/tests/ikev2/host2host-swapped/evaltest.dat index 8d5d8167a8..53e5589cab 100644 --- a/testing/tests/ikev2/host2host-swapped/evaltest.dat +++ b/testing/tests/ikev2/host2host-swapped/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::host-host.*ESTABLISHED::YES -sun::ipsec statusall::host-host.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf index 981c7f073d..b20e94e69c 100755 --- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf index e3fc2b7286..e3c0f698c5 100755 --- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-transport/evaltest.dat b/testing/tests/ikev2/host2host-transport/evaltest.dat index b3cade48c7..3021b5e045 100644 --- a/testing/tests/ikev2/host2host-transport/evaltest.dat +++ b/testing/tests/ikev2/host2host-transport/evaltest.dat @@ -1,8 +1,7 @@ -moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES -moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES -sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES -moon::ip xfrm state::mode transport::YES -sun::ip xfrm state::mode transport::YES +moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES +sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf index 7f6c5a58a3..7b4ab64153 100755 --- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf index af52fb22b8..c2d251a122 100755 --- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/inactivity-timeout/evaltest.dat b/testing/tests/ikev2/inactivity-timeout/evaltest.dat index a8975481f7..dceceaef69 100644 --- a/testing/tests/ikev2/inactivity-timeout/evaltest.dat +++ b/testing/tests/ikev2/inactivity-timeout/evaltest.dat @@ -1,8 +1,8 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::sleep 15::NO carol::cat /var/log/daemon.log::deleting CHILD_SA after 10 seconds of inactivity::YES -moon::ipsec statusall::rw.*INSTALLED::NO -carol::ipsec statusall::home.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED::NO carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf index 5fbb996170..89a0be7eac 100755 --- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf index c3d4173020..b2e2c4dc9a 100755 --- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-db/evaltest.dat b/testing/tests/ikev2/ip-pool-db/evaltest.dat index f9d0cbb37f..941cb34c06 100644 --- a/testing/tests/ikev2/ip-pool-db/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-db/evaltest.dat @@ -4,26 +4,30 @@ carol::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES -dave::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES -dave::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES -moon::cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES -moon::cat /var/log/daemon.log::assigning virtual IP::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES +dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES +dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES +moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES +moon:: cat /var/log/daemon.log::assigning virtual IP::YES moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +moon::ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon::ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon::ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon::ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf index b3413830fd..bc0a0ac1c4 100755 --- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-wish/evaltest.dat b/testing/tests/ikev2/ip-pool-wish/evaltest.dat index d02d422abd..fd15d52097 100644 --- a/testing/tests/ikev2/ip-pool-wish/evaltest.dat +++ b/testing/tests/ikev2/ip-pool-wish/evaltest.dat @@ -1,18 +1,22 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES -moon::cat /var/log/daemon.log::assigning virtual IP::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org.::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES +moon:: cat /var/log/daemon.log::assigning virtual IP::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf index c9867c7d4f..81e0202c43 100755 --- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf index 98dd992714..86d1f2e4cb 100755 --- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf index 0b4cded6c1..d6657cd9a9 100755 --- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool/evaltest.dat b/testing/tests/ikev2/ip-pool/evaltest.dat index b130d45652..50b7f11592 100644 --- a/testing/tests/ikev2/ip-pool/evaltest.dat +++ b/testing/tests/ikev2/ip-pool/evaltest.dat @@ -1,21 +1,25 @@ carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES -carol::ipsec status::home.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES -dave::ipsec status::home.*INSTALLED::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool::YES -moon::cat /var/log/daemon.log::peer requested virtual IP %any::YES -moon::cat /var/log/daemon.log::assigning virtual IP::YES -moon::ipsec leases rw::2/15, 2 online::YES -moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES -moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES +moon:: cat /var/log/daemon.log::assigning virtual IP::YES +moon:: ipsec leases rw 2> /dev/null::2/15, 2 online::YES +moon:: ipsec leases rw 10.3.0.1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec leases rw 10.3.0.2 2> /dev/null::dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::ESP +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::ESP moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf index 0b4cded6c1..d6657cd9a9 100755 --- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-split-pools-db/evaltest.dat b/testing/tests/ikev2/ip-split-pools-db/evaltest.dat index 8fd47dc349..60a537b02f 100644 --- a/testing/tests/ikev2/ip-split-pools-db/evaltest.dat +++ b/testing/tests/ikev2/ip-split-pools-db/evaltest.dat @@ -1,15 +1,19 @@ +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES -carol::ipsec status::home.*INSTALLED::YES -dave::cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES -dave::ipsec status::home.*INSTALLED::YES -moon::cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES -moon::cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES -moon::cat /var/log/daemon.log::no available address found in pool.*pool0::YES -moon::cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES -moon::cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES -moon::ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES -moon::ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES -moon::ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.1.1::YES +moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.0.1 in pool.*pool0::YES +moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer::YES +moon:: cat /var/log/daemon.log::no available address found in pool.*pool0::YES +moon:: cat /var/log/daemon.log::acquired new lease for address 10.3.1.1 in pool.*pool1::YES +moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.1.1 to peer::YES +moon:: ipsec pool --status 2> /dev/null::pool0.*10.3.0.1.*10.3.0.1.*48h.*1 .*1 .*1 ::YES +moon:: ipsec pool --status 2> /dev/null::pool1.*10.3.1.1.*10.3.1.1.*48h.*1 .*1 .*1 ::YES +moon:: ipsec pool --leases --filter pool=pool0,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=pool1,addr=10.3.1.1,id=dave@strongswan.org 2> /dev/null::online::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf index c0f9756e4d..4ef94c753b 100755 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat index ba2b07a10f..fd0413d113 100644 --- a/testing/tests/ikev2/ip-two-pools-db/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-db/evaltest.dat @@ -1,29 +1,37 @@ -carol::ipsec status::home.*INSTALLED::YES -dave::ipsec status::home.*INSTALLED::YES -alice::ipsec status::home.*INSTALLED::YES -venus::ipsec status::home.*INSTALLED::YES -moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::ext.*ESTABLISHED.*dave@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*venus.strongswan.org::YES -moon::ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES -moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES -moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES -moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES +venus::ipsec status 2> /dev/null::home.*ESTABLISHED.*venus.strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int\[3]: ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int\[4]: ESTABLISHED.*moon.strongswan.org.*venus.strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext[{]1}.*INSTALLED. TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext[{]2}.*INSTALLED. TUNNEL::YES +moon:: ipsec status 2> /dev/null::int[{]3}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::int[{]4}.*INSTALLED, TUNNEL::YES +moon:: ipsec pool --status 2> /dev/null::extpool.*10.3.0.1.*10.3.1.244.*48h.*2::YES +moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*2::YES +moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=extpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES +moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.2,id=venus.strongswan.org 2> /dev/null::online::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES -dave::cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES +dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES venus::cat /var/log/daemon.log::installing new virtual IP 10.4.0.2::YES carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES -dave::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES +dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU to /etc/resolv.conf::YES alice::cat /var/log/daemon.log::installing DNS server PH_IP_ALICE to /etc/resolv.conf::YES venus::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS to /etc/resolv.conf::YES alice::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -dave::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES alice::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES -dave::ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES +dave:: ping -c 1 10.4.0.2::64 bytes from 10.4.0.2: icmp_seq=1::YES alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES dave::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf index d925a25645..403ed3b1b0 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf index 2b673ec4d0..d84d261406 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf index 22f9b6634c..a53c9111cd 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf index a4c37e117e..996f52fe36 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf index 2dbd84fe79..2e0c50d2db 100755 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat index 1505de7513..05d8493e21 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools-mixed/evaltest.dat @@ -1,12 +1,16 @@ -carol::ipsec status::home.*INSTALLED::YES -alice::ipsec status::home.*INSTALLED::YES -moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES -moon::ipsec leases ext::1/15, 1 online::YES -moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES -moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES -moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES +moon:: ipsec leases ext 2> /dev/null::1/15, 1 online::YES +moon:: ipsec leases ext 10.3.0.1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES +moon:: ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf index f5ce1687e5..4a47ce5456 100755 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf index e647f1e36c..a600d5e263 100755 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf index d80bb53058..1ce2634d5a 100755 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools/evaltest.dat b/testing/tests/ikev2/ip-two-pools/evaltest.dat index ac0a3eeb30..c894edf9f4 100644 --- a/testing/tests/ikev2/ip-two-pools/evaltest.dat +++ b/testing/tests/ikev2/ip-two-pools/evaltest.dat @@ -1,13 +1,17 @@ -carol::ipsec status::home.*INSTALLED::YES -alice::ipsec status::home.*INSTALLED::YES -moon::ipsec status::ext.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::int.*ESTABLISHED.*alice@strongswan.org::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES -moon::cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES -moon::ipsec leases ext::1/15, 1 online::YES -moon::ipsec leases int::1/15, 1 online::YES -moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES -moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +alice::ipsec status 2> /dev/null::home.*ESTABLISHED.*alice@strongswan.org.*moon.strongswan.org::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ext.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::int.*ESTABLISHED.*moon.strongswan.org.*alice@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ext.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::int.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES +moon:: cat /var/log/daemon.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES +moon:: ipsec leases ext 2> /dev/null::1/15, 1 online::YES +moon:: ipsec leases int 2> /dev/null::1/15, 1 online::YES +moon:: ipsec leases ext 10.3.0.1 2> /dev/null::carol@strongswan.org::YES +moon:: ipsec leases int 10.4.0.1 2> /dev/null::alice@strongswan.org::YES carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES alice::cat /var/log/daemon.log::installing new virtual IP 10.4.0.1::YES carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf index f5ce1687e5..4a47ce5456 100755 --- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf index e647f1e36c..a600d5e263 100755 --- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf index 8435479fa3..c13a8c3096 100755 --- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-nat/evaltest.dat b/testing/tests/ikev2/mobike-nat/evaltest.dat index f2758eb35b..aded7a0405 100644 --- a/testing/tests/ikev2/mobike-nat/evaltest.dat +++ b/testing/tests/ikev2/mobike-nat/evaltest.dat @@ -1,14 +1,14 @@ -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_MOON::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf index ed670efb1e..5e7d48ec48 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf index ca4d84e16e..faf9c8663e 100755 --- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat index 94dea0b14b..c4c7b0b6f3 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/mobike-virtual-ip/evaltest.dat @@ -1,14 +1,14 @@ -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES -alice::ipsec statusall::10.3.0.3/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === 10.3.0.3/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES +alice::ipsec statusall 2> /dev/null::10.3.0.3/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === 10.3.0.3/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf index ed670efb1e..5e7d48ec48 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf index 1c8be1db42..b77b148615 100755 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike/evaltest.dat b/testing/tests/ikev2/mobike/evaltest.dat index 6c49c04256..ebf5ad4cfe 100644 --- a/testing/tests/ikev2/mobike/evaltest.dat +++ b/testing/tests/ikev2/mobike/evaltest.dat @@ -1,14 +1,14 @@ -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES -alice::ipsec statusall::PH_IP_ALICE1/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE1/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE1.