diff --git a/testing/tests/ikev1/after-2038-certs/description.txt b/testing/tests/ikev1/after-2038-certs/description.txt
deleted file mode 100644
index fb622dc15..000000000
--- a/testing/tests/ikev1/after-2038-certs/description.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
-The authentication is based on <b>X.509 certificates</b> that are valid until
-the year 2039 and are issued by a certification authority with a root ca 
-certificate valid until the year 2059. On 32-bit platforms, dates after
-Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type.
-Thus if a time wrap-around occurs during ASN.1 to time_t conversions,
-dates contained in the certificates are set to the maximum value,
-i.e. to Jan 19 03:14:07 UTC 2038.
-
-Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
-automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, <b>carol</b> ping the client <b>alice</b>
-behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/after-2038-certs/evaltest.dat b/testing/tests/ikev1/after-2038-certs/evaltest.dat
deleted file mode 100644
index 790811a61..000000000
--- a/testing/tests/ikev1/after-2038-certs/evaltest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 03b57243b..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,55 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
-bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
-NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
-HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
-A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
-4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
-2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
-ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
-dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
-sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
-kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
-YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
-qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
-HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
-UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
-xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
-Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
-/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
-Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
-Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
-9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
-9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
-ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
-XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
-e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
-99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
-AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
-YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
-CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
-c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
-ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
-hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
-71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
-/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
-lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
-8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
-RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
-Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
-xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
-PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
-6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
-c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
-MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
-vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
-RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
-uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
-inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
-CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
-8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
-9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
-cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
