upgraded ikev1 scenarios to 5.0.0
This commit is contained in:
Andreas Steffen
parent
3c475660c5
commit
148b643880
|
|
@ -1,13 +0,0 @@
|
|||
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
|
||||
The authentication is based on <b>X.509 certificates</b> that are valid until
|
||||
the year 2039 and are issued by a certification authority with a root ca
|
||||
certificate valid until the year 2059. On 32-bit platforms, dates after
|
||||
Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type.
|
||||
Thus if a time wrap-around occurs during ASN.1 to time_t conversions,
|
||||
dates contained in the certificates are set to the maximum value,
|
||||
i.e. to Jan 19 03:14:07 UTC 2038.
|
||||
|
||||
Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
|
||||
automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
|
||||
In order to test both tunnel and firewall, <b>carol</b> ping the client <b>alice</b>
|
||||
behind the gateway <b>moon</b>.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
|
||||
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
|
||||
bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
|
||||
NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
|
||||
HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
|
||||
4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
|
||||
2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
|
||||
ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
|
||||
dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
|
||||
sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
|
||||
kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
|
||||
YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
|
||||
qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
|
||||
HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
|
||||
UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
|
||||
xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
|
||||
Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
|
||||
/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
|
||||
Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
|
||||
Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
|
||||
9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
|
||||
9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
|
||||
ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
|
||||
XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
|
||||
e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
|
||||
99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
|
||||
AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
|
||||
YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
|
||||
CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
|
||||
c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
|
||||
ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
|
||||
hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
|
||||
71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
|
||||
/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
|
||||
lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
|
||||
8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
|
||||
RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
|
||||
Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
|
||||
xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
|
||||
PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
|
||||
6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
|
||||
c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
|
||||
MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
|
||||
vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
|
||||
RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
|
||||
uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
|
||||
inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
|
||||
CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
|
||||
8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
|
||||
9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
|
||||
cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
|
||||
d/Fp6btmZH31IEyJrRNVOpCwZPI=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
|
||||
b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG
|
||||
A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
|
||||
bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR
|
||||
yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp
|
||||
dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw
|
||||
BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO
|
||||
FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW
|
||||
kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5
|
||||
mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l
|
||||
cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest
|
||||
2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C
|
||||
uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+
|
||||
t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh
|
||||
fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud
|
||||
DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q
|
||||
xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0
|
||||
cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru
|
||||
S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw
|
||||
NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z
|
||||
dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc
|
||||
CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V
|
||||
oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN
|
||||
OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz
|
||||
cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5
|
||||
mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji
|
||||
kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk
|
||||
idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY
|
||||
n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb
|
||||