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE1::YES +alice::ipsec statusall 2> /dev/null::PH_IP_ALICE1/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE1/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::/etc/init.d/net.eth1 stop::No output expected::NO alice::sleep 1::No output expected::NO -alice::ipsec statusall::ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES -sun::ipsec statusall::ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES -alice::ipsec statusall::PH_IP_ALICE/32 === 10.2.0.0/16::YES -sun::ipsec statusall::10.2.0.0/16 === PH_IP_ALICE/32::YES +alice::ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_ALICE.*PH_IP_SUN::YES +sun:: ipsec status 2> /dev/null::mobike.*ESTABLISHED.*PH_IP_SUN.*PH_IP_ALICE::YES +alice::ipsec statusall 2> /dev/null::PH_IP_ALICE/32 === 10.2.0.0/16::YES +sun:: ipsec statusall 2> /dev/null::10.2.0.0/16 === PH_IP_ALICE/32::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::alice1.strongswan.org.*sun.strongswan.org: ESP.*seq=0x1::YES sun::tcpdump::sun.strongswan.org.*alice1.strongswan.org: ESP.*seq=0x1::YES diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf index 6c87468bb6..1ead52b8d1 100755 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf index 4806cd9c87..fa54c3f649 100755 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat index 897db40ede..4a72b4392b 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/evaltest.dat @@ -1,11 +1,11 @@ -moon::cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES -moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES +moon:: cat /var/log/daemon.log::parsed IKE_AUTH request.*N(AUTH_FOLLOWS)::YES +moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES -moon::cat /var/log/daemon.log::received EAP identity .*228060123456001::YES -moon::cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES -moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED.*228060123456001@strongswan.org::YES +moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES +moon:: cat /var/log/daemon.log::authentication of .*228060123456001@strongswan.org.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456001@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*228060123456001@strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES @@ -15,7 +15,7 @@ dave::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES moon::cat /var/log/daemon.log::received EAP identity .*228060123456002::YES moon::cat /var/log/daemon.log::RADIUS authentication of '228060123456002' failed::YES moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer 228060123456002@strongswan.org::YES -moon::ipsec statusall::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO +moon::ipsec status 2> /dev/null::rw-mult.*ESTABLISHED.*228060123456002@strongswan.org::NO dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave::ipsec status 2> /dev/null::home.*ESTABLISHED::NO dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf index f8c52be786..d77e6c5dba 100755 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/ipsec.conf @@ -9,7 +9,6 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_DAVE diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf index 37d23b1f51..7ec97d8d69 100755 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat b/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat index d2453bbeed..03426ac445 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-init/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES -dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf index a8a6d2b8f1..38724c59b8 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf index 8647ac8132..717debbd64 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf index 4c84d183b5..94c8a87735 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat index 4b827b4dd3..dcd271772e 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES -dave::cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*INSTALLED::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*INSTALLED::YES +dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf index 9031a948ca..6a343a0a42 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf index 0168be8e11..54e4075aa0 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf index 75138581ed..0d33c23b38 100755 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat index 4a1c7208bf..4abcde1e81 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat @@ -1,19 +1,19 @@ -moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Research CA::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*Sales CA::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*ldap.*strongSwan Root CA::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -carol::ipsec status::venus.*INSTALLED::NO -moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO -moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES -moon::cat /var/log/daemon.log::switching to peer config.*venus::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES -dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -dave::ipsec status::alice.*INSTALLED::NO -moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO +moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES +moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES +moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES +dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*moon.strongswan.org.*ESTABLISHED.*dave@strongswan.org::NO diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf index 39996cf426..49ffd40f3c 100755 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf index e25636a7d0..c3c7afa3a1 100755 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf index 46f1030cdc..6ea3c30355 100755 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat index 6b77a81616..85bbe4ab9e 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-loop/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::maximum path length of 7 exceeded::YES +moon:: cat /var/log/daemon.log::maximum path length of 7 exceeded::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ipsec status::alice.*INSTALLED::NO -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::NO +carol::ipsec status 2> /dev/null::alice.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf index 5c34528a46..0b04269941 100755 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf index 96e493719a..083a501950 100755 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat index 266f0d0daa..913e8f454e 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-pathlen/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES +moon:: cat /var/log/daemon.log::path length of 2 violates constraint of 1::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ipsec status::home.*INSTALLED::NO -moon::ipsec status::duck.*INSTALLED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::duck.*INSTALLED::NO diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf index 64539ccc2c..d303a05124 100755 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf index 528dda39ba..c5f13f9fa0 100755 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat index 182f9e0fc8..008ff2cf86 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-revoked/evaltest.dat @@ -1,4 +1,4 @@ -moon::cat /var/log/daemon.log::certificate was revoked::YES +moon:: cat /var/log/daemon.log::certificate was revoked::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -moon::ipsec status::alice.*ESTABLISHED::NO -carol::ipsec status::home.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED::NO diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf index a042da6d5c..aac041e701 100755 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf index ef1beae7e6..b9ece359fa 100755 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat b/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat index a594745b78..90ee6a7a4b 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca-strict/evaltest.dat @@ -1,6 +1,6 @@ -carol::ipsec status::alice.*INSTALLED::YES -carol::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::ESTABLISHED.*carol@strongswan.org::YES -dave::ipsec status::venus.*INSTALLED::YES -dave::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::ESTABLISHED.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf index 6fcc1578e1..c6f3ca64e8 100755 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf index c4b41aa06d..f190fe1954 100755 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf index 9c02993e79..f5953bda81 100755 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/multi-level-ca/evaltest.dat b/testing/tests/ikev2/multi-level-ca/evaltest.dat index b0814556dd..e1c5be4ed6 100644 --- a/testing/tests/ikev2/multi-level-ca/evaltest.dat +++ b/testing/tests/ikev2/multi-level-ca/evaltest.dat @@ -1,19 +1,19 @@ -moon::cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES -moon::cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES -moon::cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES -carol::ipsec status::alice.*INSTALLED::YES -moon::ipsec status::alice.*ESTABLISHED.*carol@strongswan.org::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES +moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES +moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES +carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org::YES carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -carol::ipsec status::venus.*INSTALLED::NO -moon::ipsec status::venus.*ESTABLISHED.*carol@strongswan.org::NO -moon::cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES -moon::cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES -moon::cat /var/log/daemon.log::switching to peer config.*venus::YES -dave::ipsec status::venus.*INSTALLED::YES -moon::ipsec status::venus.*ESTABLISHED.*dave@strongswan.org::YES -dave::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES -dave::ipsec status::alice.*INSTALLED::NO -moon::ipsec status::alice.*ESTABLISHED.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO +moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES +moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES +moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES +dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES +dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES +dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*dave@strongswan.org::NO diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf index 174e248c23..942757add5 100755 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf index 5c90dd4a22..2f14140ea9 100755 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf index d0240a333b..34b8b72585 100755 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/nat-one-rw/description.txt b/testing/tests/ikev2/nat-one-rw/description.txt deleted file mode 100644 index c3b9bb8201..0000000000 --- a/testing/tests/ikev2/nat-one-rw/description.txt +++ /dev/null @@ -1,5 +0,0 @@ -The roadwarrior alice sitting behind the NAT router moon sets up a tunnel to -gateway sun. UDP encapsulation is used to traverse the NAT router. -leftfirewall=yes automatically inserts iptables-based firewall rules that let pass -the tunneled traffic. In order to test the tunnel, the NAT-ed host alice pings the -client bob behind the gateway sun. diff --git a/testing/tests/ikev2/nat-one-rw/evaltest.dat b/testing/tests/ikev2/nat-one-rw/evaltest.dat deleted file mode 100644 index 7395e55712..0000000000 --- a/testing/tests/ikev2/nat-one-rw/evaltest.dat +++ /dev/null @@ -1,5 +0,0 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf deleted file mode 100644 index 6d9e62e1d5..0000000000 --- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - keep_alive = 1d - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown -} diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf deleted file mode 100755 index a2c168601f..0000000000 --- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -config setup - crlcheckinterval=180 - strictcrlpolicy=no - plutostart=no - -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev2 - left=PH_IP_SUN - leftcert=sunCert.pem - leftid=@sun.strongswan.org - leftfirewall=yes - -conn net-net - leftsubnet=10.2.0.0/16 - right=PH_IP_MOON - rightsubnet=10.1.0.0/16 - rightid=@moon.strongswan.org - auto=add - -conn host-host - right=PH_IP_MOON - rightid=@moon.strongswan.org - auto=add - -conn nat-t - leftsubnet=10.2.0.0/16 - right=%any - rightsubnet=10.1.0.10/32 - auto=add diff --git a/testing/tests/ikev2/nat-one-rw/posttest.dat b/testing/tests/ikev2/nat-one-rw/posttest.dat deleted file mode 100644 index cd0d4df259..0000000000 --- a/testing/tests/ikev2/nat-one-rw/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -alice::ipsec stop -sun::ipsec stop -alice::/etc/init.d/iptables stop 2> /dev/null -sun::/etc/init.d/iptables stop 2> /dev/null -moon::iptables -t nat -F -moon::conntrack -F diff --git a/testing/tests/ikev2/nat-one-rw/pretest.dat b/testing/tests/ikev2/nat-one-rw/pretest.dat deleted file mode 100644 index a4f5ecd794..0000000000 --- a/testing/tests/ikev2/nat-one-rw/pretest.dat +++ /dev/null @@ -1,12 +0,0 @@ -alice::/etc/init.d/iptables start 2> /dev/null -sun::/etc/init.d/iptables start 2> /dev/null -moon::conntrack -F -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 -alice::ipsec start -sun::ipsec start -alice::sleep 4 -alice::ipsec up nat-t -alice::sleep 1 - diff --git a/testing/tests/ikev2/nat-portswitch/description.txt b/testing/tests/ikev2/nat-portswitch/description.txt deleted file mode 100644 index 93b779ee1a..0000000000 --- a/testing/tests/ikev2/nat-portswitch/description.txt +++ /dev/null @@ -1,6 +0,0 @@ -The roadwarrior alice sitting behind the NAT router moon sets up a connection -to gateway sun using IKEv2. UDP encapsulation is used to traverse the NAT router. -The authentication is based on locally loaded X.509 certificates. -After the IPsec Setup NAT router moon "crashes" (i.e. flushes its conntrack -table) and with the next dpd sent from alice a dynamical address update -should occur in gateway sun. diff --git a/testing/tests/ikev2/nat-portswitch/evaltest.dat b/testing/tests/ikev2/nat-portswitch/evaltest.dat deleted file mode 100644 index 75b01a551d..0000000000 --- a/testing/tests/ikev2/nat-portswitch/evaltest.dat +++ /dev/null @@ -1,10 +0,0 @@ -sun::ipsec statusall::rw-alice.