-d/Fp6btmZH31IEyJrRNVOpCwZPI=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 2ce2ce3c9..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIINzCCBB+gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
-b25zdGVyIENBMB4XDTA5MDMyODE0MDYwOFoXDTM5MDMyMTE0MDYwOFowWTELMAkG
-A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
-bnN0ZXIxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgR
-yGVG6HVoA3DU/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mp
-dYtP53SWASOHBiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkw
-BebpMLCf2Mi1robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bO
-FPoBoBOY7v4fuq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DW
-kk1vTt4jplSg6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5
-mGabckTMvtI591UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014l
-cFg11mzjXGGBFuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest
-2X0psHe3AlocUFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9C
-uezkuM1QEvkev5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+
-t8GhCKV6B7RTzFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3Hh
-fTZstGECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud
-DgQWBBTy8LU5yQdnV8pfwhCPY7q/CiNyzjB4BgNVHSMEcTBvgBQZYq2Wq8b7148Q
-xFb/QGMiQnB2DqFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0
-cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gTW9uc3RlciBDQYIJAIORWNru
-S4GuMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMEEGA1UdHwQ6MDgw
-NqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbi1tb25z
-dGVyLmNybDANBgkqhkiG9w0BAQ0FAAOCBAEAi39l78OCI9S0I3X62HbkxiLguvnc
-CbXY6Tqmz0Ms8xqZgYzJOk7FLB/4v/zJohOH5nd7KxJ81KbcERyASpybaLM0/V+V
-oGT0rDGGH5cS4H2uYfs9HsKFKKPbZeCnExFyCamXjBZkl5IZNjdpS9TLyXRJSyFN
-OIRNhILPSriqdtzgRuGOeX798U8o0ObizGQRVlT0p0lI4t64dzZbIh3jSXjCf1Tz
-cmVOC8qhhGvxLlorSy5K98t2zNY7DvzwtvoQrNFGtso1kvfmaO4XRCvSZsmqPpC5
-mmWJjNEG2qcbmfpt8TotyUHgEJTZXwXlPVVb5OXHTW6jXk/MN0UiMTLJYcvJ1gji
-kSnGNHzRH2rKlYRED+jlzzHAWSv0mBGcOTdmfBV6+TJ7QhWhLZBzAUfwqXpAy9Vk
-idtyB0eSWBTIvhZY6SzB0Rvkdj0FtZ+tNURT4dPtiO0D+LXm/ojpdKKI2tFNOgwY
-n8df2u3xnCRvHqcF6lvu+ptnwUkUDDGDuiM20+sm0HHhLIj51v8tTm3Q/MzI0BAb
-G4HOSQNDzymWDgzIE67UTxBwXVDbSLkzH1vhFXtZQlD1UHqOUT/4FQm5ZlVMF8na
-FKxHakqoh1CdI8TAmM64h3hp1zp+G9Zn0lfcHRhvWBvpU8mgF1cbEvgbzjd9+xLe
-q45/8xuZPnU7XIBvDcZTUk8LRIThcTxQRlQdI1UJnvPOBYG3mUrLs2UdEZGwsooG
-zMOj3EQwqrR67rQiuGo65IMPDix4mwHjcZ8Gr4eqLDwSUS5yoPX1qI2qNLQbI1Ni
-8PEYMXQ0Xm+9Z86ZkI0dAIBWLkEGkz5Ngqk4O3JLzF1O/XPG4E9hGJ8WsHQW6pk9
-+quv5nVNCAO0z6FYfQoYprdbDBur+N/no+BYIcSFSpLcNgafLXgj3I65iJ2VmRi0
-V0xAfxcRiQN2+/7aao2zLrrSPHU8YsW48ISw9ibQ9EckZMVtnhuYpBJuX8+auZ8f
-OgBmgRi7fCtEcMlXsiisQehymMs470eDRfWFUMzgJC8tMOQIWNdYM0Bo29wYUJPN
-jD+NO0n+PisFMilBEyoT2pD1i94+5DWQau/7STb3GbpBsLb7JbIrQEp0oSdsvsNR
-SaJQEqMxepJM0OGp3FMr79s+/a13+TMm+jl65M6sV/YTDdYFlplkWyHDjbL+WjUu
-lvDEURfBJrtT7u673RakCEzl5e53fP01HXFhqgMSloR7j2XNiyCeEUBp+zetXxwb
-8e6IKtbXWU+WcXIdNOHAL+OtD1vUK3gxupJPrRNW6daZKWUDbjRixzXnjeyIw8It
-bRldc5VjyM0G4FMbmIROgRcvjJ74MUwnHpgPl9zQ28HmbxKbANiJJZHIDw==
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index f0836ec33..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEAqYq89COSvnLQplrjtSrDyvqvJqXN7mfmgfgRyGVG6HVoA3DU
-/vJPo8xHT43eTIBkT9wxernYxGw7UZwG6iiY3Me7Q82f+2TmX8mpdYtP53SWASOH
-BiLk7d3yJJjCY2GGP8Vb0avJa8GEOy9ZHTOf5HWwMDt9EQKxOzkwBebpMLCf2Mi1
-robNUj/lEgE+3AGfikF39E3JaXhna3mm+7PwO5J5udpxC/rVa+bOFPoBoBOY7v4f
-uq0CV5x5q/bXn9oVWteF/U1fnnOf5Dhe3P057oj7kARsmGk8e0DWkk1vTt4jplSg
-6jhH7izy4OhiqWkR7QV/BMOQBqBd6bw9Ojk12LFZBQulM0Lmtou5mGabckTMvtI5
-91UCGNqGMcVDsxFIX2ZMvfScMahS6pUq+hjiR95mwez2Z1Sg014lcFg11mzjXGGB
-FuTCl3smJqRT7UaI6JfjNz1f6p/7z8QhjKChVA/xnJ5yoJWNPest2X0psHe3Aloc
-UFRxqnD2ZmNO6IuKN5bmN0O4Lfc50rl2hPATXdh0HC8HvcYbRK9CuezkuM1QEvke
-v5SFbzgivXb1A2hdRCc1/XRND7Pm9sCjjh3tn5otCMnalc1mk5v+t8GhCKV6B7RT
-zFqu+ry0pe6OlqqzU0yNdqYFK1hoCDXUQzEMJzmI9mIw+n6EE3HhfTZstGECAwEA
-AQKCAgAmHcjpYm4FXy7Fl72F531pTv69w50OslFCexEUaqCMdojR7TYVs0hwXObT
-XePSczMaOTjujIXNcz/K0zdCwanMSSMy1THYhRC+DEqK4K0wLifjTad3m7S4PaPI
-0ocxbKWQBMDl3KdGEJW38KcqR4b1B/h6f4VYo7BQzkSbrxRSHANz63vdJvVWPoMz
-jxAgykSiAqIDTNGxYp5trUX7ZLLn0cCIJjIwLU56GcPPN33SDVXetUdQ4sCaDdXU
-8YP8rj0K1VWMYy7SItCZsIqzSEMT+7wC3tvDUDWGyEb1UW9q3cpKBNDAl7KkO3rH