G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na
|
||||
FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe
|
||||
q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG
|
||||
zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni
|
||||
8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9
|
||||
+quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0
|
||||
V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f
|
||||
OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN
|
||||
jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR
|
||||
SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu
|
||||
lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb
|
||||
8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It
|
||||
bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKQIBAAKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgRyGVG6HVoA3DU
|
||||
/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mpdYtP53SWASOH
|
||||
BiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkwBebpMLCf2Mi1
|
||||
robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bOFPoBoBOY7v4f
|
||||
uq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DWkk1vTt4jplSg
|
||||
6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5mGabckTMvtI5
|
||||
91UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014lcFg11mzjXGGB
|
||||
FuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest2X0psHe3Aloc
|
||||
UFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9CuezkuM1QEvke
|
||||
v5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+t8GhCKV6B7RT
|
||||
zFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3HhfTZstGECAwEA
|
||||
AQKCAgAmHcjpYm4FXy7Fl72F531pTv69w50OslFCexEUaqCMdojR7TYVs0hwXObT
|
||||
XePSczMaOTjujIXNcz/K0zdCwanMSSMy1THYhRC+DEqK4K0wLifjTad3m7S4PaPI
|
||||
0ocxbKWQBMDl3KdGEJW38KcqR4b1B/h6f4VYo7BQzkSbrxRSHANz63vdJvVWPoMz
|
||||
jxAgykSiAqIDTNGxYp5trUX7ZLLn0cCIJjIwLU56GcPPN33SDVXetUdQ4sCaDdXU
|
||||
8YP8rj0K1VWMYy7SItCZsIqzSEMT+7wC3tvDUDWGyEb1UW9q3cpKBNDAl7KkO3rH
|
||||
UbeMutCK5ydtXMIumzNB704cnuwZ08sdM7BTTMhmu0VK+zjVzhBK+MFcF7pickD3
|
||||
SdNzOiqfgiXLGjsiMFJvJ7OUJczEJl2xIoZ+Otb113ep0An0PEuF6aZMaKPNP7xf
|
||||
ljnengym1Rq+f1mHBRRfool9zmeisnQSSecKo0htm6oRkQTcTwLj0TjiCugbmISf
|
||||
D7sUXWp/QFVdYhHTay1gWUnP1quflKYvEynd0UF0JOnCbpWAczdXf27fm7DVjgLp
|
||||
yZ4QyrCtyvtIITgmZOvkAcaflxe2E+cBN2F+hWGzqMJfoMtw008hRW9DcRji35Kn
|
||||
lCOj/87n8lL3dicDI0caBZO9tQIakh05XYW8xN+sYF9K/xKauQKCAQEA2txDchqB
|
||||
7719R6hBqdNqig2+telNHlN0amPKjqIvP7Tr/JnJx8A7cSasao1Fw0cGPReBT7Tb
|
||||
Z5IW7xvWiZYFMDI8q8ZGEIb+MveYs1gHlEaimMtwoVCNeNe3cEPIL7ffNT8y+xFc
|
||||
o55AjzgKAOHqmf6OidKqRs/B1sSmOrgugsY8KvYtA/JrieVHKrjNX5XqZNqrfsns
|
||||
K4DMcJvIrfBu9iyWenNoBOdEJsP0h3F39Zh2hkEg29eH+/8x6FGlezvSU89Jjs9O
|
||||
/2BdlyS82RbhPu2VIrsmpfoSrsFHRe8t/9yrnpY3ud6w2LP9QIEMd8FpWKGnNxJp
|
||||
AIZJ6u+NoWVlLwKCAQEAxk/7RSSvf6VJvi1gmOxKd79LkYUEiyZryP/M8kQFMqs5
|
||||
pU6BgFLVLZsaXz+1oYS0bEjVGGo5ppCVVUMN6RuFX9zVz9uVZBeiiItqw64UDbt/
|
||||
0u78m9ngvSpWaMQU2nS/kHVhKOY+Gfs0v5fBvZE+wxTfMBR+nbx7uJivpXnq6xMP
|
||||
fhDz6juap/lEK6HuvQN5xXBNL4wpd099lvy3NUuG0Dohb/+gWf3YzQtjs281iMZB
|
||||
G3/gGLcBSdk6PBwXueJ3NPj9FAII73MQNBNYS3zi3IYuulA/rMcvbA+IGeKTzRX5
|
||||
E47B8ZAhJxZ3OePalvZyVEaRHDFT+Y2YCv/G9Bw7bwKCAQBs97oE97m2Gcxkfxui
|
||||
aIblEY7gl7Yz4S1XQzQ46/tGZtgQPqm+cLGn1q+Fpa0UWyp6BFf3zX5oBM6yYlPg
|
||||
0PboVjrq858y32N1EN3QfYXYh4qxNKlxR+AISK8mkDj9uTjDFCJX6v8K3+IY7Lfe
|
||||
VJ0v6xQg/uiUtSA3xFVXaxiNOBIA+ezTyEFOuP9EABsQ+l1ntZApYnPZ/RjNAGNc
|
||||
Zxd4Lh8F/KvPtS2zd2Eqho5Jk41/rrGjg55LE3ZPy0bvIovH+q8PEZytfddbR4lX
|
||||
NRMU98mHL1NA1E+0/rpz0XA/sikonnZEbuHyIzt2gEoq3fuLi4Dr5JivEC2BcaA8
|
||||
uXU1AoIBAQDDxUdfXbTmxQxEctVuga2OA0mdkXwHxlkXZvcyntWmzIOu3g5X2O3c
|
||||
BMcHCoTKu4/Faiz72jmpZggV0IlV+zYyiXaFqNcUpYRtWXx/SkU/vT6VxBmZ3X/Q
|
||||
HpCJAjE365MFD+tnjcv2qBfNoAnBkzYrLVqbQ1AvdVeJxyl2qSGxCPL9V80DCe5G
|
||||
LnwOuuBMtbaro45/BtYUk2N+/2H5eeLPguNphigNTtyMpta412s458Z0WEuo+liK
|
||||
R6kGmBEQDzHxGG/2JYAeqi9vyT0b4GCwpMJSaVBCx6vX+Ik6TIPuLOfjV8W8K7We
|
||||
ub3fZ0FuUEJTUgqEk2m77P0Qtqn4aDp/AoIBAQDXI66F4POHVOPI/j584sSLhW6X
|
||||
j5VzFlmOhpyoourPYXsKyIFrLa/gYAe/wNH/5jg3Ap5DbBVZB87gOkaMz2oV+ZQ/
|
||||
5IWiFmiUxGrCXmWyI6Eqr2DUtSKispLnQ043bFN+HlhfQYTwD9ijqpwpUt/sC+IJ
|
||||
mLIGJs5B3cdcRQuSxh1HpvSJOuItjp0wfcGj3+RPh5cPdjHZW30FHGFomOk//6BO
|
||||
nWdoYUGrN9wXylDOHvlkYaP2Uj5rCWm51ZGaxzJR9S+WkHdNBzyygpGtEXdSAIzU
|
||||
tHufKwQdDnj22w8KSCvQ+KvwUn9UrIR5LyGKiYGWved9X2EQzIFC4dJ8h30G
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
|
||||
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
|
||||
bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
|
||||
NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
|
||||
HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
|
||||
4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
|
||||
2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
|
||||
ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
|
||||
dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
|
||||
sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
|
||||
kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
|
||||
YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
|
||||
qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
|
||||
HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
|
||||
UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
|
||||
xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
|
||||
Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
|
||||
/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
|
||||
Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
|
||||
Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
|
||||
9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
|
||||
9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
|
||||
ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
|
||||
XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
|
||||
e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
|
||||
99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