*ESTABLISHED::YES -alice::ipsec statusall::home.*ESTABLISHED::YES -moon::cmd::iptables -t nat -F::YES -moon::cmd::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:3024-3100::YES -moon::cmd::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:4000-4100::YES -moon::cmd::conntrack -F::YES -alice::cmd::sleep 75::YES -bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP, length: 132::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP, length: 132::YES diff --git a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf deleted file mode 100644 index cd9de533a0..0000000000 --- a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -version 2.0 # conforms to second version of ipsec.conf specification - -config setup - plutostart=no - -conn home - left=PH_IP_ALICE - leftcert=aliceCert.pem - leftid=alice@strongswan.org - right=PH_IP_SUN - rightcert=sunCert.pem - rightid=@sun.strongswan.org - rightsubnet=10.2.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem deleted file mode 100644 index e7825e3dbe..0000000000 --- a/testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTU1M1oXDTA5MDkwOTExMTU1M1owRTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z -dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ8 -foB9h5BZ92gA5JkQTJNuoF6FAzoq91Gh7To27/g74p01+SUnsSaBfPmNfGp4avdS -Ewy2dWMA/7uj0Dbe8MEKssNztp0JQubp2s7n8mrrQLGsqB6YAS09l75XDjS3yqTC -AtH1kD4zAl/j/AyeQBuLR4CyJEmC/rqD3/a+pr42CaljuFBgBRpCTUpU4mlslZSe -zv9wu61PwTFxb8VDlBHUd/lwkXThKgU3uEhWRxLahpSldEGmiTTmx30k/XbOMF2n -HObEHt5EY9uWRGGbj81ZRWiNk0dNtbpneUHv/NvdWLc591M8cEGEQdWW2XTVbL2G -N67q8hdzGgIvb7QJPMcCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgOoMB0GA1UdDgQWBBQ9xLkyCBbyQmRet0vvV1Fg6z5q2DBtBgNVHSMEZjBkgBRd -p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT -EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB -ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwOQYDVR0fBDIwMDAuoCyg -KoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLmNybDANBgkq -hkiG9w0BAQQFAAOCAQEAGQQroiAa0SwwhJprGd7OM+rfBJAGbsa3DPzFCfHX1R7i -ZyDs9aph1DK+IgUa377Ev1U7oB0EldpmOoJJugCjtNLfpW3t1RXBERL/QfpO2+VP -Wt3SfZ0Oq48jiqB1MVLMZRPCICZEQjT4sJ3HYs5ZuucuvoxeMx3rQ4HxUtHtMD3S -5JNMwFFiOXAjyIyrTlb7YuRJTT5hE+Rms8GUQ5Xnt7zKZ7yfoSLFzy0/cLFPdQvE -JA7w8crODCZpDgEKVHVyUWuyt1O46N3ydUfDcnKJoQ9HWHm3xCbDex5MHTnvm1lk -Stx71CGM7TE6VPy028UlrSw0JqEwCVwstei2cMzwgA== ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem deleted file mode 100644 index e99ae8ec70..0000000000 --- a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz -MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer -GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4 -FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W -6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH -v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc -KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa -60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG -A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0 -cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu -Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn -L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo -2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ -AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5 -D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S -CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi -6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re -JGhV ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-portswitch/posttest.dat b/testing/tests/ikev2/nat-portswitch/posttest.dat deleted file mode 100644 index 3b9f53e9b5..0000000000 --- a/testing/tests/ikev2/nat-portswitch/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -sun::ipsec stop -alice::ipsec stop -sun::rm /etc/ipsec.d/certs/* -alice::rm /etc/ipsec.d/certs/* -moon::iptables -t nat -F -moon::conntrack -F diff --git a/testing/tests/ikev2/nat-portswitch/pretest.dat b/testing/tests/ikev2/nat-portswitch/pretest.dat deleted file mode 100644 index 17cc4b070a..0000000000 --- a/testing/tests/ikev2/nat-portswitch/pretest.dat +++ /dev/null @@ -1,9 +0,0 @@ -sun::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 -sun::ipsec start -alice::ipsec start -alice::sleep 1 -alice::ipsec up home -alice::sleep 1 diff --git a/testing/tests/ikev2/nat-portswitch/test.conf b/testing/tests/ikev2/nat-portswitch/test.conf deleted file mode 100644 index d84149aaf7..0000000000 --- a/testing/tests/ikev2/nat-portswitch/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice moon winnetou sun bob" - -# Corresponding block diagram -# -DIAGRAM="a-m-w-s-b.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="alice sun" diff --git a/testing/tests/ikev2/nat-two-rw-mark/description.txt b/testing/tests/ikev2/nat-rw-mark/description.txt similarity index 100% rename from testing/tests/ikev2/nat-two-rw-mark/description.txt rename to testing/tests/ikev2/nat-rw-mark/description.txt diff --git a/testing/tests/ikev2/nat-two-rw-mark/evaltest.dat b/testing/tests/ikev2/nat-rw-mark/evaltest.dat similarity index 51% rename from testing/tests/ikev2/nat-two-rw-mark/evaltest.dat rename to testing/tests/ikev2/nat-rw-mark/evaltest.dat index 74ba178d9e..db9e969d2c 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/evaltest.dat +++ b/testing/tests/ikev2/nat-rw-mark/evaltest.dat @@ -1,9 +1,11 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -venus::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::alice.*ESTABLISHED.*alice@strongswan.org::YES -sun::ipsec statusall::venus.*ESTABLISHED.*venus.strongswan.org::YES -sun::ipsec statusall::alice.*10.2.0.0/16 === 10.1.0.0/25::YES -sun::ipsec statusall::venus.*10.2.0.0/16 === 10.1.0.0/25::YES +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES +venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES +sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES +sun:: ipsec statusall 2> /dev/null::venus.*10.2.0.0/16 === 10.1.0.0/25::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.ipsec-nat-t: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf similarity index 89% rename from testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf index 0f7c238453..c0244e2ffd 100755 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf similarity index 100% rename from testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf similarity index 92% rename from testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf index ae4644c4b0..1f0ec3734f 100755 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown similarity index 100% rename from testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/mark_updown rename to testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/mark_updown diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-mark/hosts/alice/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf similarity index 89% rename from testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf index c82c3e9789..78df400fd3 100755 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-mark/hosts/sun/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat b/testing/tests/ikev2/nat-rw-mark/posttest.dat similarity index 100% rename from testing/tests/ikev2/nat-two-rw-mark/posttest.dat rename to testing/tests/ikev2/nat-rw-mark/posttest.dat diff --git a/testing/tests/ikev2/nat-two-rw-mark/pretest.dat b/testing/tests/ikev2/nat-rw-mark/pretest.dat similarity index 100% rename from testing/tests/ikev2/nat-two-rw-mark/pretest.dat rename to testing/tests/ikev2/nat-rw-mark/pretest.dat index 105968f454..3ed13d5fa3 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/pretest.dat +++ b/testing/tests/ikev2/nat-rw-mark/pretest.dat @@ -1,6 +1,6 @@ +sun::/etc/init.d/iptables start 2> /dev/null alice::/etc/init.d/iptables start 2> /dev/null venus::/etc/init.d/iptables start 2> /dev/null -sun::/etc/init.d/iptables start 2> /dev/null moon::echo 1 > /proc/sys/net/ipv4/ip_forward moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 500 -j SNAT --to PH_IP_MOON:510 @@ -11,9 +11,9 @@ sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3. sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20 sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 10 sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 20 +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start alice::sleep 2 alice::ipsec up nat-t venus::sleep 2 diff --git a/testing/tests/ikev2/nat-two-rw-mark/test.conf b/testing/tests/ikev2/nat-rw-mark/test.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-mark/test.conf rename to testing/tests/ikev2/nat-rw-mark/test.conf diff --git a/testing/tests/ikev2/nat-rw-mixed/description.txt b/testing/tests/ikev2/nat-rw-mixed/description.txt deleted file mode 100644 index 511a1a8741..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/description.txt +++ /dev/null @@ -1,6 +0,0 @@ -The roadwarriors alice and venus sitting behind the NAT router moon -set up a connection to gateway sun. alice uses the IKEv2 key exchange protocol -whereas venus negotiates the connection via the IKEv1 protocol. -UDP encapsulation is used to traverse the NAT router. -In order to test the tunnel the NAT-ed hosts alice and venus ping the client -bob behind the gateway sun. diff --git a/testing/tests/ikev2/nat-rw-mixed/evaltest.dat b/testing/tests/ikev2/nat-rw-mixed/evaltest.dat deleted file mode 100644 index 685c1b43f8..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -sun::ipsec statusall::rw-alice.*ESTABLISHED::YES -sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES -sun::ipsec status::nat-t.*@venus.strongswan.org::YES -alice::ipsec statusall::home.*ESTABLISHED::YES -sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf deleted file mode 100644 index cd9de533a0..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -version 2.0 # conforms to second version of ipsec.conf specification - -config setup - plutostart=no - -conn home - left=PH_IP_ALICE - leftcert=aliceCert.pem - leftid=alice@strongswan.org - right=PH_IP_SUN - rightcert=sunCert.pem - rightid=@sun.strongswan.org - rightsubnet=10.2.0.0/16 - keyexchange=ikev2 - auto=add diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem deleted file mode 100644 index e7825e3dbe..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIECzCCAvOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTU1M1oXDTA5MDkwOTExMTU1M1owRTELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z -dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ8 -foB9h5BZ92gA5JkQTJNuoF6FAzoq91Gh7To27/g74p01+SUnsSaBfPmNfGp4avdS -Ewy2dWMA/7uj0Dbe8MEKssNztp0JQubp2s7n8mrrQLGsqB6YAS09l75XDjS3yqTC -AtH1kD4zAl/j/AyeQBuLR4CyJEmC/rqD3/a+pr42CaljuFBgBRpCTUpU4mlslZSe -zv9wu61PwTFxb8VDlBHUd/lwkXThKgU3uEhWRxLahpSldEGmiTTmx30k/XbOMF2n -HObEHt5EY9uWRGGbj81ZRWiNk0dNtbpneUHv/NvdWLc591M8cEGEQdWW2XTVbL2G -N67q8hdzGgIvb7QJPMcCAwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQD -AgOoMB0GA1UdDgQWBBQ9xLkyCBbyQmRet0vvV1Fg6z5q2DBtBgNVHSMEZjBkgBRd -p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT -EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB -ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwOQYDVR0fBDIwMDAuoCyg -KoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuLmNybDANBgkq -hkiG9w0BAQQFAAOCAQEAGQQroiAa0SwwhJprGd7OM+rfBJAGbsa3DPzFCfHX1R7i -ZyDs9aph1DK+IgUa377Ev1U7oB0EldpmOoJJugCjtNLfpW3t1RXBERL/QfpO2+VP -Wt3SfZ0Oq48jiqB1MVLMZRPCICZEQjT4sJ3HYs5ZuucuvoxeMx3rQ4HxUtHtMD3S -5JNMwFFiOXAjyIyrTlb7YuRJTT5hE+Rms8GUQ5Xnt7zKZ7yfoSLFzy0/cLFPdQvE -JA7w8crODCZpDgEKVHVyUWuyt1O46N3ydUfDcnKJoQ9HWHm3xCbDex5MHTnvm1lk -Stx71CGM7TE6VPy028UlrSw0JqEwCVwstei2cMzwgA== ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf deleted file mode 100644 index b85bd607b4..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf +++ /dev/null @@ -1,31 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -version 2.0 # conforms to second version of ipsec.conf specification - -config setup - plutodebug=control - crlcheckinterval=180 - nat_traversal=yes - -conn %default - ikelifetime=60m - keylife=20m - left=PH_IP_SUN - leftcert=sunCert.pem - leftid=@sun.strongswan.org - leftsubnet=10.2.0.0/16 - -conn rw-alice - right=%any - rightcert=aliceCert.pem - rightid=alice@strongswan.org - rightsubnet=10.1.0.0/16 - keyexchange=ikev2 - auto=add - -conn nat-t - leftsubnet=10.2.0.0/16 - right=%any - rightsubnetwithin=10.1.0.0/16 - keyexchange=ikev1 - auto=add diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem deleted file mode 100644 index e99ae8ec70..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEHzCCAwegAwIBAgIBBTANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMjQzOVoXDTA5MDkwOTExMjQzOVowVzELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz -MR0wGwYDVQQDFBRhbGljZUBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAK7FyvkE18/oujCaTd8GXBNOH+Cvoy0ibJ8j2sNsBrer -GS1lgxRs8zaVfK9fosadu0UZeWIHsOKkew5469sPvkKK2SGGH+pu+x+xO/vuaEG4 -FlkAu8iGFWLQycLt6BJfcqw7FT8rwNuD18XXBXmP7hRavi/TEElbVYHbO7lm8T5W -6hTr/sYddiSB7X9/ba7JBy6lxmBcUAx5bjiiHLaW/llefkqyhc6dw5nvPZ2DchvH -v/HWvLF9bsvxbBkHU0/z/CEsRuMBI7EPEL4rx3UqmuCUAqiMJTS3IrDaIlfJOLWc -KlbsnE6hHpwmt9oDB9iWBY9WeZUSAtJGFw4b7FCZvQ0CAwEAAaOCAQYwggECMAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRZmh0JtiNTjBsQsfD7ECNa -60iG2jBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkG -A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0 -cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRhbGljZUBzdHJvbmdzd2Fu -Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn -L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQADdQIlJkFtmHEjtuyo -2aIcrsUx98FtvVgB7RpQB8JZlly7UEjvX0CIIvW/7Al5/8h9s1rhrRffX7nXQKAQ -AmPnvD2Pp47obDnHqm/L109S1fcL5BiPN1AlgsseUBwzdqBpyRncPXZoAuBh/BU5 -D/1Dip0hXgB/X6+QymSzRJoSKfpeXVICj1kYH1nIkn0YXthYF3BTrCheCzBlKn0S -CixbCUYsUjtSqld0nG76jyGb/gnWntNettH+RXWe1gm6qREJwfEFdeYviTqx2Uxi -6sBKG/XjNAcMArXb7V6w0YAwCyjwCl49B+mLZaFH+9izzBJ7NyVqhH8ToB1gt0re -JGhV ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem b/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem deleted file mode 100644 index 25a6941b06..