From 3910fb371589ffbcb92c173ebbd5167dcb744ba8 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Wed, 10 Jul 2013 20:25:49 +0200 Subject: [PATCH] Added openssl-ikev2/net2net-pkcs12 scenario --- .../net2net-pkcs12/description.txt | 8 +++++++ .../openssl-ikev2/net2net-pkcs12/evaltest.dat | 7 ++++++ .../net2net-pkcs12/hosts/moon/etc/ipsec.conf | 22 ++++++++++++++++++ .../moon/etc/ipsec.d/private/moonCert.p12 | Bin 0 -> 3766 bytes .../hosts/moon/etc/ipsec.secrets | 3 +++ .../hosts/moon/etc/strongswan.conf | 6 +++++ .../net2net-pkcs12/hosts/sun/etc/ipsec.conf | 22 ++++++++++++++++++ .../hosts/sun/etc/ipsec.d/private/sunCert.p12 | Bin 0 -> 3764 bytes .../hosts/sun/etc/ipsec.secrets | 8 +++++++ .../hosts/sun/etc/strongswan.conf | 6 +++++ .../openssl-ikev2/net2net-pkcs12/posttest.dat | 6 +++++ .../openssl-ikev2/net2net-pkcs12/pretest.dat | 7 ++++++ .../openssl-ikev2/net2net-pkcs12/test.conf | 21 +++++++++++++++++ 13 files changed, 116 insertions(+) create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/description.txt create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/posttest.dat create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat create mode 100644 testing/tests/openssl-ikev2/net2net-pkcs12/test.conf diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/description.txt b/testing/tests/openssl-ikev2/net2net-pkcs12/description.txt new file mode 100644 index 0000000000..e66ea1918a --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/description.txt @@ -0,0 +1,8 @@ +A connection between the subnets behind the gateways moon and sun is set up. +The authentication is based on X.509 certificates and an RSA private key stored in +PKCS12 format. +

+Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, client alice behind gateway moon +pings client bob located behind gateway sun. diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat b/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat new file mode 100644 index 0000000000..2b37cad994 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/evaltest.dat @@ -0,0 +1,7 @@ +moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf new file mode 100644 index 0000000000..2d31a19d22 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.d/private/moonCert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d3cca4fd5da2a59b03caff1eb372fee566393916 GIT binary patch literal 3766 zc-mE#byO1$_r?cow4*^#O6h@YbO@tU5D5v9lpNq-AcCWjPLURzh#&)$Zj>4=9nvM> z=oCi2e$V;+-Z=N%bIS~9K}r4WkHia5DJL`H-O1-k%4!47|I zTWBcx^?xE#Oep!