-UbeMutCK5ydtXMIumzNB704cnuwZ08sdM7BTTMhmu0VK+zjVzhBK+MFcF7pickD3
-SdNzOiqfgiXLGjsiMFJvJ7OUJczEJl2xIoZ+Otb113ep0An0PEuF6aZMaKPNP7xf
-ljnengym1Rq+f1mHBRRfool9zmeisnQSSecKo0htm6oRkQTcTwLj0TjiCugbmISf
-D7sUXWp/QFVdYhHTay1gWUnP1quflKYvEynd0UF0JOnCbpWAczdXf27fm7DVjgLp
-yZ4QyrCtyvtIITgmZOvkAcaflxe2E+cBN2F+hWGzqMJfoMtw008hRW9DcRji35Kn
-lCOj/87n8lL3dicDI0caBZO9tQIakh05XYW8xN+sYF9K/xKauQKCAQEA2txDchqB
-7719R6hBqdNqig2+telNHlN0amPKjqIvP7Tr/JnJx8A7cSasao1Fw0cGPReBT7Tb
-Z5IW7xvWiZYFMDI8q8ZGEIb+MveYs1gHlEaimMtwoVCNeNe3cEPIL7ffNT8y+xFc
-o55AjzgKAOHqmf6OidKqRs/B1sSmOrgugsY8KvYtA/JrieVHKrjNX5XqZNqrfsns
-K4DMcJvIrfBu9iyWenNoBOdEJsP0h3F39Zh2hkEg29eH+/8x6FGlezvSU89Jjs9O
-/2BdlyS82RbhPu2VIrsmpfoSrsFHRe8t/9yrnpY3ud6w2LP9QIEMd8FpWKGnNxJp
-AIZJ6u+NoWVlLwKCAQEAxk/7RSSvf6VJvi1gmOxKd79LkYUEiyZryP/M8kQFMqs5
-pU6BgFLVLZsaXz+1oYS0bEjVGGo5ppCVVUMN6RuFX9zVz9uVZBeiiItqw64UDbt/
-0u78m9ngvSpWaMQU2nS/kHVhKOY+Gfs0v5fBvZE+wxTfMBR+nbx7uJivpXnq6xMP
-fhDz6juap/lEK6HuvQN5xXBNL4wpd099lvy3NUuG0Dohb/+gWf3YzQtjs281iMZB
-G3/gGLcBSdk6PBwXueJ3NPj9FAII73MQNBNYS3zi3IYuulA/rMcvbA+IGeKTzRX5
-E47B8ZAhJxZ3OePalvZyVEaRHDFT+Y2YCv/G9Bw7bwKCAQBs97oE97m2Gcxkfxui
-aIblEY7gl7Yz4S1XQzQ46/tGZtgQPqm+cLGn1q+Fpa0UWyp6BFf3zX5oBM6yYlPg
-0PboVjrq858y32N1EN3QfYXYh4qxNKlxR+AISK8mkDj9uTjDFCJX6v8K3+IY7Lfe
-VJ0v6xQg/uiUtSA3xFVXaxiNOBIA+ezTyEFOuP9EABsQ+l1ntZApYnPZ/RjNAGNc
-Zxd4Lh8F/KvPtS2zd2Eqho5Jk41/rrGjg55LE3ZPy0bvIovH+q8PEZytfddbR4lX
-NRMU98mHL1NA1E+0/rpz0XA/sikonnZEbuHyIzt2gEoq3fuLi4Dr5JivEC2BcaA8
-uXU1AoIBAQDDxUdfXbTmxQxEctVuga2OA0mdkXwHxlkXZvcyntWmzIOu3g5X2O3c
-BMcHCoTKu4/Faiz72jmpZggV0IlV+zYyiXaFqNcUpYRtWXx/SkU/vT6VxBmZ3X/Q
-HpCJAjE365MFD+tnjcv2qBfNoAnBkzYrLVqbQ1AvdVeJxyl2qSGxCPL9V80DCe5G
-LnwOuuBMtbaro45/BtYUk2N+/2H5eeLPguNphigNTtyMpta412s458Z0WEuo+liK
-R6kGmBEQDzHxGG/2JYAeqi9vyT0b4GCwpMJSaVBCx6vX+Ik6TIPuLOfjV8W8K7We
-ub3fZ0FuUEJTUgqEk2m77P0Qtqn4aDp/AoIBAQDXI66F4POHVOPI/j584sSLhW6X
-j5VzFlmOhpyoourPYXsKyIFrLa/gYAe/wNH/5jg3Ap5DbBVZB87gOkaMz2oV+ZQ/
-5IWiFmiUxGrCXmWyI6Eqr2DUtSKispLnQ043bFN+HlhfQYTwD9ijqpwpUt/sC+IJ
-mLIGJs5B3cdcRQuSxh1HpvSJOuItjp0wfcGj3+RPh5cPdjHZW30FHGFomOk//6BO
-nWdoYUGrN9wXylDOHvlkYaP2Uj5rCWm51ZGaxzJR9S+WkHdNBzyygpGtEXdSAIzU
-tHufKwQdDnj22w8KSCvQ+KvwUn9UrIR5LyGKiYGWved9X2EQzIFC4dJ8h30G
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
deleted file mode 100644
index 03b57243b..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ /dev/null
@@ -1,55 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIJ0DCCBbigAwIBAgIJAIORWNruS4GuMA0GCSqGSIb3DQEBDQUAMEgxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJv
-bmdTd2FuIE1vbnN0ZXIgQ0EwIBcNMDkwMzI4MDgwMDUzWhgPMjA1OTAzMTYwODAw
-NTNaMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4w
-HAYDVQQDExVzdHJvbmdTd2FuIE1vbnN0ZXIgQ0EwggQiMA0GCSqGSIb3DQEBAQUA
-A4IEDwAwggQKAoIEAQDL3Cy8fYlD/Lqc6vXnWakywyvB7rouV7CIdxZMGHz/6zO4
-4sZaeqWy4Fmp6zPuLI8RtxsIyrZAJzqnTDNRb6FhosdluTy/QL2N+M2U0fKeRjAd
-2IInFOabqSSheB8Np53xK28oZ3xe75vbpSRiqGItmqZHioFPpNV+gRv2NC2NSUqr
-ta9aRo35m2ZyQuav4+oOYalayApZWr44w8qQJRILvFo6jc7x5bE+LgFNRfe15/MY
-dyrabatILkOucP61VE7QqftLj465w1GG3kzyt4PsX5FKkSkhs3wMnQKLJyvxUIlk
-sC7m/NzABRAEAfLAODJJ9indUCVjcLDC81avQPoHOSD736hkYpWRnlrgvu14q+5d
-kBRvyCQu+SoBPj0oMtEEdaPk7aBGjXDvKkeJAZYEcOP8h9oKUQjwYUQhQ7Np0f33
-YBaQSCv/6kfl+260XXMWQrQd4iDY17x5H8wA6mncTQ01JHIJy5pixXt09dPmWaAh
-qZWaDbkSLslO05zai45QpTFQ2Qtw3d6w5BY3u2bREB7HnyFfZF8n43pvsInNv5pQ
-HLVHN5/TP/YVwbZj4UXXgAjkL/4t6DGELk62VkrxB1dQDopimFRmaGctAGWbo8ro
-UVpGDXnSHCn9SPmEqeetK1fJHcCeQskVFakIB3qdRJM+rsWcOFA4c40D6uKyvLHe
-xZbqaOjpL2r9vfuzMtbUMUinZNBqVf7dCkxY02gdi1HpTB5p1VBSRbXdaC1Zow4O
-Rn2Ekd6/lr5G45S8ljr7EeGnAUKFOoyU8F6dYmvgwBTgNwQsGa+MbWkuaaxuIq0f
-/e3J3PYkdQ+7tNXPsqoDXcOtc0ZPlBRwDx9Js+qh86e5HKh85DzBjjl97giv/3PC
-Ek6imgHhx0QsulWUfGzls+sd3SXf8azBFt6Jh7lUJQafNH++fLZvryGYa2gjEn4V
-Cwr8PTaWLm5TwgHlyJTH8Zkk7yEVZvzJfs6UC8tEaYitmAb8e9cYTztA0e4gPeY/
-9UTyb0XAnol368DGKi5T5L1x1NVHkPc5zVXcGUvUFpEd4q4aJWj9xUyskt13fl8V
-9BOKc1BJZUdCkxRSt1wF4tlcFs9EVbOoYOT2+KJiaWB59ke+O7HUxnjFzNfPFLO9
-ItgNHhahXrhX22e//B9QhzQ5O29UhXpX0y624DK/e/bj96c6ve5NqDIcZdOyVduT
-XiEyfUpP0ZjvwRbS42A1VYs34ELBt5ntUhRvgivXAbBnC19pv/WFurMzaxueQgjh
-e/TUX1FWXh8zq5qPvASxkupdo5GOrcjn6a8zTmRPS6V8jVLQmUHMsCsyFcVUECsL
-99wet1nlFAloL59Z6Cjj3LkyLpeIG/o4ItGEdw5bAgMBAAGjgbowgbcwDwYDVR0T
-AQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFBlirZarxvvXjxDEVv9A
-YyJCcHYOMHgGA1UdIwRxMG+AFBlirZarxvvXjxDEVv9AYyJCcHYOoUykSjBIMQsw
-CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMV
-c3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5Lga4wDQYJKoZIhvcNAQENBQAD
-ggQBAHcfJo343EP+u0T1DTa3oJbYtqON1F7UdkJcOUxRhp4HFlPEOFxSnHU5Qi2f
-hzxWZTQEKI2q62AXdyHDygI44dCpSFZNPcZHdwBl26maMHubv7JXFl7TWupvki57
-71ttz+0wc5iU38g3ktVkrcjzUiqKU2BXnvIuLteOHfnSMGR+JG0v94nYl60EEtZr
-/Ru0Orcq93mrQyih4MZMrcssNBI+2HSFmjITBSGAz9G81d/kojtCEsmY37dqpkqO
-lOo57HLTUzuMHW1W+c7wCLAl2rhy0xIJ/t5XpNBvPzc7xKZex01A7kKIcUV5vlvj
-8+NTuMF4NAZjgtODj0Z3kKsxaIlq0O1+SfubdnHE9pNZPXWm4SSW8w1C+n1+MAA2
-RpK7T1T7BiOQD2fSKsCPvocefiWFOUuHkyRPG5vE0Ob5XH5qT5R3xTq1ta1cpxsA
-Rq0s4QHYePZ+gU/7edI7LvZtueOGL4BeR1TSIcbij5+LfFlIjz9ETp3cWc5rxjsm
-xBGeHyCslH2EKuufzg5czqmnTdwC4zGNVUyn8c5YUVpOxEZOpnrrGpR7xCHG6n0s
-PFpXRuSp6JHSDVCFkJLLrIH0MNmXirgsNLQEOX3WBPeK2hj9X3kzV+iRd5YXqBld
-6x1Jnx66iNhJyKHDXfZ84PIZzxaKrDrR35PK3DsZUATx0l56uBWAY3n1Zl5ZrWkd
-c66yvP8/WXqO1IctddURFn1ohkkbCVd8ke45ZQoyHIb+cC2gTU53aYNNAZDHh/C/
-MrU7+d5yH29dLjtv+J3JrDwdtBLMZa4RcIOZxhk7MhheNW3K+Q5xpKrdsqourQ2T
-vBwEmrfiLHRb+Hk8UbPpDW5m3yaXYmn8bQinkD1BP2ru/f6r4Rj+aAtNvz8ofgAg
-RcUcD+jeIDAEWnFCKtHxtp+fLYm5npnwfyCyOID2Lr3K1Z7SpqzoYYq9bfc3AdtL
-uHr9RSjdfsuG0l44xESwC2+Pp6rHwvAIPfPgcZiOX1GObytxXexWYCy9g/DKmUVv
-inTJNjHpH48ffPmCBE2LoylgBv/dSmf6hQSf5lqsKQ3tKApJv8t0oO6jqyvn+aqs
-CTi4WALKhZn9YRKRzcwzYVav1g0fHkrwRQxv8TRM0tYWZ5V01qgumxD3L/37vqDR
-8bx9KvgiF3DbP2q8IbVuVMLwjU6xPH+5sWJCS0Cx2haW1oVw7ppd9sgAkj/wxzt8
-9jl/bx3rD3YwoobFvqry0Rhe4J1LidAAKX+E69c4GwoTIe3eqL/TYkis7YIFLjea
-cm2lumjrrFcnbZLvDK5S/+kfZ2Flt2QoUznNeTTNY1nAnJSgqOgOocvyYDA9vx6H
-d/Fp6btmZH31IEyJrRNVOpCwZPI=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
deleted file mode 100644
index e83798c07..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIINTCCBB2gAwIBAgIBAjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBN
-b25zdGVyIENBMB4XDTA5MDMyODE0MDcxNloXDTM5MDMyMTE0MDcxNlowWDELMAkG
-A1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB01v
-bnN0ZXIxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQC/9647SgAcK/or/Qs/3cRc19po7oex5EBdPR7b
-vInAuzrVMK84+ifneBWscVhBnxcUI37D0SpKx0onrdskMOyv5nmkdcgQf8931eip
-scNsw8bC8MJsbc5Jfn3DKPurbKK2/uFFE8ot7S65HY9tVBsxKsrjS5YFPE+DKKP+
-BgVk/9hL0Kqq2iKuWTq8YTRMu5iskpLIxqvuz362G46BKoW52pFegeDzpz/Bs/7y
-0oWPRcNcuRQR5XFTpF2L3UosniMkr7aYU5Z8s7IqiEx7txGh5SxRB+TYIZwB1ODa
-L+bnclQeMsBiFqlO9UI38UaxEQgk/+UhgpaX/DPrZg8KJmjW3e+x8xcwL3ouRLy2
-2Z99WMnV6TlwpTKj24EQJALmLG+UJG+hbV9P9j6Mkql3FHb4aLZH71CvyCqeg2yh
-FGiuaGEe8vS9+Dj5LKv8hSbBe/MSQDiPhKT1gb84TiQMsWfxLN7oDXunohnhMZfu
-sydB/c/R/ooA5ri+lE5c65bP2Mk+ml61p6z7lJv+DXBDXW/o4v8Imjx2OMsL85LZ
-vYWJppdJrThd/m4OVnCXYfuHMZqedsIvNR5blnldATLBjWWbeoKhOyqZb8hZ6HFR
-dlJ11LhxnGg9itG385L3Espl+EVcakWBZWrOn5/LGNKZH3UedclEBNci6lSadZaP
-/UfRCwIDAQABo4IBGDCCARQwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0O
-BBYEFOQpYirU7vrMZUWDkqDijTPuhPQiMHgGA1UdIwRxMG+AFBlirZarxvvXjxDE
-Vv9AYyJCcHYOoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ry
-b25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBNb25zdGVyIENBggkAg5FY2u5L
-ga4wHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzBBBgNVHR8EOjA4MDag
-NKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4tbW9uc3Rl
-ci5jcmwwDQYJKoZIhvcNAQENBQADggQBAAEsjsebEspAIANEBVWRjRpowIJlVSLf
-WKzblIPlhClXafHGJbhiamdtS2FmEh/rkzz3Ml+9cJy1KnB1Pn6+4JLSJe5xAywK
-lKTT2iY0KDdOsaK5j+CNJ2tW9NrJPxwtIz+nGGqqyyEUPJE1FYxphbLgmwFNBm2o
-HyeUVYI+gyfmhyHaXHKOmbsDG0o+pUX2tVOs0KdyU6deaAtEf1E6aA5TpCAi1OZs
-pdRDXFUfjdekRkfRr1PZ41Xwk3t6E32YhIE++r7QneQPhXymxVO9nepmpuSoHvlX
-Hb4JN2EQ0zCkkkOfqCuF46zVxsR46/3cfKbRsaVmdfGjvmDSCDI47AreluYiPTGA
-zN4XN91Y5rPZuT9OJYV4UrYv9N1jH5StVmSz19rbYOeozJXX0PBjdCKHEonD1FHY
-xWRpijVUG6NWVLKpvdg3RiFw78wIrNPAeVDvLL+112nbszNDNLSoOJjOUBySHJda
-WYFtg2IoAUis9r/o7uykNcC6KiU4Y1nC8PEIhMi4AMA9UgBCn4ixYtHI9jkfHcrD
-O1kvPRUo3hKzrhftLYtfiBfTEh+3Xab615lt5vNNhdI7d4knqUXvVdURtvlfJLZv
-W0YdvwjJtrVJAiCtX3wyxy72O1ZOG5kHCcK5oHUHg5W172rK9hK4LByk5ESqtc/t
-YDG7TmZLtUceV5yK4gz7pwIwXthA8yayRy+lbk8BFxRMfOEfb6rPdm0vvmPpHHDu
-yHR5SJTgpGo+/I8N1zS6PNeUBh0RAbSnxHJSMLn+GYTs8s6Atnq05SIuVYxvXyAQ
