From 0a6085b13e7dd5ee79955959e2ecafd7fe9b50bb Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Tue, 18 May 2010 16:52:12 +0200 Subject: [PATCH] updated ikev1/xauth-rsa scenario to xauth plugin --- testing/tests/ikev1/xauth-rsa/description.txt | 4 +++- testing/tests/ikev1/xauth-rsa/evaltest.dat | 2 ++ .../ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets | 2 +- .../ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf | 11 +++++++++++ .../ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets | 2 +- .../ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf | 11 +++++++++++ .../tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf | 2 +- .../ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets | 4 ++-- .../ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf | 11 +++++++++++ 9 files changed, 43 insertions(+), 6 deletions(-) create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf diff --git a/testing/tests/ikev1/xauth-rsa/description.txt b/testing/tests/ikev1/xauth-rsa/description.txt index 0cdaba1c5e..a9b76b6185 100644 --- a/testing/tests/ikev1/xauth-rsa/description.txt +++ b/testing/tests/ikev1/xauth-rsa/description.txt @@ -1,7 +1,9 @@ The roadwarriors carol and dave set up a connection to gateway moon. The authentication is based on RSA signatures (RSASIG) using X.509 certificates followed by extended authentication (XAUTH) of carol and dave -based on user names and passwords. +based on user names equal to the IKEv1 identity (carol@strongswan.org and +dave@strongswan.org, respectively) and corresponding user passwords defined and +stored in ipsec.secrets.

Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically inserts iptables-based firewall rules that let pass the tunneled traffic. diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat index e1dc6b5b05..7860430655 100644 --- a/testing/tests/ikev1/xauth-rsa/evaltest.dat +++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat @@ -1,5 +1,7 @@ carol::cat /var/log/auth.log::extended authentication was successful::YES dave::cat /var/log/auth.log::extended authentication was successful::YES +moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES +moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES moon::cat /var/log/auth.log::extended authentication was successful::YES carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets index 48fd260c1a..4a77c3b97f 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets @@ -2,4 +2,4 @@ : RSA carolKey.pem "nH5ZQEWtku0RJEZ6" -: XAUTH carol "4iChxLT3" +carol@strongswan.org : XAUTH "4iChxLT3" diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf new file mode 100644 index 0000000000..556f76c74f --- /dev/null +++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets index 14f0885017..1c0248b84b 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets @@ -2,4 +2,4 @@ : RSA daveKey.pem -: XAUTH dave "ryftzG4A" +dave@strongswan.org : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf new file mode 100644 index 0000000000..556f76c74f --- /dev/null +++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf index ffbb13ec59..f79a81a6f6 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf @@ -1,7 +1,7 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - plutodebug="control" + plutodebug=control crlcheckinterval=180 strictcrlpolicy=no charonstart=no diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets index 8d41919fcd..1ba66971a8 100644 --- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets @@ -2,6 +2,6 @@ : RSA moonKey.pem -: XAUTH carol "4iChxLT3" +carol@strongswan.org : XAUTH "4iChxLT3" -: XAUTH dave "ryftzG4A" +dave@strongswan.org : XAUTH "ryftzG4A" diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf new file mode 100644 index 0000000000..556f76c74f --- /dev/null +++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} -- 2.47.3