|
||||
AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
|
||||
YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
|
||||
CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
|
||||
c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
|
||||
ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
|
||||
hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
|
||||
71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
|
||||
/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
|
||||
lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
|
||||
8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
|
||||
RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
|
||||
Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
|
||||
xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
|
||||
PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
|
||||
6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
|
||||
c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
|
||||
MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
|
||||
vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
|
||||
RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
|
||||
uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
|
||||
inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
|
||||
CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
|
||||
8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
|
||||
9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
|
||||
cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
|
||||
d/Fp6btmZH31IEyJrRNVOpCwZPI=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
|
||||
b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG
|
||||
A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
|
||||
bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3
|
||||
DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b
|
||||
vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip
|
||||
scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+
|
||||
BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y
|
||||
0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa
|
||||
L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2
|
||||
2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh
|
||||
FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu
|
||||
sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ
|
||||
vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR
|
||||
dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP
|
||||
/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
|
||||
BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE
|
||||
Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
|
||||
b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L
|
||||
ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag
|
||||
NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl
|
||||
ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf
|
||||
WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK
|
||||
lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o
|
||||
HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs
|
||||
pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX
|
||||
Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA
|
||||
zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY
|
||||
xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda
|
||||
WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD
|
||||
O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv
|
||||
W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t
|
||||
YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu
|
||||
yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ
|
||||
ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI
|
||||
IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O
|
||||
0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1
|
||||
ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5
|
||||
ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq
|
||||
4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l
|
||||
HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL
|
||||
WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH
|
||||
I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKAIBAAKCAgEAv/euO0oAHCv6K/0LP93EXNfaaO6HseRAXT0e27yJwLs61TCv
|
||||
OPon53gVrHFYQZ8XFCN+w9EqSsdKJ63bJDDsr+Z5pHXIEH/Pd9XoqbHDbMPGwvDC
|
||||
bG3OSX59wyj7q2yitv7hRRPKLe0uuR2PbVQbMSrK40uWBTxPgyij/gYFZP/YS9Cq
|
||||
qtoirlk6vGE0TLuYrJKSyMar7s9+thuOgSqFudqRXoHg86c/wbP+8tKFj0XDXLkU
|
||||
EeVxU6Rdi91KLJ4jJK+2mFOWfLOyKohMe7cRoeUsUQfk2CGcAdTg2i/m53JUHjLA
|
||||
YhapTvVCN/FGsREIJP/lIYKWl/wz62YPCiZo1t3vsfMXMC96LkS8ttmffVjJ1ek5
|
||||
cKUyo9uBECQC5ixvlCRvoW1fT/Y+jJKpdxR2+Gi2R+9Qr8gqnoNsoRRormhhHvL0
|
||||
vfg4+Syr/IUmwXvzEkA4j4Sk9YG/OE4kDLFn8Sze6A17p6IZ4TGX7rMnQf3P0f6K
|
||||
AOa4vpROXOuWz9jJPppetaes+5Sb/g1wQ11v6OL/CJo8djjLC/OS2b2FiaaXSa04
|
||||
Xf5uDlZwl2H7hzGannbCLzUeW5Z5XQEywY1lm3qCoTsqmW/IWehxUXZSddS4cZxo
|
||||
PYrRt/OS9xLKZfhFXGpFgWVqzp+fyxjSmR91HnXJRATXIupUmnWWj/1H0QsCAwEA
|
||||
AQKCAgAn3928CQH+2A+uBXDJwlngYyHF/A4JoHzSITkAsaf3dayhzewHrMaPKP1v
|
||||
hVeswcv8becN66uaPs0jctR7LwJrAzevNpvo+XNx0+fxH7CVLhFiOrpX5XMdBv4+
|
||||
hIvKLtWZp1XJkHPFmGfFIePB9N91FgtwrSmrSrzFZLKzuDJ0qUQXc2+P76GWj4hI
|
||||
yvQfIDR1XDjLJaFfCJCsaQrvv5JpaYIanGXKlqoCpU3GyH3fpcEPyI3nrb4dfp3D
|
||||
yKJ4pBxuqWUHPQ2cN4NBnHAunnc2JrFO35HkZw7Nvpc6GwsedjwMzcPyW/ytHvqz
|
||||
PhXN/9iuPs0sacC4LzXlppxnIlVSOCoLUpyoe8zXxDJBLsU7d+zDnXZ/1guviHz+
|
||||
x4RsEKjlXcvsvnZGAy0pUzOEXIfmWOOSlA7iqkbPNud9nBS4YnOtiZIowLj6893k
|
||||
rN1GQ/jw7szBkNh5vjdZT7HAIhlBwyQI3hRJX/h0hdUPNiPW4/j9W94JWcRxk0tO
|
||||
vZq7mcTtJ8OFlsNyO12KgFIjT+Gwz7tmNrN+Of98pOt9jRN7hhxY8sQosmW1nePZ
|
||||
HuWR52CVShXX/N2d/09hwf48xjYBjF3Mjxc8ySIyERdcWqsWx3j5WaB8rEAAuMcF
|
||||
/gY5bb4Oc1MAUtX8aMidvKfVW0Owapj/ApgyOmGbO6YEQCKSIQKCAQEA6hbs2JoD
|
||||
8u9sCaabRKNxqnjzXzB7JrR1PKyOjp3Iiku29W1VQ/TMRUpO63LsE3lbv/3RIvi1
|
||||
wZN/dFhWC9wOY85iDUci5ZI0QcZA0OIQ/uetrE5/FBOmH9MVIQEXnGHSNPHUWMqk