-ULf+ppNN5lngSZHPaOFJNpC1QL1+DdMNueDITVxYx5DV8SkWRPhzS77tsYeUxVGI
-IpUVEqSggGe6Q4YWv2smAjSeqaS5HNGxstE+Ybat/cp9QMbLc7gwKxwRQHhVRZ5O
-0rVq2bZUyly8y4wX8G8WFMNuCoAcHAdMvKh4JtmdDDZlbxdC2mSVbLSuTBfGvKc1
-ScwOBtSqQkm9PsTMitZM31s97WJLQIZbq82g2ns7hfEXMMIgzcFLYlM1SovbDZI5
-ZM63NBVTaKyj+Gxy8FcAPBPtPWwAQT+Gdi8gFwtcEilTOBECL5y0hzlL9aJpsJEq
-4KV5nnM5rutUufiYzQMZqME3g9VWk0kQteVpa4x+4zsKH9lJSSS/y0eCo/jArS8l
-HSmzUDkj2cWmf/azdrcig7g/mHeEbKu1JH1X5lRdZekqcRCW6v1OjP025B/5nSnL
-WYPUI9RLb01fmPjWdrc4+hPnHjePp8w6tuM6U6huMCwstnOel6d2FL5hOWvXNmIH
-I+8zv7SHhIWQmUbC0YQn8BFqvqDC08In5x42YiTe+42YEtafkTkbY8o=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
deleted file mode 100644
index 6d39ac084..000000000
--- a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAv/euO0oAHCv6K/0LP93EXNfaaO6HseRAXT0e27yJwLs61TCv
-OPon53gVrHFYQZ8XFCN+w9EqSsdKJ63bJDDsr+Z5pHXIEH/Pd9XoqbHDbMPGwvDC
-bG3OSX59wyj7q2yitv7hRRPKLe0uuR2PbVQbMSrK40uWBTxPgyij/gYFZP/YS9Cq
-qtoirlk6vGE0TLuYrJKSyMar7s9+thuOgSqFudqRXoHg86c/wbP+8tKFj0XDXLkU
-EeVxU6Rdi91KLJ4jJK+2mFOWfLOyKohMe7cRoeUsUQfk2CGcAdTg2i/m53JUHjLA
-YhapTvVCN/FGsREIJP/lIYKWl/wz62YPCiZo1t3vsfMXMC96LkS8ttmffVjJ1ek5
-cKUyo9uBECQC5ixvlCRvoW1fT/Y+jJKpdxR2+Gi2R+9Qr8gqnoNsoRRormhhHvL0
-vfg4+Syr/IUmwXvzEkA4j4Sk9YG/OE4kDLFn8Sze6A17p6IZ4TGX7rMnQf3P0f6K
-AOa4vpROXOuWz9jJPppetaes+5Sb/g1wQ11v6OL/CJo8djjLC/OS2b2FiaaXSa04
-Xf5uDlZwl2H7hzGannbCLzUeW5Z5XQEywY1lm3qCoTsqmW/IWehxUXZSddS4cZxo
-PYrRt/OS9xLKZfhFXGpFgWVqzp+fyxjSmR91HnXJRATXIupUmnWWj/1H0QsCAwEA
-AQKCAgAn3928CQH+2A+uBXDJwlngYyHF/A4JoHzSITkAsaf3dayhzewHrMaPKP1v
-hVeswcv8becN66uaPs0jctR7LwJrAzevNpvo+XNx0+fxH7CVLhFiOrpX5XMdBv4+
-hIvKLtWZp1XJkHPFmGfFIePB9N91FgtwrSmrSrzFZLKzuDJ0qUQXc2+P76GWj4hI
-yvQfIDR1XDjLJaFfCJCsaQrvv5JpaYIanGXKlqoCpU3GyH3fpcEPyI3nrb4dfp3D
-yKJ4pBxuqWUHPQ2cN4NBnHAunnc2JrFO35HkZw7Nvpc6GwsedjwMzcPyW/ytHvqz
-PhXN/9iuPs0sacC4LzXlppxnIlVSOCoLUpyoe8zXxDJBLsU7d+zDnXZ/1guviHz+
-x4RsEKjlXcvsvnZGAy0pUzOEXIfmWOOSlA7iqkbPNud9nBS4YnOtiZIowLj6893k
-rN1GQ/jw7szBkNh5vjdZT7HAIhlBwyQI3hRJX/h0hdUPNiPW4/j9W94JWcRxk0tO
-vZq7mcTtJ8OFlsNyO12KgFIjT+Gwz7tmNrN+Of98pOt9jRN7hhxY8sQosmW1nePZ
-HuWR52CVShXX/N2d/09hwf48xjYBjF3Mjxc8ySIyERdcWqsWx3j5WaB8rEAAuMcF
-/gY5bb4Oc1MAUtX8aMidvKfVW0Owapj/ApgyOmGbO6YEQCKSIQKCAQEA6hbs2JoD
-8u9sCaabRKNxqnjzXzB7JrR1PKyOjp3Iiku29W1VQ/TMRUpO63LsE3lbv/3RIvi1
-wZN/dFhWC9wOY85iDUci5ZI0QcZA0OIQ/uetrE5/FBOmH9MVIQEXnGHSNPHUWMqk
-EBrykyt+7RMEb7Kldm0V57MesO1FA0y81+UCJP01KZM0D7Nq1Eb6GfNLENah3Fk2
-wHk6g36O1nMAEyjHvS+ht8C0rzNXIqCnkeAuxxAfJde9TYpuW7oCt1JEeh2VAmOO
-7QESq2x0OrPKLCUs00y5k0I9eqvAaQfCC6EcdiX7FyAfX5n5Vf5FbfbWhf9oheno
-CQ0uai4v1uqX2wKCAQEA0e91hlukBO2InB9j+54R3XA0buCr/eQFqJ4sAjgL9GCk
-n09tfytH/nLPw/g/l7snyVmGW3uZfmkOqnTP9Yfbx1dU0pPRN11qM9QG6YH+Odkv
-D+LpRnYRjj7QxQJQbGy+2IZN8cmtpJQziSmQMNZU/YoDpq7wYNVhwnP0Z3ZgUo3d
-GfRPbGw951dOAK0Z6S61+mXSQE9JhZBo49zOrmkgLa1fmLfJoukmz4MTZqoWFffq
-+1Q4vdYgRS8ToT2Rmba+7s4UAmVKyACEw8WEyjH3TXxd6tQy/smzcD0Vgg7Ghvg7
-Vs5ion9HcqDEcQ1YWvMDWPD/x4fyVgu4v2QW/k/KkQKCAQBPb04ZxlG2u1YfBEFG
-DmyA26BCWfJAVRY/a5LIhHRLsZu5NsurTsOOc8PKE+pWRWVEBj5Urq8GrCWg9mTk
-i1z6s0sElHIcEvvWog7WkxAPX9DIWq62wmAqBnfyBivb7jnlq3ZSVxlLOcm89RKS
-IlTsDmQlhqjbQiYVBb7Yes7OODD9GktS+1e8SDblJ9ywt6VuZlbwrfltYPXhLy4L
-SWTqG3mEEki/UQ4/MZ3M61VRpBBbjnXzYn0jdekzCTDowmroQWeSMvSKKkYKk7fx
-P5dIWakXXr7OYLj6CpQ1T+OiDJ7a3NKSq1zaFSbN7oXi5dMwD1aJsrEBeU6Zy2iC
-doLnAoIBAQCzC716J7JNmaCHNqZ5NKkb6NRvNCK72LuSwcPa6J4ZgEsmrAFBElLG
-inj0NEdYSwB102qpn1Kb41HkwteSGpqw+qSXLAalZ4BqT4zNnlaKU9a1f9tggtYa
-MSywuXaJ4n0qAfF8I3t7AAKsGsylOkcmLY1LnavZimNkCq0JiIZCIkfOGPWcDP0G
-zwjxvrB4laQSuMCGpJiZ1z3+CJYlXfdZvaHoh+bqkFrPZIUpbCqF9fls/Lmf/n1r
-Q+lD/VSuepOA7DVYjbcnuHmC1nSYVeELLuSSoQQVFUV6lj4/vAZJmnBRapfo6xCu
-jLq9iJowh031jyU2sZVXGYwpf12066xhAoIBADCtIvqwfy9pcqYs8PQMQTbDuz3G
-ZCe3E5SLJ00gk/PBVJihOYvdKgwoZAyWdWxOPDKzBJAaJBgpmpWKeX3k92HgLxyi
-50zKogbCc49mz2c6kRC13SviPAjO1XuM+FKo50AICenauu21/ZeMYuLt9gxnhEo5
-kkIYhD0irfTw5MMEKITAs71iB74Lxm9gv/+jOwsgoP23k562NHnIvPdbDzbR/ROD
-xb/3DsGbB4kmUXoLlWxradiZGczPddki+bMI4meMs8oH+XP14KyGqWC8LSuBDg8Y
-fADibXSIAHobiN+KhDtWz9Wnhtch9C8Q5+JDjixdspcn4lkMdMK532v/FBM=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/alg-3des-md5/description.txt b/testing/tests/ikev1/alg-3des-md5/description.txt
new file mode 100644
index 000000000..4c39d0b04
--- /dev/null