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBBDANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ -MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA0MDkxMDExMTgyNloXDTA5MDkwOTExMTgyNlowRzELMAkGA1UE -BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHTAbBgNVBAMTFHZlbnVz -LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -mlQ2s9J7bw73onkw0ZwwcM2JDJuU3KmmuzETlmLdtg7m8yFCdhoDg6cxrsIvPAWy -Gs++1e+1qzy7LTnNHckaHHFwJQf0JoIGE1bbUrJidX8B1T3sDdvZFbyfmQTWSEyJ -thrdqdPS92VJW/9XQOPeEhudIHr+NtWQfCm3OQFKDXGCEkHOjpVNHn3BPUiL99ON -FiLZX3gZy6vTERpEE8ga66fHtpM3RJfIxYoUQUdRw8iIa8iOvRGtJa/MfOWX6L/H -wquRv3SuCl4iMSph7e/VE+z5xx3OyKSAki914DgRFnQITKjyGxw1lORlDQlZy2w/ -nu0BAbXS1pb/2AiF8jDpbQIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADALBgNVHQ8E -BAMCA6gwHQYDVR0OBBYEFEqPlXBYJh1knX0Q61HMcn9LOZ6sMG0GA1UdIwRmMGSA -FF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UE -ChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENB -ggEAMB8GA1UdEQQYMBaCFHZlbnVzLnN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAw -LqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmww -DQYJKoZIhvcNAQEEBQADggEBAEx3kXh2Z5CMH+tX6cJPyi6gSeOgXy7NBiNsEdXN -rwGp4DwN6uiSog4EYZJA203oqE3eaoYdBXKiOGvjW4vyigvpDr8H+MeW2HsNuMKX -PFpY4NucV0fJlzFhtkp31zTLHNESCgTqNIwGj+CbN0rxhHGE6502krnu+C12nJ7B -fdMzml1RmVp4JlZC5yfiTy0F2s/aH+8xQ2x509UoD+boNM9GR+IlWS2dDypISGid -hbM4rpiMLBj2riWD8HiuljkKQ6LemBXeZQXuIPlusl7cH/synNkHk8iiALM8xfGh -wTEmdo5Tp5sDI3cj3LVvhcsTxjiOA81her1F0itlxpEA/gA= ------END CERTIFICATE----- diff --git a/testing/tests/ikev2/nat-rw-mixed/posttest.dat b/testing/tests/ikev2/nat-rw-mixed/posttest.dat deleted file mode 100644 index 0a8ce2bbc5..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/posttest.dat +++ /dev/null @@ -1,6 +0,0 @@ -sun::ipsec stop -alice::ipsec stop -venus::ipsec stop -sun::rm /etc/ipsec.d/certs/* -alice::rm /etc/ipsec.d/certs/* -moon::iptables -t nat -F diff --git a/testing/tests/ikev2/nat-rw-mixed/pretest.dat b/testing/tests/ikev2/nat-rw-mixed/pretest.dat deleted file mode 100644 index d2c5c7df2c..0000000000 --- a/testing/tests/ikev2/nat-rw-mixed/pretest.dat +++ /dev/null @@ -1,11 +0,0 @@ -sun::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100 -moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100 -sun::ipsec start -alice::ipsec start -venus::ipsec start -alice::sleep 1 -venus::ipsec up nat-t -alice::ipsec up home -alice::sleep 1 diff --git a/testing/tests/ikev2/nat-two-rw-psk/description.txt b/testing/tests/ikev2/nat-rw-psk/description.txt similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/description.txt rename to testing/tests/ikev2/nat-rw-psk/description.txt diff --git a/testing/tests/ikev2/nat-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-rw-psk/evaltest.dat new file mode 100644 index 0000000000..051db978a7 --- /dev/null +++ b/testing/tests/ikev2/nat-rw-psk/evaltest.dat @@ -0,0 +1,9 @@ +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +venus::ipsec status 2> /dev/null::nat-t.*INSTALLED. TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_ALICE\]::YES +sun:: ipsec status 2> /dev/null::nat-t.*\[PH_IP_VENUS\]::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES +moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets rename to testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/ipsec.secrets diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets rename to testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/ipsec.secrets diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets rename to testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/ipsec.secrets diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/posttest.dat b/testing/tests/ikev2/nat-rw-psk/posttest.dat similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/posttest.dat rename to testing/tests/ikev2/nat-rw-psk/posttest.dat diff --git a/testing/tests/ikev2/nat-two-rw-psk/pretest.dat b/testing/tests/ikev2/nat-rw-psk/pretest.dat similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/pretest.dat rename to testing/tests/ikev2/nat-rw-psk/pretest.dat index 5e23259bb5..6a542ec8ff 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/pretest.dat +++ b/testing/tests/ikev2/nat-rw-psk/pretest.dat @@ -7,9 +7,9 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to- alice::rm /etc/ipsec.d/cacerts/* venus::rm /etc/ipsec.d/cacerts/* sun::rm /etc/ipsec.d/cacerts/* +sun::ipsec start alice::ipsec start venus::ipsec start -sun::ipsec start alice::sleep 2 alice::ipsec up nat-t venus::sleep 2 diff --git a/testing/tests/ikev2/nat-rw-mixed/test.conf b/testing/tests/ikev2/nat-rw-psk/test.conf similarity index 100% rename from testing/tests/ikev2/nat-rw-mixed/test.conf rename to testing/tests/ikev2/nat-rw-psk/test.conf diff --git a/testing/tests/ikev2/nat-two-rw/description.txt b/testing/tests/ikev2/nat-rw/description.txt similarity index 100% rename from testing/tests/ikev2/nat-two-rw/description.txt rename to testing/tests/ikev2/nat-rw/description.txt diff --git a/testing/tests/ikev2/nat-rw/evaltest.dat b/testing/tests/ikev2/nat-rw/evaltest.dat new file mode 100644 index 0000000000..e0b458dba1 --- /dev/null +++ b/testing/tests/ikev2/nat-rw/evaltest.dat @@ -0,0 +1,18 @@ +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES +venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES +sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon:: sleep 6::no output expected::NO +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES +moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES +alice::cat /var/log/daemon.log::sending keep alive::YES +venus::cat /var/log/daemon.log::sending keep alive::YES diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf similarity index 83% rename from testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf index 3da2fcf864..a425f7bbf1 100755 --- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -13,7 +11,7 @@ conn %default keyexchange=ikev2 conn nat-t - left=%defaultroute + left=%any leftcert=aliceCert.pem leftid=alice@strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf similarity index 63% rename from testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf index 339b56987a..9953ffa946 100644 --- a/testing/tests/ikev2/nat-two-rw-mark/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf @@ -1,5 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown + + keep_alive = 5 } diff --git a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf old mode 100644 new mode 100755 similarity index 64% rename from testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf index a7722142fd..a488d9817f --- a/testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/ipsec.conf @@ -1,20 +1,21 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file -version 2.0 # conforms to second version of ipsec.conf specification - config setup plutostart=no conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn nat-t left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org + leftfirewall=yes leftsubnet=10.2.0.0/16 - keyexchange=ikev2 - -conn rw-alice right=%any - rightcert=aliceCert.pem - rightid=alice@strongswan.org rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf similarity index 67% rename from testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf index 339b56987a..fa8b1ce55a 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf similarity index 83% rename from testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf rename to testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf index 3a70b34345..61671ba08c 100755 --- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -13,7 +11,7 @@ conn %default keyexchange=ikev2 conn nat-t - left=%defaultroute + left=%any leftcert=venusCert.pem leftid=@venus.strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf similarity index 63% rename from testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf rename to testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf index 339b56987a..9953ffa946 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf @@ -1,5 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown + + keep_alive = 5 } diff --git a/testing/tests/ikev2/nat-two-rw/posttest.dat b/testing/tests/ikev2/nat-rw/posttest.dat similarity index 100% rename from testing/tests/ikev2/nat-two-rw/posttest.dat rename to testing/tests/ikev2/nat-rw/posttest.dat diff --git a/testing/tests/ikev2/nat-two-rw/pretest.dat b/testing/tests/ikev2/nat-rw/pretest.dat similarity index 100% rename from testing/tests/ikev2/nat-two-rw/pretest.dat rename to testing/tests/ikev2/nat-rw/pretest.dat diff --git a/testing/tests/ikev2/nat-two-rw-psk/test.conf b/testing/tests/ikev2/nat-rw/test.conf similarity index 100% rename from testing/tests/ikev2/nat-two-rw-psk/test.conf rename to testing/tests/ikev2/nat-rw/test.conf diff --git a/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat b/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat deleted file mode 100644 index 2cab168f0b..0000000000 --- a/testing/tests/ikev2/nat-two-rw-psk/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -venus::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec status::nat-t.*\[PH_IP_ALICE\]::YES -sun::ipsec status::nat-t.*\[PH_IP_VENUS\]::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw/evaltest.dat b/testing/tests/ikev2/nat-two-rw/evaltest.dat deleted file mode 100644 index bd0a4b52b0..0000000000 --- a/testing/tests/ikev2/nat-two-rw/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -venus::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec status::alice@strongswan.org::YES -sun::ipsec status::venus.strongswan.org::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf deleted file mode 100644 index 339b56987a..0000000000 --- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf +++ /dev/null @@ -1,5 +0,0 @@ -# /etc/strongswan.conf - strongSwan configuration file - -charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown -} diff --git a/testing/tests/ikev2/nat-two-rw/test.conf b/testing/tests/ikev2/nat-two-rw/test.conf deleted file mode 100644 index 84317fd701..0000000000 --- a/testing/tests/ikev2/nat-two-rw/test.conf +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# -# This configuration file provides information on the -# UML instances used for this test - -# All UML instances that are required for this test -# -UMLHOSTS="alice venus moon winnetou sun bob" - -# Corresponding block diagram -# -DIAGRAM="a-v-m-w-s-b.png" - -# UML instances on which tcpdump is to be started -# -TCPDUMPHOSTS="moon" - -# UML instances on which IPsec is started -# Used for IPsec logging purposes -# -IPSECHOSTS="alice venus sun" diff --git a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat index 75d5ffbd31..9c98e312ae 100644 --- a/testing/tests/ikev2/nat-virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/nat-virtual-ip/evaltest.dat @@ -1,6 +1,6 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf index e43e0d785b..e5870894d9 100755 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf index 9cede8d566..51dc508a58 100755 --- a/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-cert/evaltest.dat b/testing/tests/ikev2/net2net-cert/evaltest.dat index e67c39a080..c98f5d78de 100644 --- a/testing/tests/ikev2/net2net-cert/evaltest.dat +++ b/testing/tests/ikev2/net2net-cert/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf index 562f268265..def5813b1f 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf index cb17a9e07e..7101d36dc6 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf index 24e5df519e..b93233168c 100755 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf index cb17a9e07e..7101d36dc6 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-esn/evaltest.dat b/testing/tests/ikev2/net2net-esn/evaltest.dat index 928783c871..63058eb885 100644 --- a/testing/tests/ikev2/net2net-esn/evaltest.dat +++ b/testing/tests/ikev2/net2net-esn/evaltest.dat @@ -1,14 +1,16 @@ -sun::cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES -sun::cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES -sun::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES -moon::cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES -moon::ip -s xfrm state::flag af-unspec.*(0x10100000)::YES +sun:: cat /var/log/daemon.log::received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ/NO_EXT_SEQ::YES +sun:: cat /var/log/daemon.log::selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/EXT_SEQ::YES +sun:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES +moon:: cat /var/log/daemon.log::using extended sequence numbers (ESN)::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES +moon:: ip -s xfrm state::flag af-unspec.*(0x10100000)::YES alice::ping -c 10 -i 0 -f PH_IP_BOB::10 packets transmitted, 10 received, 0% packet loss::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES -moon::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES -sun::ipsec statusall::AES_CBC_128/HMAC_SHA1_96/ESN::YES +moon::ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES +sun:: ipsec statusall 2> /dev/null::AES_CBC_128/HMAC_SHA1_96/ESN::YES diff --git a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf index 98f4864d33..dbddd9f5b0 100755 --- a/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2, knl 2" diff --git a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf index 26fde389e9..e3a4944c88 100755 --- a/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-esn/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2, knl 2" diff --git a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat index 1a3759e342..97dd63c5ac 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v3/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec status::net-net.*INSTALLED::YES -sun::ipsec status::net-net.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed.*sun ::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun .*71:27:04:32:cd:76:3a:18:02:0a:c9:88:c0:e7:5a:ed::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat index 1a3759e342..4615c3ed84 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat +++ b/testing/tests/ikev2/net2net-pgp-v4/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec status::net-net.*INSTALLED::YES -sun::ipsec status::net-net.