@Uu%n)2=Mo;{?`-qHYw%*32GuzC>Tf%c2OM5nf`N0OiT_44kfRf zzO71lzCvR@CVHg5cOA*3bjX>tA@-`i`iJnlgl8FJj=fGBZF%Ge`CQDsNJF37IO97b z)-*F|2l`0TTcfk!B9aL8o$zVI8+@j8n~tF$vu?a>Of)wm=aP3Xfr{y|>OF@u>vgP- z#>;%CVk9oLZd6%tonseEOgoSjw zi)(&xOMu1~M2pG%*v%R(FZ%xI`cMUygh7#78Dbc`$K;X&}r1hpIX0=x#A;)^lA286FkM^%ykqPI2sn&O4 z7^A3u%T}kBjp&o?`jJ zstYK+rstQc29qLPJj>4c_5I7s;jVDGiU(SEev>%dvcPpRQ=P1nYnY1UGNecOZmH=m zhshYdn1DAHf5b|PldrFK>6#sWypx2Rn-dk0Y#~&*u1th|0N><2zAqfOuZ0_QjDEsL zL81SvJJ8BPL)2uoJ!6YnfbPr-?@Zpet$MMON~O*=E@MAr2#q7MR~1vfY^HLf%XZWM z;#Xj`klrJ=JE&`C$3H6M{ygl)BVyb5)V;mi_Pz{jqb#LZ=8uGsroQq_19(V(6`#=4 zM=OTPQBHruPmEebN%VWv3P& z7e5`)vCQ>0H}O3Gddw2u4qtC2lsb^D9I6bu_@qugVoV*|HJN4&_+T+c-3k3VWByq; zyntrFi%R+7~9Fv?6O>~^t%yeLasFnfBo z!(diN-jg29!5;$JEqf1N>544a28lG$TbB|~BSUNm%t8Kza9Fu)2e@44$3j*?ueS6+ zI1Du>IecLE^<|b4R=#A)ggxCXiw@hzAkH*7M7Cy{d4ICvhTlxPBT6?tmLZ)Ez0Pn& ze_z4=`K$N+k)?{346IPDa$~FX9FM98nezI-w4#jihiOD4;S30G=VLX*x>`}u1scq4v{S7&)?eW&u6i*8>A z&anCIO;64fpGw}|@KOLMwBNA*&4Q5!+hI#xY@FFnG)am2|^>z_&A$P2eKcoPTak+B*Prv2naE?xjp%tb4RAx z9Mhd@w^%JeSEpAXB~)0zd36`sJFfpd_AKT;;?(rSE+!_`Cg~1q(OJu=x+epQD97V` z#8L*6p6II=kgIH zlC)j)rI)-*d7Vp?y_1|VhDSD{g}gWf5&_Qo$F=>wBh=nRX}l6{rym5gxQ#BXLmKW? z8Bws=?(bH-KWr3QuUhXotGsXdX-I!;?#a$klKlxU_d}zAkz_Pz6sPf|Y)G$GD$0jN z)%IyNe7aGmJnda!s!lDpk)&$m@d`WDO*fXcEX`kgw8dOcj6I7IifGvJCX(I$sA^cJ zj(d&z^D9%ii?tjCuLB6OuYXxRvtY6rw{{Zzbl=!tkT{pGM=PN?5L&0mu{^|cmqQYs z6A}9zLI51-d3qRDL^H|$n%q1|bB+;f12=;c)pMA|7b+>kntJm?I5o|Wao42MDFXC4 zt+!87x6^ODZXZ}W(6}TCI-Nx;0<8pn9fZVw&w&>gApK%v{zh3$;0faS+%52j2J!}x z(cSVuL57>s*a~IS$POz3d!wdMpAdewJdaD^t-wG&AGt?wrQW*cH`)3s-RN>EVnU@S zXKxs)1oO4ec7YQB?&5`s+fntEN3X!x*dlSe*F8=w_U>_2sbVb_DD|5XT~4_#`+Qwc zvk(Qh4~5;7>%-N+;1rMvpd~={Mv45~57WVi$tPrS6E8w)>M-he{bTU5gcskTp&*O@ zp(BtkFchTu*H-voF>o*nD|&=4>b*qsoR z+CqM;h(DhBI?r}h+irHQZm<@x{$`e28%%;K)lS1|&Pm<~1H$dF@R=Ygfo z5!