+++ b/testing/tests/ikev1/alg-3des-md5/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
+<b>3DES_CBC / HMAC_MD5_96</b> by defining <b>esp=3des-md5-modp1024!</b>
+in ipsec.conf. The same cipher suite is used for IKE.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-3des-md5/evaltest.dat b/testing/tests/ikev1/alg-3des-md5/evaltest.dat
new file mode 100644
index 000000000..a553ff168
--- /dev/null
+++ b/testing/tests/ikev1/alg-3des-md5/evaltest.dat
@@ -0,0 +1,15 @@
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon:: ipsec statusall 2> /dev/null::rw.*3DES_CBC/HMAC_MD5_96,::YES
+carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_MD5_96,::YES
+moon:: ip xfrm state::enc cbc(des3_ede)::YES
+carol::ip xfrm state::enc cbc(des3_ede)::YES
+moon:: ip xfrm state::auth hmac(md5)::YES
+carol::ip xfrm state::auth hmac(md5)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..ed407298e
--- /dev/null
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=3des-md5-modp1024!
+	esp=3des-md5-modp1024!
+
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/ipsec.conf
similarity index 79%
rename from testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/ipsec.conf
index 991ae4368..db426218c 100755
--- a/testing/tests/ikev1/after-2038-certs/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,12 +9,14 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	ike=3des-md5-modp1024!
+	esp=3des-md5-modp1024!
 
 conn rw
 	left=PH_IP_MOON
+	leftfirewall=yes
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
 	right=%any
 	auto=add
diff --git a/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/after-2038-certs/posttest.dat b/testing/tests/ikev1/alg-3des-md5/posttest.dat
similarity index 100%
rename from testing/tests/ikev1/after-2038-certs/posttest.dat
rename to testing/tests/ikev1/alg-3des-md5/posttest.dat
diff --git a/testing/tests/ikev1/after-2038-certs/pretest.dat b/testing/tests/ikev1/alg-3des-md5/pretest.dat
similarity index 90%
rename from testing/tests/ikev1/after-2038-certs/pretest.dat
rename to testing/tests/ikev1/alg-3des-md5/pretest.dat
index 4921d5097..f360351e1 100644
--- a/testing/tests/ikev1/after-2038-certs/pretest.dat
+++ b/testing/tests/ikev1/alg-3des-md5/pretest.dat
@@ -2,5 +2,5 @@ moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
 carol::ipsec start
-carol::sleep 1
+carol::sleep 1 
 carol::ipsec up home
diff --git a/testing/tests/ikev1/after-2038-certs/test.conf b/testing/tests/ikev1/alg-3des-md5/test.conf
similarity index 100%
rename from testing/tests/ikev1/after-2038-certs/test.conf
rename to testing/tests/ikev1/alg-3des-md5/test.conf
diff --git a/testing/tests/ikev1/alg-blowfish/description.txt b/testing/tests/ikev1/alg-blowfish/description.txt
index 7b14287f7..24b50b909 100644
--- a/testing/tests/ikev1/alg-blowfish/description.txt
+++ b/testing/tests/ikev1/alg-blowfish/description.txt
@@ -1,4 +1,6 @@
-Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the strong cipher suite
-<b>BLOWFISH_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and 
-<b>BLOWFISH_CBC_256 / HMAC_SHA2_512</b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>Blowfish</b> for both IKE and ESP
+encryption.  Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/alg-blowfish/evaltest.dat b/testing/tests/ikev1/alg-blowfish/evaltest.dat
index 4ea613d3d..3787bdb68 100644
--- a/testing/tests/ikev1/alg-blowfish/evaltest.dat
+++ b/testing/tests/ikev1/alg-blowfish/evaltest.dat
@@ -1,11 +1,17 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
-moon::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES
-moon::ipsec statusall::ESP proposal: BLOWFISH_CBC_256/HMAC_SHA2_512::YES
-carol::ip xfrm state::enc cbc(blowfish)::YES
-moon::ip xfrm state::enc cbc(blowfish)::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
+dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
+carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
+
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf
index 57394c27a..d277d79df 100755
--- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,14 +9,15 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	ike=blowfish256-sha2_512-modp4096!