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*b4:2f:31:fe:c8:0a:e3:26:4a:10:1c:85:97:7a:04:ac:8d:16:38:d3.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat index 5881d92467..1556143cfb 100644 --- a/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk-dscp/evaltest.dat @@ -1,7 +1,7 @@ -moon::ipsec statusall::dscp-be.*ESTABLISHED::YES -moon::ipsec statusall::dscp-ef.*ESTABLISHED::YES -sun::ipsec statusall::dscp-be.*ESTABLISHED::YES -sun::ipsec statusall::dscp-ef.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*moon-be.*sun-be::YES +moon:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*moon-ef.*sun-ef::YES +sun:: ipsec status 2> /dev/null::dscp-be.*ESTABLISHED.*sun-be.*moon-be::YES +sun:: ipsec status 2> /dev/null::dscp-ef.*ESTABLISHED.*sun-ef.*moon-ef::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf index d78d27c1ad..9ba79b28e1 100755 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" @@ -15,15 +13,15 @@ conn %default mobike=no conn dscp-be - leftid=@sun-be - rightid=@moon-be + leftid=@moon-be + rightid=@sun-be mark=10 also=net-net auto=add conn dscp-ef - leftid=@sun-ef - rightid=@moon-ef + leftid=@moon-ef + rightid=@sun-ef mark=20 also=net-net auto=add diff --git a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf index 9d2ef74711..94e8c073b4 100755 --- a/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" @@ -15,15 +13,15 @@ conn %default mobike=no conn dscp-be - leftid=@moon-be - rightid=@sun-be + leftid=@sun-be + rightid=@moon-be mark=10 also=net-net auto=add conn dscp-ef - leftid=@moon-ef - rightid=@sun-ef + leftid=@sun-ef + rightid=@moon-ef mark=20 also=net-net auto=add diff --git a/testing/tests/ikev2/net2net-psk-fail/description.txt b/testing/tests/ikev2/net2net-psk-fail/description.txt new file mode 100644 index 0000000000..d41b2c9540 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/description.txt @@ -0,0 +1,4 @@ +A connection between the gateways moon and sun is set up. +The authentication is based on Preshared Keys (PSK), but gateway moon +uses a wrong PSK. Therefore the connection setup is aborted by gateway sun +by sending an AUTHENTICATION_FAILED notify error. diff --git a/testing/tests/ikev2/net2net-psk-fail/evaltest.dat b/testing/tests/ikev2/net2net-psk-fail/evaltest.dat new file mode 100644 index 0000000000..3f5092893b --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/evaltest.dat @@ -0,0 +1,6 @@ +sun:: cat /var/log/daemon.log::tried 1 shared key for.*sun.strongswan.org.*moon.strongswan.org.*but MAC mismatched::YES +moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::NO +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::NO +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf similarity index 67% rename from testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf rename to testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf index 8db43213fc..15d8ddb116 100755 --- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,14 +8,16 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + authby=secret keyexchange=ikev2 + mobike=no -conn nat-t - left=%defaultroute - leftcert=aliceCert.pem - leftid=alice@strongswan.org +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftid=@moon.strongswan.org leftfirewall=yes right=PH_IP_SUN - rightid=@sun.strongswan.org rightsubnet=10.2.0.0/16 + rightid=@sun.strongswan.org auto=add diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets new file mode 100644 index 0000000000..38ebf966c0 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,4 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx + diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf new file mode 100644 index 0000000000..57148a0406 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf similarity index 62% rename from testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf rename to testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf index d8b426318f..e145d9974f 100755 --- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,26 +8,16 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + authby=secret keyexchange=ikev2 - left=PH_IP_SUN - leftcert=sunCert.pem - leftid=@sun.strongswan.org - leftfirewall=yes + mobike=no conn net-net + left=PH_IP_SUN leftsubnet=10.2.0.0/16 + leftid=@sun.strongswan.org + leftfirewall=yes right=PH_IP_MOON rightsubnet=10.1.0.0/16 rightid=@moon.strongswan.org auto=add - -conn host-host - right=PH_IP_MOON - rightid=@moon.strongswan.org - auto=add - -conn nat-t - leftsubnet=10.2.0.0/16 - right=%any - rightsubnet=10.1.0.0/16 - auto=add diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets new file mode 100644 index 0000000000..be95c4d995 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,7 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL + + + + diff --git a/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf new file mode 100644 index 0000000000..57148a0406 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/ikev2/net2net-psk-fail/posttest.dat b/testing/tests/ikev2/net2net-psk-fail/posttest.dat new file mode 100644 index 0000000000..5a9150bc84 --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/net2net-psk-fail/pretest.dat b/testing/tests/ikev2/net2net-psk-fail/pretest.dat new file mode 100644 index 0000000000..976a196dbd --- /dev/null +++ b/testing/tests/ikev2/net2net-psk-fail/pretest.dat @@ -0,0 +1,8 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::rm /etc/ipsec.d/cacerts/* +sun::rm /etc/ipsec.d/cacerts/* +moon::ipsec start +sun::ipsec start +moon::sleep 1 +moon::ipsec up net-net diff --git a/testing/tests/ikev2/nat-one-rw/test.conf b/testing/tests/ikev2/net2net-psk-fail/test.conf similarity index 75% rename from testing/tests/ikev2/nat-one-rw/test.conf rename to testing/tests/ikev2/net2net-psk-fail/test.conf index d84149aaf7..f6e064e7d2 100644 --- a/testing/tests/ikev2/nat-one-rw/test.conf +++ b/testing/tests/ikev2/net2net-psk-fail/test.conf @@ -5,17 +5,17 @@ # All UML instances that are required for this test # -UMLHOSTS="alice moon winnetou sun bob" +UMLHOSTS="moon winnetou sun" # Corresponding block diagram # -DIAGRAM="a-m-w-s-b.png" +DIAGRAM="m-w-s.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="moon" +TCPDUMPHOSTS="" # UML instances on which IPsec is started # Used for IPsec logging purposes # -IPSECHOSTS="alice sun" +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-psk/evaltest.dat b/testing/tests/ikev2/net2net-psk/evaltest.dat index e67c39a080..c98f5d78de 100644 --- a/testing/tests/ikev2/net2net-psk/evaltest.dat +++ b/testing/tests/ikev2/net2net-psk/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf index 4e2fcf17b8..57148a0406 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf index 4e2fcf17b8..57148a0406 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pubkey/evaltest.dat b/testing/tests/ikev2/net2net-pubkey/evaltest.dat index 0ccfb7efdb..e47e709e24 100644 --- a/testing/tests/ikev2/net2net-pubkey/evaltest.dat +++ b/testing/tests/ikev2/net2net-pubkey/evaltest.dat @@ -1,7 +1,7 @@ -moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES -sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES -moon::ipsec status::INSTALLED, TUNNEL::YES -sun::ipsec status::INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat index 149cf727a6..59d0372dcb 100644 --- a/testing/tests/ikev2/net2net-rfc3779/evaltest.dat +++ b/testing/tests/ikev2/net2net-rfc3779/evaltest.dat @@ -1,15 +1,15 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES -moon::cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES -moon::cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -moon::cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -sun::cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES -sun::cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES -sun::cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -sun::cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES -moon::cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES -sun::cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::subject address block 10.2.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES +moon:: cat /var/log/daemon.log::subject address block 192.168.0.2/32 is contained in issuer address block 192.168.0.0/24::YES +moon:: cat /var/log/daemon.log::subject address block fec0:\:2/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +moon:: cat /var/log/daemon.log::subject address block fec2:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +sun:: cat /var/log/daemon.log::subject address block 10.1.0.0/16 is contained in issuer address block 10.1.0.0..10.2.255.255::YES +sun:: cat /var/log/daemon.log::subject address block 192.168.0.1/32 is contained in issuer address block 192.168.0.0/24::YES +sun:: cat /var/log/daemon.log::subject address block fec0:\:1/128 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +sun:: cat /var/log/daemon.log::subject address block fec1:\:/16 is contained in issuer address block fec0:\:..fec2:ffff:ffff:ffff:ffff:ffff:ffff:ffff::YES +moon:: cat /var/log/daemon.log::TS 10.2.0.0/16 is contained in address block constraint 10.2.0.0/16::YES +sun:: cat /var/log/daemon.log::TS 10.1.0.0/16 is contained in address block constraint 10.1.0.0/16::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf index ce59d849cb..68b944359f 100755 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf index afc2e399e6..3f7bc2ac45 100755 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="cfg 2" diff --git a/testing/tests/ikev2/net2net-route/evaltest.dat b/testing/tests/ikev2/net2net-route/evaltest.dat index a89e5a298c..63d1cde243 100644 --- a/testing/tests/ikev2/net2net-route/evaltest.dat +++ b/testing/tests/ikev2/net2net-route/evaltest.dat @@ -1,6 +1,8 @@ -moon::cat /var/log/daemon.log::creating acquire job::YES -moon::ipsec statusall::net-net.*INSTALLED::YES -sun::ipsec statusall::net-net.*INSTALLED::YES +moon:: cat /var/log/daemon.log::creating acquire job::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf index 8a2f8b77c9..c15fdbb4f7 100755 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf index 24e5df519e..b93233168c 100755 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-rsa/evaltest.dat b/testing/tests/ikev2/net2net-rsa/evaltest.dat index 0ccfb7efdb..e47e709e24 100644 --- a/testing/tests/ikev2/net2net-rsa/evaltest.dat +++ b/testing/tests/ikev2/net2net-rsa/evaltest.dat @@ -1,7 +1,7 @@ -moon::ipsec status::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES -sun::ipsec status::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES -moon::ipsec status::INSTALLED, TUNNEL::YES -sun::ipsec status::INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-same-nets/evaltest.dat b/testing/tests/ikev2/net2net-same-nets/evaltest.dat index bf99bb2783..1ca7e2d607 100644 --- a/testing/tests/ikev2/net2net-same-nets/evaltest.dat +++ b/testing/tests/ikev2/net2net-same-nets/evaltest.dat @@ -1,7 +1,9 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_seq=1::YES -bob::ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES +bob:: ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf index 8f43a4f6e3..fbb054f079 100755 --- a/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf index 33e1e66564..399e374aad 100755 --- a/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-start/evaltest.dat b/testing/tests/ikev2/net2net-start/evaltest.dat index 244dec5bff..dbd06104f9 100644 --- a/testing/tests/ikev2/net2net-start/evaltest.dat +++ b/testing/tests/ikev2/net2net-start/evaltest.dat @@ -1,5 +1,7 @@ -moon::ipsec statusall::net-net.*INSTALLED::YES -sun::ipsec statusall::net-net.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf index 1cc812864c..28e979108b 100755 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf index 24e5df519e..b93233168c 100755 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/net2net-start/pretest.dat b/testing/tests/ikev2/net2net-start/pretest.dat index 6e41d52457..8f3d172072 100644 --- a/testing/tests/ikev2/net2net-start/pretest.dat +++ b/testing/tests/ikev2/net2net-start/pretest.dat @@ -3,4 +3,4 @@ sun::/etc/init.d/iptables start 2> /dev/null sun::ipsec start sun::sleep 2 moon::ipsec start -alice::sleep 3 +moon::sleep 3 diff --git a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat index c08a17943f..e931afb7e9 100644 --- a/testing/tests/ikev2/ocsp-local-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-local-cert/evaltest.dat @@ -1,12 +1,12 @@ -moon::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES -carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES +moon:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES +carol::ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES carol::cat /var/log/daemon.log::requesting ocsp status from::YES carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf index e2602f08a8..ba9779cb51 100755 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf index 119d14a42a..b79c056abb 100755 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat index 768de938b3..c41a668f05 100644 --- a/testing/tests/ikev2/ocsp-multi-level/evaltest.dat +++ b/testing/tests/ikev2/ocsp-multi-level/evaltest.dat @@ -1,10 +1,10 @@ -moon::ipsec listocspcerts::altNames.*ocsp.*strongswan.org::YES -carol::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES -dave::ipsec listocspcerts::altNames.*ocsp.strongswan.org::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.*strongswan.org::YES +carol::ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES +dave:: ipsec listocspcerts 2> /dev/null::altNames.*ocsp.strongswan.org::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::certificate status is good::YES -dave::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::ESTABLISHED.*carol::YES -moon::ipsec status::ESTABLISHED.*dave::YES -carol::ipsec status::ESTABLISHED::YES -dave::ipsec status::ESTABLISHED::YES +dave:: cat /var/log/daemon.log::certificate status is good::YES +moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*CN=carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*CN=dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::ESTABLISHED.*CN=carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::ESTABLISHED.