|
||||
EBrykyt+7RMEb7Kldm0V57MesO1FA0y81+UCJP01KZM0D7Nq1Eb6GfNLENah3Fk2
|
||||
wHk6g36O1nMAEyjHvS+ht8C0rzNXIqCnkeAuxxAfJde9TYpuW7oCt1JEeh2VAmOO
|
||||
7QESq2x0OrPKLCUs00y5k0I9eqvAaQfCC6EcdiX7FyAfX5n5Vf5FbfbWhf9oheno
|
||||
CQ0uai4v1uqX2wKCAQEA0e91hlukBO2InB9j+54R3XA0buCr/eQFqJ4sAjgL9GCk
|
||||
n09tfytH/nLPw/g/l7snyVmGW3uZfmkOqnTP9Yfbx1dU0pPRN11qM9QG6YH+Odkv
|
||||
D+LpRnYRjj7QxQJQbGy+2IZN8cmtpJQziSmQMNZU/YoDpq7wYNVhwnP0Z3ZgUo3d
|
||||
GfRPbGw951dOAK0Z6S61+mXSQE9JhZBo49zOrmkgLa1fmLfJoukmz4MTZqoWFffq
|
||||
+1Q4vdYgRS8ToT2Rmba+7s4UAmVKyACEw8WEyjH3TXxd6tQy/smzcD0Vgg7Ghvg7
|
||||
Vs5ion9HcqDEcQ1YWvMDWPD/x4fyVgu4v2QW/k/KkQKCAQBPb04ZxlG2u1YfBEFG
|
||||
DmyA26BCWfJAVRY/a5LIhHRLsZu5NsurTsOOc8PKE+pWRWVEBj5Urq8GrCWg9mTk
|
||||
i1z6s0sElHIcEvvWog7WkxAPX9DIWq62wmAqBnfyBivb7jnlq3ZSVxlLOcm89RKS
|
||||
IlTsDmQlhqjbQiYVBb7Yes7OODD9GktS+1e8SDblJ9ywt6VuZlbwrfltYPXhLy4L
|
||||
SWTqG3mEEki/UQ4/MZ3M61VRpBBbjnXzYn0jdekzCTDowmroQWeSMvSKKkYKk7fx
|
||||
P5dIWakXXr7OYLj6CpQ1T+OiDJ7a3NKSq1zaFSbN7oXi5dMwD1aJsrEBeU6Zy2iC
|
||||
doLnAoIBAQCzC716J7JNmaCHNqZ5NKkb6NRvNCK72LuSwcPa6J4ZgEsmrAFBElLG
|
||||
inj0NEdYSwB102qpn1Kb41HkwteSGpqw+qSXLAalZ4BqT4zNnlaKU9a1f9tggtYa
|
||||
MSywuXaJ4n0qAfF8I3t7AAKsGsylOkcmLY1LnavZimNkCq0JiIZCIkfOGPWcDP0G
|
||||
zwjxvrB4laQSuMCGpJiZ1z3+CJYlXfdZvaHoh+bqkFrPZIUpbCqF9fls/Lmf/n1r
|
||||
Q+lD/VSuepOA7DVYjbcnuHmC1nSYVeELLuSSoQQVFUV6lj4/vAZJmnBRapfo6xCu
|
||||
jLq9iJowh031jyU2sZVXGYwpf12066xhAoIBADCtIvqwfy9pcqYs8PQMQTbDuz3G
|
||||
ZCe3E5SLJ00gk/PBVJihOYvdKgwoZAyWdWxOPDKzBJAaJBgpmpWKeX3k92HgLxyi
|
||||
50zKogbCc49mz2c6kRC13SviPAjO1XuM+FKo50AICenauu21/ZeMYuLt9gxnhEo5
|
||||
kkIYhD0irfTw5MMEKITAs71iB74Lxm9gv/+jOwsgoP23k562NHnIvPdbDzbR/ROD
|
||||
xb/3DsGbB4kmUXoLlWxradiZGczPddki+bMI4meMs8oH+XP14KyGqWC8LSuBDg8Y
|
||||
fADibXSIAHobiN+KhDtWz9Wnhtch9C8Q5+JDjixdspcn4lkMdMK532v/FBM=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
|
||||
<b>3DES_CBC / HMAC_MD5_96</b> by defining <b>esp=3des-md5-modp1024!</b>
|
||||
in ipsec.conf. The same cipher suite is used for IKE.
|
||||
A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
|
||||
carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES
|
||||
moon:: ip xfrm state::enc cbc(des3_ede)::YES
|
||||
carol::ip xfrm state::enc cbc(des3_ede)::YES
|
||||
moon:: ip xfrm state::auth hmac(md5)::YES
|
||||
carol::ip xfrm state::auth hmac(md5)::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=3des-md5-modp1024!
|
||||
esp=3des-md5-modp1024!
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftfirewall=yes
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -12,12 +9,14 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=3des-md5-modp1024!
|
||||
esp=3des-md5-modp1024!
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftfirewall=yes
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftfirewall=yes
|
||||
right=%any
|
||||
auto=add
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -2,5 +2,5 @@ moon::/etc/init.d/iptables start 2> /dev/null
|
|||
carol::/etc/init.d/iptables start 2> /dev/null
|
||||
moon::ipsec start
|
||||
carol::ipsec start
|
||||
carol::sleep 1
|
||||
carol::sleep 1
|
||||
carol::ipsec up home
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the strong cipher suite
|
||||
<b>BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
|
||||
<b>BLOWFISH_CBC_256 / HMAC_SHA2_512</b> for ESP packets. A ping from <b>carol</b> to
|
||||
<b>alice</b> successfully checks the established tunnel.
|
||||
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
|
||||
to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
|
||||
encryption. Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
|
||||
automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
|
||||
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
|
||||
the client <b>alice</b> behind the gateway <b>moon</b>.
|
||||
|
|
|
|||
|
|
@ -1,11 +1,17 @@
|
|||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
|
||||
moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
|
||||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
|
||||
carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
|
||||
dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES
|
||||
moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES
|
||||
carol::ip xfrm state::enc cbc(blowfish)::YES
|
||||
moon::ip xfrm state::enc cbc(blowfish)::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
|
||||
dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
|
||||
dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
|
||||
carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
|
||||
dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
|
||||
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -12,14 +9,15 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=blowfish256-sha2_512-modp4096!
|
||||
esp=blowfish256-sha2_512!
|
||||
ike=blowfish256-sha512-modp2048!
|
||||
esp=blowfish192-sha384!
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
leftfirewall=yes
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=10.1.0.0/16
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
pluto {
|
||||
load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random curl kernel-netlink
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
charon {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -12,18 +9,15 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=blowfish128-sha256-modp1536!
|
||||
esp=blowfish128-sha256!
|
||||
|
||||
conn home
|
||||
left=PH_IP_DAVE
|
||||
leftsourceip=%modeconfig
|
||||
leftcert=daveCert.pem
|
||||
leftid=dave@strongswan.org
|
||||
leftfirewall=yes
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=10.1.0.0/16
|
||||
auto=add
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -12,14 +9,14 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=blowfish256-sha2_512-modp4096!
|
||||
esp=blowfish256-sha2_512!
|
||||
ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
|
||||
esp=blowfish192-sha384,blowfish128-sha256!
