ims-volte-vowifi/strongswan-epdg
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

use EAP identity in tnc/tnccs-20-pdp scenario

Browse source
This commit is contained in:
Andreas Steffen 2013-02-12 20:41:37 +01:00
parent 2a421163bf
commit 7d355f853d
8 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
testing/tests/tnc/tnccs-20-pdp/evaltest.dat
View file

@ -7,9 +7,11 @@ dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::Y
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
dave:: cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES
moon:: cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of 'carol' successful::YES
moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES
moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
moon:: cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES
moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES
moon:: ipsec statusall 2>/dev/null::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
moon:: ipsec statusall 2>/dev/null::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_req=1::YES

4
testing/tests/tnc/tnccs-20-pdp/hosts/alice/etc/ipsec.secrets
View file

@ -2,5 +2,5 @@
: RSA aaaKey.pem
carol@strongswan.org : EAP "Ar3etTnp"
dave@strongswan.org : EAP "W7R0g3do"
carol : EAP "Ar3etTnp"
dave : EAP "W7R0g3do"

2
testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.conf
View file

@ -12,12 +12,12 @@ conn %default
conn home
left=PH_IP_CAROL
leftid=carol@strongswan.org
leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
rightauth=pubkey
eap_identity=carol
aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
auto=add

2
testing/tests/tnc/tnccs-20-pdp/hosts/carol/etc/ipsec.secrets
View file

@ -1,3 +1,3 @@
# /etc/ipsec.secrets - strongSwan IPsec secrets file
carol@strongswan.org : EAP "Ar3etTnp"
carol : EAP "Ar3etTnp"

2
testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.conf
View file

@ -12,12 +12,12 @@ conn %default
conn home
left=PH_IP_DAVE
leftid=dave@strongswan.org
leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
rightauth=pubkey
eap_identity=dave
aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
auto=add

2
testing/tests/tnc/tnccs-20-pdp/hosts/dave/etc/ipsec.secrets
View file

@ -1,3 +1,3 @@
# /etc/ipsec.secrets - strongSwan IPsec secrets file
dave@strongswan.org : EAP "W7R0g3do"
dave : EAP "W7R0g3do"

2
testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/ipsec.conf
View file

@ -28,6 +28,6 @@ conn rw-eap
leftauth=pubkey
leftfirewall=yes
rightauth=eap-radius
rightid=*@strongswan.org
rightsendcert=never
right=%any
eap_identity=%any

2
testing/tests/tnc/tnccs-20-pdp/hosts/moon/etc/strongswan.conf
View file

@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-radius updown
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
plugins {
eap-radius {