*CN=dave@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf index 259997f5ca..672b155a1b 100755 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf index 0763d17340..9846658bbb 100755 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf index b0e8336e61..2cea2e4014 100755 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat index a0a045ce85..a2ce5ad93d 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-no-signer-cert/evaltest.dat @@ -1,7 +1,7 @@ -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::ocsp response verification failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES -moon::ipsec status::rw.*ESTABLISHED::NO +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::ocsp response verification failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -carol::ipsec status::home.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-revoked/evaltest.dat b/testing/tests/ikev2/ocsp-revoked/evaltest.dat index 2c31961031..97006c93e0 100644 --- a/testing/tests/ikev2/ocsp-revoked/evaltest.dat +++ b/testing/tests/ikev2/ocsp-revoked/evaltest.dat @@ -1,8 +1,8 @@ -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::certificate was revoked on::YES -moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature failed +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::certificate was revoked on::YES +moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with RSA signature failed carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf index 0d7cf59281..f0ea559527 100755 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf index 119d14a42a..b79c056abb 100755 --- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat index 5bb322accf..0f852d7b1a 100644 --- a/testing/tests/ikev2/ocsp-root-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-root-cert/evaltest.dat @@ -1,10 +1,10 @@ -moon::cat /var/log/daemon.log::requesting ocsp status::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: cat /var/log/daemon.log::requesting ocsp status::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::requesting ocsp status::YES carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf index e2602f08a8..ba9779cb51 100755 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf index 119d14a42a..b79c056abb 100755 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat index f8bf0326a3..7c7813cffb 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-signer-cert/evaltest.dat @@ -1,12 +1,12 @@ -carol::ipsec listcainfos::ocspuris.*http://ocsp.strongswan.org::YES -moon::cat /var/log/daemon.log::requesting ocsp status::YES -moon::cat /var/log/daemon.log::ocsp response correctly signed by::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +carol::ipsec listcainfos 2> /dev/null::ocspuris.*http://ocsp.strongswan.org::YES +moon:: cat /var/log/daemon.log::requesting ocsp status::YES +moon:: cat /var/log/daemon.log::ocsp response correctly signed by::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::requesting ocsp status::YES carol::cat /var/log/daemon.log::ocsp response correctly signed by::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf index 4011a6c17d..83a2fd4b11 100755 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf index ce653cf08e..3adc76790b 100755 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat index 2e0f059c65..c31e05ef54 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat +++ b/testing/tests/ikev2/ocsp-strict-ifuri/evaltest.dat @@ -1,8 +1,8 @@ -moon::cat /var/log/daemon.log::authentication of.*carol.*successful::YES -moon::cat /var/log/daemon.log::libcurl http request failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES -moon::ipsec status::ESTABLISHED.*carol::YES -moon::ipsec status::ESTABLISHED.*dave::NO -carol::ipsec status::ESTABLISHED::YES -dave::ipsec status::ESTABLISHED::NO +moon:: cat /var/log/daemon.log::authentication of.*carol.*successful::YES +moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least SKIPPED::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf index bce685c53a..9c38b45925 100755 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=ifuri plutostart=no diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf index 1ab63e84bb..bca441cbed 100755 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=ifuri plutostart=no diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf index 401e9b5676..8cde4538ff 100755 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=ifuri plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat index 777c326992..f50d5e88c6 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat @@ -1,13 +1,12 @@ -moon::cat /var/log/daemon.log::libcurl http request failed::YES -moon::cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES -moon::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES -moon::cat /var/log/daemon.log::ocsp response is valid::YES -moon::cat /var/log/daemon.log::certificate status is good::YES +moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::ocsp request to.*ocsp2.strongswan.org:8880.*failed::YES +moon:: cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES +moon:: cat /var/log/daemon.log::ocsp response is valid::YES +moon:: cat /var/log/daemon.log::certificate status is good::YES carol::cat /var/log/daemon.log::libcurl http request failed::YES carol::cat /var/log/daemon.log::ocsp request to.*bob.strongswan.org:8800.*failed::YES carol::cat /var/log/daemon.log::requesting ocsp status from.*ocsp.strongswan.org:8880::YES carol::cat /var/log/daemon.log::ocsp response is valid::YES carol::cat /var/log/daemon.log::certificate status is good::YES -moon::ipsec status::rw.*ESTABLISHED::YES -carol::ipsec status::home.*ESTABLISHED::YES - +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf index ff312cc6b6..08c22fa602 100755 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf index 394d941601..c6373ef22a 100755 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat index 1b281507b9..7c0a9a5a42 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat @@ -1,7 +1,7 @@ -moon::cat /var/log/daemon.log::libcurl http request failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed::YES +moon:: cat /var/log/daemon.log::libcurl http request failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed::YES carol::cat /var/log/daemon.log::received AUTHENTICATION_FAILED::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf index ef24ea1915..54cf33c8f5 100755 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf index fe657b4a62..8b73361de0 100755 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat index 45c6ce7c5a..6ba1be6b1f 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat +++ b/testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat @@ -1,7 +1,7 @@ -moon::cat /var/log/daemon.log::requesting ocsp status from::YES -moon::cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES -moon::cat /var/log/daemon.log::ocsp response verification failed::YES -moon::cat /var/log/daemon.log::certificate status is not available::YES -moon::cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES -moon::ipsec status::rw.*ESTABLISHED::NO -carol::ipsec status::home.*ESTABLISHED::NO +moon:: cat /var/log/daemon.log::requesting ocsp status from::YES +moon:: cat /var/log/daemon.log::self-signed certificate.*is not trusted::YES +moon:: cat /var/log/daemon.log::ocsp response verification failed::YES +moon:: cat /var/log/daemon.log::certificate status is not available::YES +moon:: cat /var/log/daemon.log::constraint check failed: RULE_CRL_VALIDATION is FAILED, but requires at least GOOD::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::NO diff --git a/testing/tests/ikev2/protoport-dual/evaltest.dat b/testing/tests/ikev2/protoport-dual/evaltest.dat index bd24b911c9..a65460cc8d 100644 --- a/testing/tests/ikev2/protoport-dual/evaltest.dat +++ b/testing/tests/ikev2/protoport-dual/evaltest.dat @@ -1,7 +1,7 @@ -carol::ipsec statusall::home-icmp.*INSTALLED::YES -carol::ipsec statusall::home-ssh.*INSTALLED::YES -moon::ipsec statusall::rw-icmp.*INSTALLED::YES -moon::ipsec statusall::rw-ssh.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf index 51971a13c9..d7c48a7777 100755 --- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf index 0d7e8db3f4..84ebd77e00 100755 --- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/protoport-route/evaltest.dat b/testing/tests/ikev2/protoport-route/evaltest.dat index 78d0629184..83a5e1bde3 100644 --- a/testing/tests/ikev2/protoport-route/evaltest.dat +++ b/testing/tests/ikev2/protoport-route/evaltest.dat @@ -2,9 +2,9 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES carol::ssh PH_IP_ALICE hostname::alice::YES carol::cat /var/log/daemon.log::creating acquire job::YES -carol::ipsec statusall::home-icmp.*INSTALLED::YES -carol::ipsec statusall::home-ssh.*INSTALLED::YES -moon::ipsec statusall::rw-icmp.*INSTALLED::YES -moon::ipsec statusall::rw-ssh.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf index d76a6ee178..bd0fbbecfe 100755 --- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf index 0d7e8db3f4..84ebd77e00 100755 --- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-early/evaltest.dat b/testing/tests/ikev2/reauth-early/evaltest.dat index b4cbe2f41b..1d3a35916a 100644 --- a/testing/tests/ikev2/reauth-early/evaltest.dat +++ b/testing/tests/ikev2/reauth-early/evaltest.dat @@ -1,5 +1,5 @@ -moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES -carol::ipsec statusall::home\[2\].*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf index 311dc3dc5f..e2432f6234 100755 --- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf index 64a7aef6d7..e0ea953f34 100755 --- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-late/evaltest.dat b/testing/tests/ikev2/reauth-late/evaltest.dat index c0893df652..d86758f9a8 100644 --- a/testing/tests/ikev2/reauth-late/evaltest.dat +++ b/testing/tests/ikev2/reauth-late/evaltest.dat @@ -1,5 +1,5 @@ -moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES -carol::ipsec statusall::home\[2\].*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home\[2]: ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 360[01]s, reauthentication already scheduled in 2[0-5]s::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf index 32a43efac2..0e506d9cae 100755 --- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf index cb5e86a660..6ba9965519 100755 --- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-cert/evaltest.dat b/testing/tests/ikev2/rw-cert/evaltest.dat index 06a0f8cdad..f8cfb111b9 100644 --- a/testing/tests/ikev2/rw-cert/evaltest.dat +++ b/testing/tests/ikev2/rw-cert/evaltest.dat @@ -1,8 +1,13 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf index bcdb8641bb..f666a1c3cc 100755 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,6 +8,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn home left=PH_IP_CAROL @@ -19,5 +18,4 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index e070f9a27b..5e9b4be929 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf index ea8bc92a7c..43cd6c3c3f 100755 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,6 +8,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn home left=PH_IP_DAVE @@ -19,5 +18,4 @@ conn home right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index e070f9a27b..5e9b4be929 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf index 274521386a..218b7b84e0 100755 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -10,6 +8,7 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn rw left=PH_IP_MOON @@ -18,5 +17,4 @@ conn rw leftsubnet=10.1.0.0/16 leftfirewall=yes right=%any - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index e070f9a27b..5e9b4be929 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random x509 revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat index 661e6cfe7f..a39bf3afeb 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/evaltest.dat @@ -1,10 +1,12 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_AKA authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::received EAP identity.*carol::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf index 16171feb30..e50878c398 100755 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat index 3064f02a68..2abfdd19bf 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-aka-rsa/evaltest.dat @@ -1,9 +1,11 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_AKA authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap-aka.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap-aka.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap-aka.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf index 3a1fd98d3b..bf5704b4a5 100755 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat index 3f828141c6..a239b56e73 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/evaltest.dat @@ -2,10 +2,12 @@ carol::cat /var/log/daemon.log::configured EAP-Identity carol::YES carol::cat /var/log/daemon.log::added EAP secret for carol moon.strongswan.org::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES -moon::cat /var/log/daemon.log::received EAP identity.*carol::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES +moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf index c132b9ab83..cd5100af28 100755 --- a/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-prompt/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat index 2ee440cdb5..73f606be3f 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/evaltest.dat @@ -1,10 +1,12 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES -moon::cat /var/log/daemon.log::received EAP identity .*carol::YES +moon:: cat /var/log/daemon.log::received EAP identity .*carol::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf index 11ff844003..9d14d442a1 100755 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat index 5e8dce9cf5..525d987af9 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-radius/evaltest.dat @@ -1,11 +1,11 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf index 4a885babc9..41e719bc5d 100755 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat index fadcdc6355..dd67704eb7 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-md5-rsa/evaltest.dat @@ -1,8 +1,10 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf index 28d52b9eb8..7b6852ec41 100755 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat index 5b632bfe8a..eafd09b80c 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/evaltest.dat @@ -1,10 +1,12 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES -moon::cat /var/log/daemon.log::received EAP identity.