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftfirewall=yes
|
||||
right=%any
|
||||
rightid=carol@strongswan.org
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
pluto {
|
||||
load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random curl kernel-netlink
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
charon {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,2 +1,6 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
||||
dave::ipsec stop
|
||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||
dave::/etc/init.d/iptables stop 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
carol::ipsec start
|
||||
moon::/etc/init.d/iptables start 2> /dev/null
|
||||
carol::/etc/init.d/iptables start 2> /dev/null
|
||||
dave::/etc/init.d/iptables start 2> /dev/null
|
||||
moon::ipsec start
|
||||
carol::sleep 2
|
||||
carol::ipsec up home
|
||||
carol::ipsec start
|
||||
dave::ipsec start
|
||||
carol::sleep 1
|
||||
carol::ipsec up home
|
||||
dave::ipsec up home
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@
|
|||
|
||||
# All UML instances that are required for this test
|
||||
#
|
||||
UMLHOSTS="alice moon carol winnetou"
|
||||
UMLHOSTS="alice moon carol winnetou dave"
|
||||
|
||||
# Corresponding block diagram
|
||||
#
|
||||
DIAGRAM="a-m-c-w.png"
|
||||
DIAGRAM="a-m-c-w-d.png"
|
||||
|
||||
# UML instances on which tcpdump is to be started
|
||||
#
|
||||
|
|
@ -18,5 +18,4 @@ TCPDUMPHOSTS="moon"
|
|||
# UML instances on which IPsec is started
|
||||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon carol"
|
||||
|
||||
IPSECHOSTS="moon carol dave"
|
||||
|
|
|
|||
|
|
@ -1,11 +1,15 @@
|
|||
moon::cat /var/log/auth.log::MODP_2048_224.*refused due to strict flag::YES
|
||||
moon::ipsec statusall::IPsec SA established::YES
|
||||
carol::ipsec statusall::IPsec SA established::YES
|
||||
carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1/MODP_1024_160::YES
|
||||
dave::ipsec statusall::IPsec SA established::YES
|
||||
dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048_256::YES
|
||||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
|
||||
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
|
||||
moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
|
||||
dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
|
||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutodebug=control
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutodebug=control
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutodebug=control
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
|
||||
<b>AES_CBC_128 / HMAC_SHA2_256_96</b> with 96 bit instead of the standard 128 bit
|
||||
truncation, allowing compatibility with Linux kernels older than 2.6.33
|
||||
by defining <b>esp=aes128-sha256_96!</b> in ipsec.conf.
|
||||
A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
|
||||
moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
|
||||
moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
|
||||
carol::ip xfrm state::auth hmac(sha256)::YES
|
||||
moon::ip xfrm state::auth hmac(sha256)::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
|
||||
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes128-sha256-modp2048!
|
||||
esp=aes128-sha256_96!
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes128-sha256-modp2048!
|
||||
esp=aes128-sha256_96!
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16
|
||||
right=%any
|
||||
rightid=carol@strongswan.org
|
||||
auto=add
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
|
||||
<b>AES_CBC_128 / HMAC_SHA2_256 / MODP_2048</b> for the IKE protocol and
|
||||
<b>AES_CBC_128 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
|
||||
<b>alice</b> successfully checks the established tunnel.
|
||||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
|
||||
<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b>
|
||||
in ipsec.conf. The same cipher suite is used for IKE.
|
||||
A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
|
||||
moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
|
||||
moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
|
||||
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
|
||||
moon:: ip xfrm state::auth hmac(sha256)::YES
|
||||
carol::ip xfrm state::auth hmac(sha256)::YES
|
||||
moon::ip xfrm state::auth hmac(sha256)::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -13,13 +10,14 @@ conn %default
|
|||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes128-sha256-modp2048!
|
||||
esp=aes128-sha256!
|
||||
esp=aes128-sha256-modp2048!
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftfirewall=yes
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -13,13 +10,13 @@ conn %default
|
|||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes128-sha256-modp2048!
|
||||
esp=aes128-sha256!
|
||||
esp=aes128-sha256-modp2048!
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftfirewall=yes
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16
|
||||
right=%any
|
||||
rightid=carol@strongswan.org
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,2 +1,4 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
carol::ipsec start
|
||||
moon::/etc/init.d/iptables start 2> /dev/null
|
||||
carol::/etc/init.d/iptables start 2> /dev/null
|
||||
moon::ipsec start
|
||||
carol::sleep 2
|
||||
carol::ipsec start
|
||||
carol::sleep 1
|
||||
carol::ipsec up home
|
||||
|
|
|
|||
|
|
@ -19,4 +19,3 @@ TCPDUMPHOSTS="moon"
|
|||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon carol"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
|
||||
<b>AES_CBC_192 / HMAC_SHA2_384 / MODP_3072</b> for the IKE protocol and
|
||||
<b>AES_CBC_192 / HMAC_SHA2_384</b> for ESP packets. A ping from <b>carol</b> to
|
||||
<b>alice</b> successfully checks the established tunnel.
|
||||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
|
||||
<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b>
|
||||
in ipsec.conf. The same cipher suite is used for IKE.
|
||||
A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_3072::YES
|
||||
moon::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_3072::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
carol::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_384::YES
|
||||
moon::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_384::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
|
||||
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
|
||||
moon:: ip xfrm state::auth hmac(sha384)::YES
|
||||
carol::ip xfrm state::auth hmac(sha384)::YES
|
||||
moon::ip xfrm state::auth hmac(sha384)::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -13,13 +10,14 @@ conn %default
|
|||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes192-sha384-modp3072!
|
||||
esp=aes192-sha384!
|
||||
esp=aes192-sha384-modp3072!
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftfirewall=yes
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -13,13 +10,13 @@ conn %default
|
|||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes192-sha384-modp3072!
|
||||
esp=aes192-sha384!
|
||||
esp=aes192-sha384-modp3072!