_Oh#|#Gg(No4dVK^U`MqmB3kG#}JkuG^=(eRD((7O7?6`t8-51FO~q^N3Zs3r>P zU8_A3-dxoB3WOJ!Reg>@*+I-bV}E=*r>t%C=S1N-JsEji)VEFU_pz_iH8I1DZ$$^@ z$t{1mCTUq%KfvM7XS+DN30;6=HI+batEfVCsHI}-u1IK21|4{z3)}PSKnU%Fs zLQ6F)amJ#-hU2uxa}_wwL89R(xI@JBhbWj%QMnoJoq(&7ixx~JS)wqWY$08oZT4Q9 z)jcV(UTV;`%DN#3YZ4===c~AHwnJT}Ms7pxMErZB$6e$;o;~fiYP9HW+I}GvPtS7I zUyks+?U_9a{>U_mPwH21HIVyLAgPz3)81J)Bh3Nv9Ps9+&F9klG#UBF2Bw9B=C0Ul(#PYuxEX-fu{UERB#uFEG+?mn>Bs?Q)Gp4&KY)6aSIz_FnA>wJ~Bbv2k z{_~&;dtN^d9t~0U}EIe?dJ~rDbU3P?v_O)?_o%Wo!ep3 z?3D=W_*^n2&d=TF!q@|5S^y&0aWnwmq6k6<|x zWyw#2%3OtV^AimCFCcglTAGdO+7)#48QCD+m!-94#U}Pre(~UUl`cQE-Oghp<2uV- z7<$FE4zGPhD8p4j8^_>yMHjv(_n-1o! zBh8Dnr&Op5tyqC&BLpi@Zj%Yq{TNwrBUysAydcU;cHCDq*ECi`to<7Y5hh7R43YLJ zME2)J0^k+3KO-gtbR^evp1rKLly3ZVX!sOj)&d8)9;22Xu#PXXkFqMUA;kiI8#dSt z#7J!o!@p(fa9p-^Hj%_l@wVeass~SFO?-wFOVq7KeE6%8L0m0Sn4P9_smY*1 z4N%p5QJK4%03hT2F5SwXy%Y@#JUvQ5S1&1X U@YO^hx$Au)qbO4o*?;QuU$*QPH~;_u literal 0 Hc-jL100001 diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets new file mode 100644 index 0000000000..802cfc681f --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: P12 moonCert.p12 "kUqd8O7mzbjXNJKQ" diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf new file mode 100644 index 0000000000..2074a4d8f0 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl pem nonce revocation openssl stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf new file mode 100644 index 0000000000..06bfa038b5 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.d/private/sunCert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..1a9e2aa0159c3478c91fc19636c67b392434fc25 GIT binary patch literal 3764 zc-mE#XEYlQ+lL9UV%4e|RY8>$NsU^ysZCLP)v8gec8w5fuUN5b)7GX$wQ6s*#jL$z z)`(f2{?B>eXMDKNeeUab?ytXdK@pVI0DJ-{g3_Cals8;C{EPyh7(Wj|`I-c0X9A6nVH=dz;yK~cZ#C#nq#%qvg@4}}%I z#5kAvB|497ij0vOE+lF^)~#Ke`0?W5H+JneyDx)#{f{iw`!-(kL$apJH4rwege%RO!J5V#Uj133>_BuzgQBR-MtqbIcbyijZ=Oli%UL`-F!uND3l`U{r#wO zw4l%68!l^Kgut+K=?&27OZ|81T3@HrnwJ%-+@HMf0rEOaTRAZ)*w0&gG)K0v#( z&TaXStBzReMUBA9_q%apj#WJ@ZlVs5ZPy91YPCCb*CR+u`~Eq!IP zspYA0x~mhhtS+DTCwT1z2}L_{5n2Ri*toN9yF@VaS_^QpHzeS z?gkmRZ4x_D4z0QCsYp{hPoF4lIDfo2liw;33~?xBYva_W2oW+k90!aU$l<$-!9Og{ z6egQ+PT#$Zch;-nB;#%U7(}%;LW7o(J{vVQ zN&@o-cB^snzg-T)OjuM<6V5orvREY*||aGlrpGx4uI$?h+`GINHTeZo$pq|6WK zcJ+3UZHRLVW+sq-FD%4{yb|FGQ#oYvOBR)|eUT}i)3|%097h#x!*JXb7=$FKJpP3{ zXJzZ)Tj(vTJh?{(f%M(#ll$@iIXWKjlaKEl!