*carol::YES -moon::cat /var/log/daemon.log::authentication of .*PH_IP_CAROL.* with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::received EAP identity.*carol::YES +moon:: cat /var/log/daemon.log::authentication of .*PH_IP_CAROL.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf index a4a45f06c2..79fe4220ba 100755 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat index 0908e1c97e..871d3b9314 100644 --- a/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-md5/evaltest.dat @@ -3,17 +3,21 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap\[1]: ESTABLISHED.*CN=moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap\[2]: ESTABLISHED.*CN=moon.strongswan.org.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*CN=moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*CN=moon.strongswan.org::NO +moon:: ipsec status 2> /dev/null::rw-eap[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-eap[{]2}.*INSTALLED::NO +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf index 2f8b9dfda1..6fa85acfe3 100755 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf index 3a29329d53..ab85844067 100755 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf index 129486c053..ca35f18d98 100755 --- a/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat index 8743b9643b..643b2c39d1 100644 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MSCHAPV2 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MSCHAPV2 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_PEAP phase2 authentication of 'carol@strongswan.org' with EAP_MSCHAPV2 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf index 2f8b9dfda1..6fa85acfe3 100755 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf index 3a29329d53..ab85844067 100755 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf index 129486c053..ca35f18d98 100755 --- a/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat index 39a24f15e2..81244bd85c 100644 --- a/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-peap-radius/evaltest.dat @@ -3,19 +3,17 @@ carol::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_PEAP succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES -dave::cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +dave:: cat /var/log/daemon.log::server requested EAP_PEAP authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_PEAP failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf index fc8f846387..547f5d4f5c 100755 --- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat index 4305a14003..7f1def4a5e 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/evaltest.dat @@ -1,12 +1,12 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::received EAP identity .*228060123456001::YES +moon:: cat /var/log/daemon.log::received EAP identity .*228060123456001::YES carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf index d3a99fe417..c93f49a99e 100755 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/ipsec.conf @@ -12,7 +12,6 @@ conn %default conn home left=PH_IP_CAROL - leftnexthop=%direct leftid=carol@strongswan.org leftfirewall=yes leftauth=eap diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf index a86bb3d73d..efd1a2167b 100755 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat index 852d424afe..f2654766a4 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/evaltest.dat @@ -1,15 +1,15 @@ carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -dave::ipsec statusall::home.*ESTABLISHED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf index 11b9f0d71c..6940dce0bc 100755 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/ipsec.conf @@ -17,5 +17,6 @@ conn home leftauth=eap right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=any rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf index e3f4694bd1..4b8a7d339d 100755 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat index b4d66adc66..8e12c29d04 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-radius/evaltest.dat @@ -1,15 +1,15 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_SIM authentication::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -dave::ipsec statusall::home.*ESTABLISHED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_SIM failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf index 4f0d40b3e4..2f456415d3 100755 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/ipsec.conf @@ -9,13 +9,14 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_CAROL leftid=carol@strongswan.org + leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf index 511eb61720..4583aec0d7 100755 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/ipsec.conf @@ -9,13 +9,14 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=eap conn home left=PH_IP_DAVE leftid=dave@strongswan.org + leftauth=eap leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf index 825994278f..049042edb2 100755 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default @@ -13,13 +12,14 @@ conn %default conn rw-eap authby=rsasig - eap=radius left=PH_IP_MOON leftsubnet=10.1.0.0/16 leftid=@moon.strongswan.org + leftauth=pubkey leftcert=moonCert.pem leftfirewall=yes rightid=*@strongswan.org + rightauth=eap-radius rightsendcert=never right=%any auto=add diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat index 53c7e71ce4..ade9306cfc 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-sim-rsa/evaltest.dat @@ -1,10 +1,10 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap-sim.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap-sim.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap-sim.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +carol:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf index ea62749bea..ed928e5e88 100755 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat index f4d5340519..4db0a30b44 100644 --- a/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-fragments/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=moon.d.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=strongSwan Project, CN=carol@d.strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf index 889a47d80d..1d228b0f12 100755 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=strongSwan Project, CN=moon.d.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf index 9f979e17b4..3993751a0c 100755 --- a/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no charondebug="tls 2" diff --git a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat index 1e9bdb2afb..96417facee 100644 --- a/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-only/evaltest.dat @@ -1,9 +1,9 @@ carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf index 3aeab002f7..885f5282f9 100755 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf @@ -17,6 +17,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf index 430211020f..839dcda008 100755 --- a/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat index f0a6740635..21190669ed 100644 --- a/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-tls-radius/evaltest.dat @@ -1,11 +1,9 @@ carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with RSA signature successful::YES carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - - diff --git a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf index be907f8390..cfacd2b6b3 100755 --- a/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat index 9586fe558f..941bb29853 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-only/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf index 967598643b..68ae1faecc 100755 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf index ad1255212d..bccf111e9c 100755 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf index d37848bacc..947edae4e7 100755 --- a/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no charondebug="tls 2" diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat index 9586fe558f..941bb29853 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES -dave::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES +dave:: cat /var/log/daemon.log::allow mutual EAP-only authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@stronswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf index 967598643b..68ae1faecc 100755 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/carol/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf index ad1255212d..bccf111e9c 100755 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/dave/etc/ipsec.conf @@ -18,6 +18,7 @@ conn home leftfirewall=yes right=PH_IP_MOON rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightauth=any rightsubnet=10.1.0.0/16 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf index d37848bacc..947edae4e7 100755 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no charondebug="tls 2" diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat index 2c0f651598..ff08ae7921 100644 --- a/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat +++ b/testing/tests/ikev2/rw-eap-ttls-radius/evaltest.dat @@ -3,17 +3,17 @@ carol::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES -dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES -dave::cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES -dave::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES -dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES -moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES -moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::NO +dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +dave:: cat /var/log/daemon.log::server requested EAP_TTLS authentication::YES +dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES +dave:: cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon:: cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*dave@strongswan.org::NO +carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED::NO carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf index fc8f846387..547f5d4f5c 100755 --- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat index fe2a8d0632..c52036028c 100644 --- a/testing/tests/ikev2/rw-hash-and-url/evaltest.dat +++ b/testing/tests/ikev2/rw-hash-and-url/evaltest.dat @@ -1,14 +1,18 @@ -moon::cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES -moon::cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES carol::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES -dave::cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +dave:: cat /var/log/daemon.log::fetched certificate.*moon.strongswan.org::YES +moon:: cat /var/log/daemon.log::fetched certificate.*carol@strongswan.org::YES +moon:: cat /var/log/daemon.log::fetched certificate.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf index 77046eb7d7..23df618de4 100755 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf index febaf9be23..5caa200def 100755 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf index cbc60000a5..5e4c833744 100755 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no ca strongswan diff --git a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat index c248a508ab..4a93dc921b 100644 --- a/testing/tests/ikev2/rw-mark-in-out/evaltest.dat +++ b/testing/tests/ikev2/rw-mark-in-out/evaltest.dat @@ -1,9 +1,9 @@ -alice::ipsec statusall::home.*INSTALLED::YES -venus::ipsec statusall::home.*INSTALLED::YES -sun::ipsec statusall::alice.*ESTABLISHED.*alice@strongswan.org::YES -sun::ipsec statusall::venus.*ESTABLISHED.*venus.strongswan.org::YES -sun::ipsec statusall::alice.*10.2.0.0/16 === 10.1.0.0/25::YES -sun::ipsec statusall::venus.*10.2.0.0/16 === 10.1.0.0/25::YES +alice::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +venus::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +sun:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES +sun:: ipsec statusall 2> /dev/null::alice.*10.2.0.0/16 === 10.1.0.0/25::YES +sun:: ipsec statusall 2>::venus.*10.2.0.0/16 === 10.1.0.0/25::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES moon::tcpdump::IP alice.strongswan.org > sun.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf index dd0240b078..6d3392c30c 100755 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf index 5fa211c2a7..b76b9c38ae 100755 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no charondebug="knl 2" diff --git a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf index 4af93df8d3..2df4842044 100755 --- a/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-pkcs8/evaltest.dat b/testing/tests/ikev2/rw-pkcs8/evaltest.dat index 06a0f8cdad..b545c2289b 100644 --- a/testing/tests/ikev2/rw-pkcs8/evaltest.dat +++ b/testing/tests/ikev2/rw-pkcs8/evaltest.dat @@ -1,10 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf index bcdb8641bb..d0e7ae27fa 100755 --- a/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf index ea8bc92a7c..d917f6d5d8 100755 --- a/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf index 274521386a..00a5220697 100755 --- a/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-fqdn/description.txt b/testing/tests/ikev2/rw-psk-fqdn/description.txt index d4a7c38786..47f6968ae7 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/description.txt +++ b/testing/tests/ikev2/rw-psk-fqdn/description.txt @@ -1,6 +1,6 @@ The roadwarriors carol and dave set up a connection each to gateway moon. The authentication is based on distinct pre-shared keys -and fully qualified domain names. Upon the successful establishment of the IPsec tunnels, +and Fully Qualified Domain Names. Upon the successful establishment of the IPsec tunnels, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both carol and dave ping the client alice behind the gateway moon. diff --git a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat index 06a0f8cdad..683173c302 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-fqdn/evaltest.dat @@ -1,8 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index 882ea04a5e..0d4d27fbdb 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf index 1af9be7f7d..15781129b0 100755 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index 882ea04a5e..0d4d27fbdb 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index 882ea04a5e..0d4d27fbdb 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/description.txt b/testing/tests/ikev2/rw-psk-ipv4/description.txt index 4eb66c5404..b4aaa6a6a7 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/description.txt +++ b/testing/tests/ikev2/rw-psk-ipv4/description.txt @@ -1,6 +1,6 @@ The roadwarriors carol and dave set up a connection each to gateway moon. The authentication is based on distinct pre-shared keys -and IPv4 addresses. Upon the successful establishment of the IPsec tunnels, +and IPv4 addresses. Upon the successful establishment of the IPsec tunnels, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test both tunnel and firewall, both carol and dave ping the client alice behind the gateway moon. diff --git a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat index 06a0f8cdad..1ad36fcaf9 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-ipv4/evaltest.dat @@ -1,8 +1,13 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*\[192.168.0.1]::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*\[192.168.0.1]::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index 882ea04a5e..0d4d27fbdb 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf index bdd50899ab..6828894af6 100755 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index 882ea04a5e..0d4d27fbdb 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index 882ea04a5e..0d4d27fbdb 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 gmp random hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat index 06a0f8cdad..b545c2289b 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-no-idr/evaltest.dat @@ -1,10 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf index 2397d6d6da..72ee8d97b3 100755 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat index 236684c576..51e8687609 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat @@ -1,15 +1,14 @@ -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-shared key::YES -moon::ipsec statusall::rw-psk.