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftfirewall=yes
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16
|
||||
right=%any
|
||||
rightid=carol@strongswan.org
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,2 +1,4 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
carol::ipsec start
|
||||
moon::/etc/init.d/iptables start 2> /dev/null
|
||||
carol::/etc/init.d/iptables start 2> /dev/null
|
||||
moon::ipsec start
|
||||
carol::sleep 2
|
||||
carol::ipsec start
|
||||
carol::sleep 1
|
||||
carol::ipsec up home
|
||||
|
|
|
|||
|
|
@ -19,4 +19,3 @@ TCPDUMPHOSTS="moon"
|
|||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon carol"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the cipher suite
|
||||
<b>AES_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and
|
||||
<b>AES_CBC_256 / HMAC_SHA2_512</b> for ESP packets. A ping from <b>carol</b> to
|
||||
<b>alice</b> successfully checks the established tunnel.
|
||||
Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
|
||||
<b>AES_CBC_256 / HMAC_SHA2_512_256</b> by defining <b>esp=aes256-sha512-modp4096!</b>
|
||||
in ipsec.conf. The same cipher suite is used for IKE.
|
||||
A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
|
||||
|
|
|
|||
|
|
@ -1,12 +1,13 @@
|
|||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_4096::YES
|
||||
moon::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_4096::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
carol::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_512::YES
|
||||
moon::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_512::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
|
||||
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
|
||||
carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
|
||||
moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
|
||||
carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
|
||||
moon:: ip xfrm state::auth hmac(sha512)::YES
|
||||
carol::ip xfrm state::auth hmac(sha512)::YES
|
||||
moon::ip xfrm state::auth hmac(sha512)::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -13,13 +10,14 @@ conn %default
|
|||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes256-sha512-modp4096!
|
||||
esp=aes256-sha512!
|
||||
esp=aes256-sha512-modp4096!
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftfirewall=yes
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -13,13 +10,13 @@ conn %default
|
|||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
ike=aes256-sha512-modp4096!
|
||||
esp=aes256-sha512!
|
||||
esp=aes256-sha512-modp4096!
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftfirewall=yes
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16
|
||||
right=%any
|
||||
rightid=carol@strongswan.org
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
||||
|
|
@ -1,2 +1,4 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
carol::ipsec start
|
||||
moon::/etc/init.d/iptables start 2> /dev/null
|
||||
carol::/etc/init.d/iptables start 2> /dev/null
|
||||
moon::ipsec start
|
||||
carol::sleep 2
|
||||
carol::ipsec start
|
||||
carol::sleep 1
|
||||
carol::ipsec up home
|
||||
|
|
|
|||
|
|
@ -19,4 +19,3 @@ TCPDUMPHOSTS="moon"
|
|||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon carol"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
|
||||
<b>venus</b> by means of <b>X.509 Attribute Certificates</b>. Access to <b>alice</b>
|
||||
is granted to members of the group 'Research' whereas <b>venus</b> can only
|
||||
be reached by members of the groups 'Accounting' and 'Sales'. The roadwarriors
|
||||
<b>carol</b> and <b>dave</b> belong to the groups 'Research' and 'Accounting',
|
||||
respectively. Therefore <b>carol</b> can access <b>alice</b> and <b>dave</b>
|
||||
can reach <b>venus</b>.
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::cat /var/log/auth.log::alice.*peer with attributes .*Research.* is a member of the groups .*Research::YES
|
||||
moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
|
||||
moon::cat /var/log/auth.log::venus.*peer with attributes .*Research.* is not a member of the groups .*Accounting::YES
|
||||
moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
|
||||
dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::cat /var/log/auth.log::venus.*peer with attributes .*Accounting.* is a member of the groups .*Accounting::YES
|
||||
moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
|
||||
moon::cat /var/log/auth.log::alice.*peer with attributes .*Accounting.* is not a member of the groups .*Research::YES
|
||||
moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
left=PH_IP_CAROL
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightid=@moon.strongswan.org
|
||||
|
||||
conn alice
|
||||
rightsubnet=PH_IP_ALICE/32
|
||||
auto=add
|
||||
|
||||
conn venus
|
||||
rightsubnet=PH_IP_VENUS/32
|
||||
auto=add
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
left=PH_IP_MOON
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
|
||||
conn alice
|
||||
leftsubnet=PH_IP_ALICE/32
|
||||
right=%any
|
||||
rightgroups=Research
|
||||
auto=add
|
||||
|
||||
conn venus
|
||||
leftsubnet=PH_IP_VENUS/32
|
||||
right=%any
|
||||
rightgroups="Accounting, Sales"
|
||||
auto=add
|
||||
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
|
||||
b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE
|
||||
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv
|
||||
cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC
|
||||
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS
|
||||
dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx
|
||||
p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn
|
||||
d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K
|
||||
SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm
|
||||
s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC
|
||||
AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO
|
||||
LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
|
||||
Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
|
||||
bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh
|
||||
QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry
|
||||
b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K
|
||||
atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3
|
||||
u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/
|
||||
aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL
|
||||
wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov
|
||||
G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5
|
||||
8mcNXcKmqcyP2Tlnvbo=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEArDQ1aDwWmStagi03N7ESJpJ0RIX5uXDb7bLnW9WZsOT1518l
|
||||
yOTME0gS9j/QZc4OZy2GMTGJM2CY24J1DBqkIfGnf0doP3TavOa9+UjjR1lOaUVy
|
||||
fQ+njXA1u+NVo6mft/oyi/rxiaygtCvjv45Tqyd3dzyvH4Fc7iDpjJEHTGnAHaR8
|
||||
7fgVmHsXA57ixUAm7kTu6srSGKPZbX5p1k0WDspI/aLuWV+ijFalL7pWLpmO4n91
|
||||
wbK9eleevQfbHnyxl5oHmfwDL6aE8NfvbFd/ASazt/O2SGqaaLHZNUQf3p1H32i4
|
||||
IQ0XUKbw4JtHWSSFZF4vo/S0JuKtvAVtnEq05QIDAQABAoIBAQCbfhUPhtp8+imi
|
||||
zANFFW2nSK0VxsgEi4T7MIU6Zjh+A3CLuF2c9gPUEUuV8W9SzeoxfmjieLFDpCDC
|
||||
bR0VjeTRBazR//+A9RoiYlP+CbO4FEr6QYwsovsPetf6TT9iJeMjtBb6UODTCP6f
|
||||
UdY3fOPN8zgrga87yorINw3MMJSfiI21zSzCkueOQloktBgih5Wueu8FDFUB2fVa
|
||||
uLTUa+wOhXUBPyF5OXLox5TxE6gBPkiUsnNXP8X/kHLPk2iBQmdxz+uwG/Pz6pS2
|
||||
JsmX2WzFJ0+Rj4cJpoa4Ev5uAx79kcXnQT3d5/HIwuh7ZEMKorb1m8w8lhAW4ARU
|
||||
ddjhLkWhAoGBAOCpDGfLwQHWVejOcjEwfWts0hHLdlNfZEgsLSex2k/U6Mk1TjCo
|
||||
tAHQOvmqxZDxypJEem3RPaWZh+gttTpHvGkS9fsvTpyARcDp0FXI40hwARPsnMbI
|
||||
0fDmpVfOOLZdQKMDg42TrZC/mipU68gFP/rYC7xalJs0pe0LL3ffsSC5AoGBAMQ5
|
||||
3V6nuucpL87I0fKg56z0/3lcRxI46KuIXhHSAjxNb76cQuxiK8s5TPCot3Unq6GQ
|
||||
R7Y+dYd1FVEh2i3Q7/Yh/BSeYiDcDf5aELCwY32O/OnSSoNTbgGR5FT+/SHJK5bg
|
||||
j/O5S7+dajqtC2JZJl8smOeB5c187bc4FU72+6eNAoGAZUiRSTI434Ur0ftQzBBa
|
||||
WtYClvctb0TwRwFzkhPCon8QO7YGfDVygebIz8pHq6L2ep7Yuy28Jy5icTA6Jf41
|
||||
WQGtWALp4/CIggJnZGVe4kdslPj1bUEYNQ0mucFFHCJKg7OP2YIcm8dlz3PdoJ2N
|
||||
TJ+eGtqTaK2BqK6ERfzZNDECgYBbVTOcYyWzgpAmB4LxE8PB1Sc0LadG7AYgERD3
|
||||
6m/v8XsZlVHxBKCtrrYJLf52IUjZonY+dUPvEKgjY0ZSHPYT8i2Ky02RTduVkAZE
|
||||
t1UXk/5UNvVHuwVw5Z8JkMXxe9k2GL/oCU8gmPxg4zpxRF1/3xosZ2G3C3b52LjS
|
||||
UFNB4QKBgDX2UmLgRHAXDsmksNZaMUSNk+xws0B1M/EDd9h7e79ilENkOPDLo5+E
|
||||
z22WPNrgzKEUz44FZZOsislfPE7ffgQcRTxtNWqoElwxuHLuy46jaReL7zJSDtpv
|
||||
wtn4YoOpH0DnC994nziTQif33FBF/2o8hWoq4vcXKNSMGTwGzi/a
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
|
||||
b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
|
||||
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
|
||||
cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
|
||||
6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
|
||||
Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
|
||||
Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
|
||||
I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
|
||||
x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
|
||||
MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
|
||||
tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
|
||||
MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
|
||||
EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
|
||||
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
|
||||
b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
|
||||
GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
|
||||
ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
|
||||
F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
|
||||
L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
|
||||
ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
|
||||
Rf5Z0GOR
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEIjCCAwqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
|
||||
b290IENBMB4XDTA5MDgyNzEwMzczOVoXDTE0MDgyNjEwMzczOVowWzELMAkGA1UE
|
||||
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291
|
||||
bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQDAB/JTbwVY5oNF0+8Behdbc0NOeX+bl0SOcgpZ
|
||||
ha6nbMBQO41jtOI5r5Xbg9sK9l+DYOnZQZEsEhIVZDoK8yGI/FIEE+gWRf+OLmI8
|
||||
k2K+G1dklTC/VP2tZWMQYQWs6UnX3iiVpHccI3CQqqJWe9fZsIsq0J9j9hu6h9dG
|
||||
IEbon6RXDLPI5DIiIKc3r0jDHNDsIUDzcjuUdCxKFCMuHUCfa1PBiqpj5pP6XT0G
|
||||
gI6UjbgnNWPTPb2axE7P1x5gQmVwiFiYs+VTh2fq9O9xNxnn/YmzLk4/YNly7xYX
|
||||
Q31NuhSvRpH7jsJ1p4VSuunYqvccPUKsp5PvCtCeGvNT2qt1AgMBAAGjggEFMIIB
|
||||
ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7n842u6huBpBd394
|
||||
8mdL6EOdjg4wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx
|
||||
CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
|
||||
ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
|
||||
d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
|
||||
b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAyAbxrpMtTARw3
|
||||
jvBwuapaHXnTppz+TkWyfXVpgTwtPlf3rbhPk4DjhT2ygyMTI1azoqProf2aBbDr
|
||||
DldCSQPsZAcuzOdruKKMo2CQwgLuBFXL+JUX0hiIpFS1ZZHA2aDKyUw4OyADOvDU
|
||||
8r1/WiwRb91TdYP9nEu9qP30k0vkUg8DCbCmPI1/MVaxVzh9LRAFyOHrnKSCXG7o
|
||||
StmVFm2Yf3pE4HS1W6DtommyPs7aUD5XAaQdr3DYKI/TazoU6t5g2aEqigu+pj2M
|
||||
qk5idJkx5VCFvUU1hlChyX6NNNjJNnV6u5YiuatcdYQhpCTBsxnBoM+w0BvNOCl+
|
||||
1PdgEy1K
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
--cert /etc/ipsec.d/aacerts/aaCert.pem
|
||||
--key /etc/openac/aaKey.pem
|
||||
--quiet
|
||||
--hours 8
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
pluto {
|
||||
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
|
||||
}
|
||||
|
||||
openac {
|
||||
load = sha1 sha2 md5 pem pkcs1 x509 gmp random x509
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
||||
dave::ipsec stop
|
||||
moon::rm /etc/openac/*
|
||||
moon::rm /etc/ipsec.d/aacerts/aaCert.pem
|
||||
moon::rm /etc/ipsec.d/acerts/*
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
moon::cat /etc/openac/default.conf
|
||||
moon::ipsec openac --optionsfrom default.conf --usercert /etc/openac/carolCert.pem --groups Research --out /etc/ipsec.d/acerts/carolAC.pem 2> /dev/null