`<~UUWO4{mt9v&kEqKuJ}?x%>cpF7 z<5y%M&RBw%qV%>`w4^HQglE>}a~-bK3)nP%vL@(dFCexdLW-Y@XMf>wQd{_@&2_}d zo8-ySK86trGujmkEHuC*@YGhW5wyPhahvVCN=sm^hY!2kDkVD#Lyvl;PolyFE;ASs z3eA%_IV1*K*k{rP?X`j&0&C$;mUE36ovE}n@-)38o)d9X>WkW9D`u%B*}v))ESuUP z_KhYQofa~mhMp}_UkUPj@Jdkf>hGV3HQ>(zitSENHNfOxASY%NCVFbtI<`VH`Qe|I zT;!m*y4?HnCirZgT!_Qm7U#EQGmH?^9$iq{XqCld)hAMx!d%K{-I;LN5T5 zuFDZJ=Jzo@pX+Hdm$lxwT~zd&u8hriqpQ3>W$tC`z+K~_<(J(~{PuTs)-JOLTv?sE zczW;yedOs&L^~rMD)6?S*^Mv*={xcyP{%W@L!}$Md-*mcZ&R$QSK+^ zycvBT{NZ#Yd)oM0)_Onj#xj*;)Z^QDZMKFRhI@Zl#BC1~B_n}o&b8&ZYSYGgvB{I= znB0-PN09Lp?m}n)cd?U*!(g{GmpBfpDz77xgyJaiF|9UU)nN*mbj>dX-{AKgetc3e zKlCVp+_T=lh|HlHpz*ZE3yX}oD-Ne$!o&M&Mon6Q`WjLM(9BSiscMUW9n|1&I4A1c z`6S*jT%?S5+1K>%WU(~P!gYs&uV{{|AnpaL&onlRWs;97w3%B?Xu0l(snW#Q_h@V1 zzKUy_V$@P~Uiq8>e3j`ThNWN>>;CqRB4_V)jmAzUN-XNb??Xa+uqR2|MdQx^@2|v&jF?qOGqDv8Z&06MNU)&v0aiEjdV2K zWIktpE-}0^pNiHGi(ZlVxcRd_Oju3aiejnh?c>s_pG$dWZxuISiSY^j9Zwpik$Io5 zCY4^kig13l9!OZBly126#NT6gEdTl`QjJX7;Q6~N+|Q8%uK|1Tw^kvaPD9I8oB~5dzsb5vZA&=&g6~Jr3{0@{>|FJ;n@2@lt!5|=YlbRxqh}Yz zosQkB?!R3Q{9T0_G*4V;(;Dr&=#p5v7PKD~{&jR%9=DvWlPD{nCAK@m`8CF4@t4LTMRD{X zS3Vt^C~l)mW_wOL1Dp3X5!V_ub{4@@HqCUq*S`{%kzz@MplAx!nN;gFkMmY20%-U@ zb_7%*L;w~4V%fj*j0p7q+Czp9$U_kBLlK17|FI#0e{4vBbvR2w%M0<34G|&;dj}kn z`epA1q2#cAL7~%?4$8|;%$q4|6t=-XO^p`ZRpq^i5Wjh;Q7=0|N2fTdHeq%NRK9+> zmxo(Fv$+xn#PD8?jzx0U?-66~s>`YO!r533yNdc^c%)`s?0#&Nhn#P_QT}lm+iCC! zg4Vr1C~3UFW{g-PLTegx@125&OIKG>!0CHxN?*7`uY&H@1`agqeYM7{nMlXC;kxK! zGkUok0UalImga~|pD3g05i6(to-@`xmnHRU(D(VBwgU7x9Swh< z9pbURXw}a>(R}Nojy-j(TLs6^)P_6r!ZTdzRtP7$OD}n zQk(FB3xJkRvO7ztT0`?;Z{xGP5BZd2C1(^RBHKK+LvEVHSDD$Ea@1x#3cFh{;|s@p zh>K)S+CS**ooHGWYAcy@7tr}b*q9c{iEX!NxR(cy-4yFI#L|*Wsw}v($9$GIYWXh5$b36JdxFV zck$timkJOZN7zm!KHqsE^%t7s11@s!jd=}wFoU#eME!vn=AAu*et8zZW3zz?laP;y z1qRM>T|4Tk!z zaZs}4gRFcgNU)1FE~cNUey1VB_6^|CQ&qF3j+e6cq^#4FXgaA_HEdYV0G2h^-B=sb zHrOAQX9(oQi-|*7txa$E??l?`wHG_Tz^Enmr%h|q^mX?{q$?!RR`a>)AG}q9yh|$z z$4XL`n1K(wd|KorC`iIKpILOfIH&8-tI>ppV9Wh!y;zUVQ08MxxTd$Y==CYih;lkv z3MsK5ofcA!uY+fxD%eEdWjK3U2;G$iQZi(yaPZtDV5lI^M7rKmm29>~lYa-<6ZAvS zUV%-(%FXOPQwLLxPu?-=!