*INSTALLED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES -moon::ipsec statusall::rw-rsasig.*INSTALLED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES +moon:: cat /var/log/daemon.log::authentication of 'PH_IP_MOON' (myself) with pre-shared key::YES +moon:: ipsec status 2> /dev/null::rw-psk.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*\[192.168.0.1]::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES +moon:: ipsec status 2> /dev/null::rw-rsasig.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf index e533b4b4ee..d917f6d5d8 100755 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no - crlcheckinterval=180 plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf index 004993d94a..e8c3b45fa8 100755 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat index 0e5bd03db2..9a1ab3f8f4 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat +++ b/testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat @@ -1,11 +1,16 @@ -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES -moon::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with pre-shared key successful::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with pre-shared key successful::YES +moon:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' (myself) with RSA signature successful::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf index da59dfdae8..aa7ae6d6f9 100755 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -11,14 +9,15 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=secret conn home left=PH_IP_CAROL leftsourceip=%config leftid=carol@strongswan.org + leftauth=psk leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf index f09d46c5bf..f273a0088a 100755 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default @@ -11,14 +9,15 @@ conn %default rekeymargin=3m keyingtries=1 keyexchange=ikev2 - authby=secret conn home left=PH_IP_DAVE leftsourceip=%config leftid=dave@strongswan.org + leftauth=psk leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org + rightauth=pubkey rightsubnet=10.1.0.0/16 auto=add diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf index fb4b9ed3a4..f6df621a16 100755 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf @@ -14,9 +14,11 @@ conn rw left=PH_IP_MOON leftcert=moonCert.pem leftid=@moon.strongswan.org + leftauth=pubkey leftsubnet=10.1.0.0/16 leftfirewall=yes right=%any + rightauth=psk rightsourceip=10.3.0.0/28 rightsendcert=never auto=add diff --git a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat index d23d6360bc..5c453f8b48 100644 --- a/testing/tests/ikev2/rw-radius-accounting/evaltest.dat +++ b/testing/tests/ikev2/rw-radius-accounting/evaltest.dat @@ -1,15 +1,14 @@ carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with RSA signature successful::YES -moon::cat /var/log/daemon.log::received EAP identity .*carol::YES +moon:: cat /var/log/daemon.log::received EAP identity .*carol::YES carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES carol::cat /var/log/daemon.log::authentication of .*moon.strongswan.org.* with EAP successful::YES -moon::cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES -moon::ipsec statusall::rw-eap.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::authentication of .*carol@strongswan.org.* with EAP successful::YES +moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 5 -s 1392 PH_IP_ALICE::1400 bytes from PH_IP_ALICE::YES -carol::ipsec down home::no output expected::NO +carol::ipsec down home 2> /dev/null::no output expected::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES alice::cat /var/log/radius/radacct/10.1.0.1/*::User-Name =.*carol::YES alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Output-Octets = 7100::YES alice::cat /var/log/radius/radacct/10.1.0.1/*::Acct-Input-Octets = 7100::YES - diff --git a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf index 11ff844003..9d14d442a1 100755 --- a/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-whitelist/evaltest.dat b/testing/tests/ikev2/rw-whitelist/evaltest.dat index 733cfd8446..d6f71d7c01 100644 --- a/testing/tests/ikev2/rw-whitelist/evaltest.dat +++ b/testing/tests/ikev2/rw-whitelist/evaltest.dat @@ -1,14 +1,14 @@ -moon::cat /var/log/daemon.log::whitelist functionality was already enabled::YES -moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES -moon::cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES -carol::ipsec status::home.*INSTALLED::YES +moon:: cat /var/log/daemon.log::whitelist functionality was already enabled::YES +moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with RSA signature successful::YES +moon:: cat /var/log/daemon.log::peer identity 'dave@strongswan.org' not whitelisted::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES -dave::ipsec status::home.*INSTALLED::NO -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO -moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::NO +dave:: cat /var/log/daemon.log:: received AUTHENTICATION_FAILED notify error::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED::NO +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO diff --git a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf index a19f6cfaeb..5aa16a8c3a 100755 --- a/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf index 1a89f4e5d6..29fd9a4e8a 100755 --- a/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf index 0b4cded6c1..d6657cd9a9 100755 --- a/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/shunt-policies/evaltest.dat b/testing/tests/ikev2/shunt-policies/evaltest.dat index 2f6e1a91f5..f40437e3e3 100644 --- a/testing/tests/ikev2/shunt-policies/evaltest.dat +++ b/testing/tests/ikev2/shunt-policies/evaltest.dat @@ -1,16 +1,16 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon::ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -bob::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES venus::ssh PH_IP_BOB hostname::bob::YES -bob::ssh PH_IP_VENUS hostname::venus::YES +bob:: ssh PH_IP_VENUS hostname::venus::YES diff --git a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf index a4958f295e..f87bfa8e58 100755 --- a/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/shunt-policies/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf index c3b36fb7c0..f952be18bb 100755 --- a/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/shunt-policies/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/strong-keys-certs/evaltest.dat b/testing/tests/ikev2/strong-keys-certs/evaltest.dat index 06a0f8cdad..b545c2289b 100644 --- a/testing/tests/ikev2/strong-keys-certs/evaltest.dat +++ b/testing/tests/ikev2/strong-keys-certs/evaltest.dat @@ -1,10 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf index a7b55db240..bba53c1ce1 100755 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf index 080073cd34..a643b353d1 100755 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf index f33f267976..c5a9e7feff 100755 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/two-certs/evaltest.dat b/testing/tests/ikev2/two-certs/evaltest.dat index d32e326601..f50e7c30de 100644 --- a/testing/tests/ikev2/two-certs/evaltest.dat +++ b/testing/tests/ikev2/two-certs/evaltest.dat @@ -1,12 +1,11 @@ -moon::cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES -moon::ipsec statusall::alice.*INSTALLED::YES -carol::ipsec statusall::alice.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::using certificate.*OU=Research, CN=carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::cat /var/log/daemon.log::signature validation failed, looking for another key::YES -moon::cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES -moon::ipsec statusall::venus.*INSTALLED::YES -carol::ipsec statusall::venus.*ESTABLISHED::YES +moon:: cat /var/log/daemon.log::signature validation failed, looking for another key::YES +moon:: cat /var/log/daemon.log::using certificate.*OU=Research, SN=002, CN=carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES - diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf index 08b95659fd..77c0219278 100755 --- a/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/ipsec.conf @@ -1,7 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 uniqueids=no strictcrlpolicy=yes plutostart=no diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf index a93ccbc9a8..8399333f94 100755 --- a/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/ipsec.conf @@ -1,9 +1,8 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes uniqueids=no + strictcrlpolicy=yes plutostart=no ca strongswan diff --git a/testing/tests/ikev2/virtual-ip-override/evaltest.dat b/testing/tests/ikev2/virtual-ip-override/evaltest.dat index 34ccb76ca4..cb023b1fcf 100644 --- a/testing/tests/ikev2/virtual-ip-override/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip-override/evaltest.dat @@ -1,13 +1,17 @@ -moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES -carol::ipsec statusall::home.*INSTALLED::YES -dave::ipsec statusall::home.*INSTALLED::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::NO +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::src PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::src PH_IP_DAVE1::YES diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf index c9867c7d4f..81e0202c43 100755 --- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf index 98dd992714..86d1f2e4cb 100755 --- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf index bafd1b155e..e511e5ad0a 100755 --- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip/evaltest.dat b/testing/tests/ikev2/virtual-ip/evaltest.dat index e3c3c7f3c4..dd3143ae77 100644 --- a/testing/tests/ikev2/virtual-ip/evaltest.dat +++ b/testing/tests/ikev2/virtual-ip/evaltest.dat @@ -1,21 +1,25 @@ -moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES -moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES -carol::ipsec statusall::home.*INSTALLED::YES -dave::ipsec statusall::home.*INSTALLED::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES -moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES -moon::cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES +moon:: cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_CAROL1 to peer::YES +moon:: cat /var/log/daemon.log::assigning virtual IP PH_IP_DAVE1 to peer::YES carol::ip addr list dev eth0::PH_IP_CAROL1::YES carol::ip route list table 220::src PH_IP_CAROL1::YES -dave::ip addr list dev eth0::PH_IP_DAVE1::YES -dave::ip route list table 220::src PH_IP_DAVE1::YES +dave:: ip addr list dev eth0::PH_IP_DAVE1::YES +dave:: ip route list table 220::src PH_IP_DAVE1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES -moon::ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_DAVE1::64 bytes from PH_IP_DAVE1: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf index c9867c7d4f..81e0202c43 100755 --- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf index b58ba54603..7a0e64336b 100755 --- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf index fb7abe556a..9f00e5c290 100755 --- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/wildcards/evaltest.dat b/testing/tests/ikev2/wildcards/evaltest.dat index 2bc83eacdc..4789640ecb 100644 --- a/testing/tests/ikev2/wildcards/evaltest.dat +++ b/testing/tests/ikev2/wildcards/evaltest.dat @@ -1,8 +1,8 @@ -carol::ipsec status::alice.*PH_IP_CAROL.*PH_IP_ALICE::YES -moon::ipsec status::alice.*PH_IP_ALICE.*PH_IP_CAROL::YES -carol::ipsec status::venus.*PH_IP_CAROL.*PH_IP_VENUS::NO -moon::ipsec status::venus.*PH_IP_VENUS.*PH_IP_CAROL::NO -dave::ipsec status::venus.*PH_IP_DAVE.*PH_IP_VENUS::YES -moon::ipsec status::venus.*PH_IP_VENUS.*PH_IP_DAVE::YES -dave::ipsec status::alice.*PH_IP_DAVE.*PH_IP_ALICE::NO -moon::ipsec status::alice.*PH_IP_ALICE.*PH_IP_DAVE::NO +carol::ipsec status 2> /dev/null::alice..*PH_IP_CAROL.*PH_IP_ALICE::YES +moon:: ipsec status 2> /dev/null::alice.*PH_IP_ALICE.*PH_IP_CAROL::YES +carol::ipsec status 2> /dev/null::venus.*PH_IP_CAROL.*PH_IP_VENUS::NO +moon:: ipsec status 2> /dev/null::venus.*PH_IP_VENUS.*PH_IP_CAROL::NO +dave:: ipsec status 2> /dev/null::venus.*PH_IP_DAVE.*PH_IP_VENUS::YES +moon:: ipsec status 2> /dev/null::venus.*PH_IP_VENUS.*PH_IP_DAVE::YES +dave:: ipsec status 2> /dev/null::alice.*PH_IP_DAVE.*PH_IP_ALICE::NO +moon:: ipsec status 2> /dev/null::alice.*PH_IP_ALICE.*PH_IP_DAVE::NO diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf index 043160a0fd..e38c7a621b 100755 --- a/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf index a01676be39..bd9fd97d5d 100755 --- a/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf +++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf index 0523d56dd7..53fac3a06e 100755 --- a/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default