|
||||
moon::ipsec openac --optionsfrom default.conf --usercert /etc/openac/daveCert.pem --groups Accounting --out /etc/ipsec.d/acerts/daveAC.pem 2> /dev/null
|
||||
carol::ipsec start
|
||||
dave::ipsec start
|
||||
moon::ipsec start
|
||||
carol::sleep 2
|
||||
carol::ipsec up alice
|
||||
carol::ipsec up venus
|
||||
dave::ipsec up venus
|
||||
dave::ipsec up alice
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
This scenario enables IPCOMP compression between roadwarrior <b>carol</b> and
|
||||
gateway <b>moon</b>. Two pings from <b>carol</b> to <b>alice</b> checks
|
||||
the established tunnel with compression.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
moon::ipsec statusall::policy.*COMPRESS::YES
|
||||
carol::ipsec statusall::policy.*COMPRESS::YES
|
||||
moon::ipsec statusall::comp.::YES
|
||||
carol::ipsec statusall::comp.::YES
|
||||
carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES
|
||||
moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
moon::tcpdump::moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
compress=yes
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug="control crypt"
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
compress=yes
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16
|
||||
right=%any
|
||||
rightid=carol@strongswan.org
|
||||
auto=add
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
carol::ipsec start
|
||||
moon::ipsec start
|
||||
carol::sleep 2
|
||||
carol::ipsec up home
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# This configuration file provides information on the
|
||||
# UML instances used for this test
|
||||
|
||||
# All UML instances that are required for this test
|
||||
#
|
||||
UMLHOSTS="alice moon carol winnetou"
|
||||
|
||||
# Corresponding block diagram
|
||||
#
|
||||
DIAGRAM="a-m-c-w.png"
|
||||
|
||||
# UML instances on which tcpdump is to be started
|
||||
#
|
||||
TCPDUMPHOSTS="moon"
|
||||
|
||||
# UML instances on which IPsec is started
|
||||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon carol"
|
||||
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
|
||||
Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
|
||||
by using the <b>leftsourceip=%modeconfig</b> parameter. <b>leftfirewall=yes</b> automatically
|
||||
by using the <b>leftsourceip=%config</b> parameter. <b>leftfirewall=yes</b> automatically
|
||||
inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the
|
||||
tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway
|
||||
<b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b>
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
|
||||
carol::ip addr list dev eth0::PH_IP_CAROL1::YES
|
||||
carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
|
||||
carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
|
||||
carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
|
||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
|
||||
dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
|
||||
dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
|
||||
dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
|
||||
dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
|
||||
moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
|
||||
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
|
||||
alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
|
||||
alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
|
||||
alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutodebug=control
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutodebug=control
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
|
||||
}
|
||||
|
|
@ -1,10 +1,7 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
plutostart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
|
|
@ -12,10 +9,8 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
rekey=no
|
||||
left=PH_IP_MOON
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftsourceip=PH_IP_MOON1
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftfirewall=yes
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
|
||||
|
||||
dns1 = PH_IP_WINNETOU
|
||||
dns2 = PH_IP_VENUS
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
|
||||
both roadwarrior <b>carol</b> and gateway <b>moon</b>. When <b>carol</b> initiates
|
||||
an IPsec connection to <b>moon</b>, both VPN endpoints find a cached CRL in
|
||||
their <b>/etc/ipsec.d/crls/</b> directories which allows them to immediately verify
|
||||
the certificate received from their peer.
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
moon::cat /var/log/auth.log::loaded crl from::YES
|
||||
carol::cat /var/log/auth.log::loaded crl from::YES
|
||||
moon::cat /var/log/auth.log::X.509 certificate rejected::NO
|
||||
carol::cat /var/log/auth.log::X.509 certificate rejected::NO
|
||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
moon::cat /var/log/auth.log::written crl file::NO
|
||||
carol::cat /var/log/auth.log::written crl file::NO
|
||||
moon::ipsec listcrls:: ok::YES
|
||||
carol::ipsec listcrls:: ok::YES
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=yes
|
||||
cachecrls=yes
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
left=PH_IP_CAROL
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
|
||||
conn home
|
||||
right=PH_IP_MOON
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=yes
|
||||
cachecrls=yes
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
left=PH_IP_MOON
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
|
||||
conn net-net
|
||||
leftsubnet=10.1.0.0/16
|
||||
right=PH_IP_SUN
|
||||
rightsubnet=10.2.0.0/16
|
||||
rightid=@sun.strongswan.org
|
||||
auto=add
|
||||
|
||||
conn host-host
|
||||
right=PH_IP_SUN
|
||||
rightid=@sun.strongswan.org
|
||||
auto=add
|
||||
|
||||
conn rw
|
||||
leftsubnet=10.1.0.0/16
|
||||
right=%any
|
||||
auto=add
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue