From 8603d1d76c531ebc60dbaa9638765563d994fd17 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Wed, 9 Dec 2009 15:41:54 +0100 Subject: [PATCH] adapted ikev1 alg and esp scenarios --- testing/tests/ikev1/alg-blowfish/description.txt | 2 +- testing/tests/ikev1/alg-blowfish/evaltest.dat | 9 +++++---- .../tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf | 2 +- .../tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf | 2 +- testing/tests/ikev1/alg-blowfish/pretest.dat | 1 + testing/tests/ikev1/alg-blowfish/test.conf | 2 +- testing/tests/ikev1/alg-sha256/description.txt | 4 ++-- testing/tests/ikev1/alg-sha256/evaltest.dat | 9 +++++---- .../tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf | 4 ++-- testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf | 4 ++-- testing/tests/ikev1/alg-sha256/test.conf | 2 +- testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat | 4 +++- testing/tests/ikev1/esp-alg-aes-ccm/test.conf | 2 +- testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat | 4 +++- testing/tests/ikev1/esp-alg-aes-ctr/test.conf | 2 +- testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat | 4 +++- testing/tests/ikev1/esp-alg-aes-gcm/test.conf | 2 +- testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat | 5 +++-- testing/tests/ikev1/esp-alg-aesxcbc/test.conf | 2 +- testing/tests/ikev1/esp-alg-camellia/description.txt | 2 +- testing/tests/ikev1/esp-alg-camellia/evaltest.dat | 9 +++++---- .../ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf | 4 ++-- .../ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf | 4 ++-- testing/tests/ikev1/esp-alg-camellia/pretest.dat | 1 + testing/tests/ikev1/esp-alg-camellia/test.conf | 2 +- testing/tests/ikev1/esp-alg-des/evaltest.dat | 5 +++-- testing/tests/ikev1/esp-alg-null/evaltest.dat | 4 +++- testing/tests/ikev1/esp-alg-null/test.conf | 2 +- 28 files changed, 57 insertions(+), 42 deletions(-) diff --git a/testing/tests/ikev1/alg-blowfish/description.txt b/testing/tests/ikev1/alg-blowfish/description.txt index 7d8f245ab9..7b14287f75 100644 --- a/testing/tests/ikev1/alg-blowfish/description.txt +++ b/testing/tests/ikev1/alg-blowfish/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the strong cipher suite BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096 for the IKE protocol and -BLOWFISH_CBC_256 / HMAC_SHA2_256 for ESP packets. A ping from carol to +BLOWFISH_CBC_256 / HMAC_SHA2_512 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat index fd46cdb9de..4ea613d3d7 100644 --- a/testing/tests/ikev1/alg-blowfish/evaltest.dat +++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat @@ -2,9 +2,10 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES +moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES carol::ip xfrm state::enc cbc(blowfish)::YES moon::ip xfrm state::enc cbc(blowfish)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf index 175349c411..3517077f9b 100755 --- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=blowfish256-sha2_512-modp4096! - esp=blowfish256-sha2_256! + esp=blowfish256-sha2_512! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf index 89dbee0af8..1b4cca2221 100755 --- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf @@ -12,7 +12,7 @@ conn %default rekeymargin=3m keyingtries=1 ike=blowfish256-sha2_512-modp4096! - esp=blowfish256-sha2_256! + esp=blowfish256-sha2_512! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/alg-blowfish/pretest.dat b/testing/tests/ikev1/alg-blowfish/pretest.dat index 6d2eeb5f9f..5e1e80e1df 100644 --- a/testing/tests/ikev1/alg-blowfish/pretest.dat +++ b/testing/tests/ikev1/alg-blowfish/pretest.dat @@ -3,3 +3,4 @@ carol::ipsec start moon::ipsec start carol::sleep 2 carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev1/alg-blowfish/test.conf b/testing/tests/ikev1/alg-blowfish/test.conf index a6c8f026c5..fd33cfb573 100644 --- a/testing/tests/ikev1/alg-blowfish/test.conf +++ b/testing/tests/ikev1/alg-blowfish/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/alg-sha256/description.txt b/testing/tests/ikev1/alg-sha256/description.txt index e0af2e2f7d..6281019214 100644 --- a/testing/tests/ikev1/alg-sha256/description.txt +++ b/testing/tests/ikev1/alg-sha256/description.txt @@ -1,4 +1,4 @@ -Roadwarrior carol proposes to gateway moon the rather strong cipher suite -AES_CBC_128 / HMAC_SHA2_256 / MODP_1536 for the IKE protocol and +Roadwarrior carol proposes to gateway moon the cipher suite +AES_CBC_128 / HMAC_SHA2_256 / MODP_2048 for the IKE protocol and AES_CBC_128 / HMAC_SHA2_256 for ESP packets. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat index b8a83e0fb2..00fcb88624 100644 --- a/testing/tests/ikev1/alg-sha256/evaltest.dat +++ b/testing/tests/ikev1/alg-sha256/evaltest.dat @@ -1,11 +1,12 @@ - carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES -moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_1536::YES +carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES +moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES carol::ip xfrm state::auth hmac(sha256)::YES moon::ip xfrm state::auth hmac(sha256)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf index 0c5980ed3e..0e1db6fbe0 100755 --- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes128-sha2_256-modp1536! - esp=aes128-sha2_256! + ike=aes128-sha256-modp2048! + esp=aes128-sha256! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf index 1770e53133..584ffda19e 100755 --- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes128-sha2_256-modp1536! - esp=aes128-sha2_256! + ike=aes128-sha256-modp2048! + esp=aes128-sha256! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/alg-sha256/test.conf b/testing/tests/ikev1/alg-sha256/test.conf index a6c8f026c5..fd33cfb573 100644 --- a/testing/tests/ikev1/alg-sha256/test.conf +++ b/testing/tests/ikev1/alg-sha256/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat index 27a5207a12..14d5769099 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat @@ -1,5 +1,7 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_CCM_12_128::YES carol::ipsec statusall::AES_CCM_12_128::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/test.conf b/testing/tests/ikev1/esp-alg-aes-ccm/test.conf index 2b240d8953..acb73b06fe 100644 --- a/testing/tests/ikev1/esp-alg-aes-ccm/test.conf +++ b/testing/tests/ikev1/esp-alg-aes-ccm/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat index 6f1cd4c49b..c7992fbe44 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat @@ -1,7 +1,9 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES carol::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES moon::ip xfrm state::rfc3686(ctr(aes))::YES carol::ip xfrm state::rfc3686(ctr(aes))::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/test.conf b/testing/tests/ikev1/esp-alg-aes-ctr/test.conf index 2b240d8953..acb73b06fe 100644 --- a/testing/tests/ikev1/esp-alg-aes-ctr/test.conf +++ b/testing/tests/ikev1/esp-alg-aes-ctr/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat index d7d4666ed0..e1fbe46539 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat @@ -1,5 +1,7 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::AES_GCM_16_256::YES carol::ipsec statusall::AES_GCM_16_256::YES -carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/test.conf b/testing/tests/ikev1/esp-alg-aes-gcm/test.conf index 2b240d8953..acb73b06fe 100644 --- a/testing/tests/ikev1/esp-alg-aes-gcm/test.conf +++ b/testing/tests/ikev1/esp-alg-aes-gcm/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat index 872962de46..5cee96b08f 100644 --- a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat @@ -1,9 +1,10 @@ - carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES carol::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES moon::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES carol::ip xfrm state::auth xcbc(aes)::YES moon::ip xfrm state::auth xcbc(aes)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/test.conf b/testing/tests/ikev1/esp-alg-aesxcbc/test.conf index a6c8f026c5..fd33cfb573 100644 --- a/testing/tests/ikev1/esp-alg-aesxcbc/test.conf +++ b/testing/tests/ikev1/esp-alg-aesxcbc/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-camellia/description.txt b/testing/tests/ikev1/esp-alg-camellia/description.txt index b679d03ecc..9b0582f2c3 100644 --- a/testing/tests/ikev1/esp-alg-camellia/description.txt +++ b/testing/tests/ikev1/esp-alg-camellia/description.txt @@ -1,4 +1,4 @@ Roadwarrior carol proposes to gateway moon the ESP cipher suite -CAMELLIA_CBC_192 / HMAC_SHA2_256 by defining esp=camellia192-sha2_256 +CAMELLIA_CBC_192 / HMAC_SHA2_384 by defining esp=camellia192-sha384 in ipsec.conf. A ping from carol to alice successfully checks the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat index 1b0f3a12bc..e78c2ef8be 100644 --- a/testing/tests/ikev1/esp-alg-camellia/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-camellia/evaltest.dat @@ -1,8 +1,9 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES -carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES -moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_256::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_384::YES +moon::ipsec statusall::ESP proposal: CAMELLIA_CBC_192/HMAC_SHA2_384::YES carol::ip xfrm state::enc cbc(camellia)::YES moon::ip xfrm state::enc cbc(camellia)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf index 9af94a18eb..6387118c56 100755 --- a/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-camellia/hosts/carol/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes192-sha2_256-modp2048! - esp=camellia192-sha2_256! + ike=aes192-sha384-modp3072! + esp=camellia192-sha384! conn home left=PH_IP_CAROL diff --git a/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf index 3501319a5b..77d867e321 100755 --- a/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev1/esp-alg-camellia/hosts/moon/etc/ipsec.conf @@ -11,8 +11,8 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - ike=aes192-sha2_256-modp2048! - esp=camellia192-sha2_256! + ike=aes192-sha384-modp3072! + esp=camellia192-sha384! conn rw left=PH_IP_MOON diff --git a/testing/tests/ikev1/esp-alg-camellia/pretest.dat b/testing/tests/ikev1/esp-alg-camellia/pretest.dat index 7d077c1260..e096695a3b 100644 --- a/testing/tests/ikev1/esp-alg-camellia/pretest.dat +++ b/testing/tests/ikev1/esp-alg-camellia/pretest.dat @@ -3,3 +3,4 @@ carol::ipsec start moon::ipsec start carol::sleep 2 carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev1/esp-alg-camellia/test.conf b/testing/tests/ikev1/esp-alg-camellia/test.conf index a6c8f026c5..fd33cfb573 100644 --- a/testing/tests/ikev1/esp-alg-camellia/test.conf +++ b/testing/tests/ikev1/esp-alg-camellia/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes diff --git a/testing/tests/ikev1/esp-alg-des/evaltest.dat b/testing/tests/ikev1/esp-alg-des/evaltest.dat index 57d09a4883..8e42707a2e 100644 --- a/testing/tests/ikev1/esp-alg-des/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-des/evaltest.dat @@ -1,8 +1,9 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES moon::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES carol::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES moon::ip xfrm state::enc cbc(des)::YES carol::ip xfrm state::enc cbc(des)::YES -carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES - +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat index 8c748a54c7..a259e6d09b 100644 --- a/testing/tests/ikev1/esp-alg-null/evaltest.dat +++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat @@ -1,7 +1,9 @@ carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES carol::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES moon::ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES -carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES diff --git a/testing/tests/ikev1/esp-alg-null/test.conf b/testing/tests/ikev1/esp-alg-null/test.conf index a6c8f026c5..fd33cfb573 100644 --- a/testing/tests/ikev1/esp-alg-null/test.conf +++ b/testing/tests/ikev1/esp-alg-null/test.conf @@ -13,7 +13,7 @@ DIAGRAM="m-c-w.png" # UML instances on which tcpdump is to be started # -TCPDUMPHOSTS="" +TCPDUMPHOSTS="moon" # UML instances on which IPsec is started # Used for IPsec logging purposes -- 2.47.3