}(hN4}WD{v=j@#A?!zsOoukZ%_kCI%9})b#~5p|!;x}= zw#TY1DKU2~UA;9d#CgR=v+j`b!JtAsEMz^VL;VCn+8|)Xtj_v=-lpdZLQpzGY)|e0 zB~N;%s91Q8md*JUYB^yFTCnaIyB1>D#^fZ@hjUE{m5Wlbo&QrFLg}Jr^Zf-$FrdX= z)$vC&dT4hJg%0J5N5&1O{On^@nX{L&z#bPFPowGRmj4(=J8(ob%ULSE?Jh#*I&oiQ zB=3J-EL*#exgQaNPb*A4Y)}Pm-=$PwFSr)bb%~Pk2T$f(?mMRyS@9m)$@EKw&_$W)ganx7Rs0O zz4VplH48WKZ7b6X$7H*<-Sb_wO5Y8bB$WQ&?MO-oBe_q6=Yi*i=K|&U52lAP5Yj0? z+^u?w+Wkj<6T1kR>f5wTN(Mk-P*5z=iv{QQRO@;m_gi?!I>IoD8a UEq<4fB%ZmyUuX|(_D^~K3t=!dQUCw| literal 0 Hc-jL100001 diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets new file mode 100644 index 0000000000..3dc85528c3 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/ipsec.secrets @@ -0,0 +1,8 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: P12 sunCert.p12 "IxjQVCF3JGI+MoPi" + + + + + diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf new file mode 100644 index 0000000000..2074a4d8f0 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl pem nonce revocation openssl stroke kernel-netlink socket-default updown + multiple_authentication = no +} diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/posttest.dat b/testing/tests/openssl-ikev2/net2net-pkcs12/posttest.dat new file mode 100644 index 0000000000..0fbba487c4 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +sun::ipsec stop +moon::iptables-restore < /etc/iptables.flush +sun::iptables-restore < /etc/iptables.flush +moon::rm /etc/ipsec.d/private/moonCert.p12 +sun::rm /etc/ipsec.d/private/sunCert.p12 diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat b/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat new file mode 100644 index 0000000000..4a6f0db6bc --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/pretest.dat @@ -0,0 +1,7 @@ +moon::rm /etc/ipsec.d/private/moonKey.pem +moon::iptables-restore < /etc/iptables.rules +sun::iptables-restore < /etc/iptables.rules +moon::ipsec start +sun::ipsec start +moon::sleep 1 +moon::ipsec up net-net diff --git a/testing/tests/openssl-ikev2/net2net-pkcs12/test.conf b/testing/tests/openssl-ikev2/net2net-pkcs12/test.conf new file mode 100644 index 0000000000..646b8b3e64 --- /dev/null +++ b/testing/tests/openssl-ikev2/net2net-pkcs12/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# guest instances used for this test + +# All guest instances that are required for this test +# +VIRTHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# Guest instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# Guest instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" -- 2.47.3