-	esp=blowfish256-sha2_512!
+	ike=blowfish256-sha512-modp2048!
+	esp=blowfish192-sha384!
 
 conn home
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
+	leftfirewall=yes
 	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
index 4dbdc67b3..1f0fd41a8 100644
--- a/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
+charon {
   dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev1/mode-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/ipsec.conf
similarity index 76%
rename from testing/tests/ikev1/mode-config/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/alg-blowfish/hosts/dave/etc/ipsec.conf
index 726998e19..36ff6a5df 100755
--- a/testing/tests/ikev1/mode-config/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,18 +9,15 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	ike=blowfish128-sha256-modp1536!
+	esp=blowfish128-sha256!
 
 conn home
 	left=PH_IP_DAVE
-	leftsourceip=%modeconfig
 	leftcert=daveCert.pem
 	leftid=dave@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
 	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..1f0fd41a8
--- /dev/null
+++ b/testing/tests/ikev1/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf
index 427c5d180..ebac92bca 100755
--- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,14 +9,14 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	ike=blowfish256-sha2_512-modp4096!
-	esp=blowfish256-sha2_512!
+	ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
+	esp=blowfish192-sha384,blowfish128-sha256!
 
 conn rw
 	left=PH_IP_MOON
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
 	right=%any
-	rightid=carol@strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
index 4dbdc67b3..1f0fd41a8 100644
--- a/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des blowfish hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
+charon {
   dh_exponent_ansi_x9_42 = no
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev1/alg-blowfish/posttest.dat b/testing/tests/ikev1/alg-blowfish/posttest.dat
index c6d6235f9..7cebd7f25 100644
--- a/testing/tests/ikev1/alg-blowfish/posttest.dat
+++ b/testing/tests/ikev1/alg-blowfish/posttest.dat
@@ -1,2 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/alg-blowfish/pretest.dat b/testing/tests/ikev1/alg-blowfish/pretest.dat
index 5e1e80e1d..42e9d7c24 100644
--- a/testing/tests/ikev1/alg-blowfish/pretest.dat
+++ b/testing/tests/ikev1/alg-blowfish/pretest.dat
@@ -1,6 +1,9 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
-carol::sleep 2 
-carol::ipsec up home
+carol::ipsec start
+dave::ipsec start
 carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/alg-blowfish/test.conf b/testing/tests/ikev1/alg-blowfish/test.conf
index 6abbb89a9..70416826e 100644
--- a/testing/tests/ikev1/alg-blowfish/test.conf
+++ b/testing/tests/ikev1/alg-blowfish/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice moon carol winnetou"
+UMLHOSTS="alice moon carol winnetou dave"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-m-c-w-d.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,5 +18,4 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol"
-
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
index 0f71ba5f5..c07c176b5 100644
--- a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
+++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
@@ -1,11 +1,15 @@
-moon::cat /var/log/auth.log::MODP_2048_224.*refused due to strict flag::YES
-moon::ipsec statusall::IPsec SA established::YES
-carol::ipsec statusall::IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1/MODP_1024_160::YES
-dave::ipsec statusall::IPsec SA established::YES
-dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048_256::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
+dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
index 944524020..b83e94b57 100755
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
index a9de84e91..1b6ecbc85 100755
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
index 424f78bb4..c3c7d1863 100755
--- a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha256-96/description.txt b/testing/tests/ikev1/alg-sha256-96/description.txt
deleted file mode 100644
index c5ab23e51..000000000
--- a/testing/tests/ikev1/alg-sha256-96/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the ESP cipher suite
-<b>AES_CBC_128 / HMAC_SHA2_256_96</b> with 96 bit instead of the standard 128 bit
-truncation, allowing compatibility with Linux kernels older than 2.6.33
-by defining <b>esp=aes128-sha256_96!</b> in ipsec.conf.
-A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha256-96/evaltest.dat b/testing/tests/ikev1/alg-sha256-96/evaltest.dat
deleted file mode 100644
index 6e8715b1f..000000000
--- a/testing/tests/ikev1/alg-sha256-96/evaltest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
-moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
-carol::ip xfrm state::auth hmac(sha256)::YES
-moon::ip xfrm state::auth hmac(sha256)::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
-
diff --git a/testing/tests/ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 2d6f87b17..000000000
--- a/testing/tests/ikev1/alg-sha256-96/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes128-sha256-modp2048!
-	esp=aes128-sha256_96!
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index b2a686db0..000000000
--- a/testing/tests/ikev1/alg-sha256-96/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes128-sha256-modp2048!
-	esp=aes128-sha256_96!
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/alg-sha256/description.txt b/testing/tests/ikev1/alg-sha256/description.txt
index 628101921..826a8f10b 100644
--- a/testing/tests/ikev1/alg-sha256/description.txt
+++ b/testing/tests/ikev1/alg-sha256/description.txt
@@ -1,4 +1,4 @@
-Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the cipher suite
-<b>AES_CBC_128 / HMAC_SHA2_256 / MODP_2048</b> for the IKE protocol and 
-<b>AES_CBC_128 / HMAC_SHA2_256</b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CBC_128 / HMAC_SHA2_256_128</b> by defining <b>esp=aes128-sha256-modp2048!</b>
+in ipsec.conf. The same cipher suite is used for IKE.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha256/evaltest.dat b/testing/tests/ikev1/alg-sha256/evaltest.dat
index 00fcb8862..7b5640af8 100644
--- a/testing/tests/ikev1/alg-sha256/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha256/evaltest.dat
@@ -1,12 +1,13 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
-moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
-moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA2_256::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/HMAC_SHA2_256_128,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128,::YES
+moon:: ip xfrm state::auth hmac(sha256)::YES
 carol::ip xfrm state::auth hmac(sha256)::YES
-moon::ip xfrm state::auth hmac(sha256)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 200::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 200::YES
-
diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf
index 66476b83e..11245e89f 100755
--- a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,14 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	ike=aes128-sha256-modp2048!
-	esp=aes128-sha256!
+	esp=aes128-sha256-modp2048!
 
 conn home
 	left=PH_IP_CAROL
+	leftfirewall=yes
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
-	auto=add
+	auto=add 
diff --git a/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf
index 2b97ff4f3..95a2178fd 100755
--- a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,13 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	ike=aes128-sha256-modp2048!
-	esp=aes128-sha256!
+	esp=aes128-sha256-modp2048!
 
 conn rw
 	left=PH_IP_MOON
+	leftfirewall=yes
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
 	right=%any
-	rightid=carol@strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha256/posttest.dat b/testing/tests/ikev1/alg-sha256/posttest.dat
index c6d6235f9..94a400606 100644
--- a/testing/tests/ikev1/alg-sha256/posttest.dat
+++ b/testing/tests/ikev1/alg-sha256/posttest.dat
@@ -1,2 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/alg-sha256/pretest.dat b/testing/tests/ikev1/alg-sha256/pretest.dat
index 7d077c126..f360351e1 100644
--- a/testing/tests/ikev1/alg-sha256/pretest.dat
+++ b/testing/tests/ikev1/alg-sha256/pretest.dat
@@ -1,5 +1,6 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
-carol::sleep 2
+carol::ipsec start
+carol::sleep 1 
 carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-sha256/test.conf b/testing/tests/ikev1/alg-sha256/test.conf
index 6abbb89a9..9cd583b16 100644
--- a/testing/tests/ikev1/alg-sha256/test.conf
+++ b/testing/tests/ikev1/alg-sha256/test.conf
@@ -19,4 +19,3 @@ TCPDUMPHOSTS="moon"
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/alg-sha384/description.txt b/testing/tests/ikev1/alg-sha384/description.txt
index 251e2e6a2..2255fe8fb 100644
--- a/testing/tests/ikev1/alg-sha384/description.txt
+++ b/testing/tests/ikev1/alg-sha384/description.txt
@@ -1,4 +1,4 @@
-Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the cipher suite
-<b>AES_CBC_192 / HMAC_SHA2_384 / MODP_3072</b> for the IKE protocol and 
-<b>AES_CBC_192 / HMAC_SHA2_384</b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CBC_192 / HMAC_SHA2_384_192</b> by defining <b>esp=aes192-sha384-modp3072!</b>
+in ipsec.conf. The same cipher suite is used for IKE.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha384/evaltest.dat b/testing/tests/ikev1/alg-sha384/evaltest.dat
index 4da5ec5e7..21b3d5a4f 100644
--- a/testing/tests/ikev1/alg-sha384/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha384/evaltest.dat
@@ -1,12 +1,13 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_3072::YES
-moon::ipsec statusall::IKE proposal: AES_CBC_192/HMAC_SHA2_384/MODP_3072::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_384::YES
-moon::ipsec statusall::ESP proposal: AES_CBC_192/HMAC_SHA2_384::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES
+moon:: ip xfrm state::auth hmac(sha384)::YES
 carol::ip xfrm state::auth hmac(sha384)::YES
-moon::ip xfrm state::auth hmac(sha384)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES
-
diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf
index 42df1dccd..0de95a79c 100755
--- a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,14 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	ike=aes192-sha384-modp3072!
-	esp=aes192-sha384!
+	esp=aes192-sha384-modp3072!
 
 conn home
 	left=PH_IP_CAROL
+	leftfirewall=yes
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
-	auto=add
+	auto=add 
diff --git a/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf
index a75d370aa..c3dad3624 100755
--- a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,13 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	ike=aes192-sha384-modp3072!
-	esp=aes192-sha384!
+	esp=aes192-sha384-modp3072!
 
 conn rw
 	left=PH_IP_MOON
+	leftfirewall=yes
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
 	right=%any
-	rightid=carol@strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha384/posttest.dat b/testing/tests/ikev1/alg-sha384/posttest.dat
index c6d6235f9..94a400606 100644
--- a/testing/tests/ikev1/alg-sha384/posttest.dat
+++ b/testing/tests/ikev1/alg-sha384/posttest.dat
@@ -1,2 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/alg-sha384/pretest.dat b/testing/tests/ikev1/alg-sha384/pretest.dat
index 7d077c126..f360351e1 100644
--- a/testing/tests/ikev1/alg-sha384/pretest.dat
+++ b/testing/tests/ikev1/alg-sha384/pretest.dat
@@ -1,5 +1,6 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
-carol::sleep 2
+carol::ipsec start
+carol::sleep 1 
 carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-sha384/test.conf b/testing/tests/ikev1/alg-sha384/test.conf
index 6abbb89a9..9cd583b16 100644
--- a/testing/tests/ikev1/alg-sha384/test.conf
+++ b/testing/tests/ikev1/alg-sha384/test.conf
@@ -19,4 +19,3 @@ TCPDUMPHOSTS="moon"
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/alg-sha512/description.txt b/testing/tests/ikev1/alg-sha512/description.txt
index adfc548b8..bf79a3bff 100644
--- a/testing/tests/ikev1/alg-sha512/description.txt
+++ b/testing/tests/ikev1/alg-sha512/description.txt
@@ -1,4 +1,4 @@
-Roadwarrior <b>carol</b> proposes  to gateway <b>moon</b> the cipher suite
-<b>AES_CBC_256 / HMAC_SHA2_512 / MODP_4096</b> for the IKE protocol and 
-<b>AES_CBC_256 / HMAC_SHA2_512</b> for ESP packets. A ping from <b>carol</b> to
-<b>alice</b> successfully checks the established tunnel.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>AES_CBC_256 / HMAC_SHA2_512_256</b> by defining <b>esp=aes256-sha512-modp4096!</b>
+in ipsec.conf. The same cipher suite is used for IKE.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/alg-sha512/evaltest.dat b/testing/tests/ikev1/alg-sha512/evaltest.dat
index 7e928d30b..7b94d2182 100644
--- a/testing/tests/ikev1/alg-sha512/evaltest.dat
+++ b/testing/tests/ikev1/alg-sha512/evaltest.dat
@@ -1,12 +1,13 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_4096::YES
-moon::ipsec statusall::IKE proposal: AES_CBC_256/HMAC_SHA2_512/MODP_4096::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_512::YES
-moon::ipsec statusall::ESP proposal: AES_CBC_256/HMAC_SHA2_512::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES
+moon:: ip xfrm state::auth hmac(sha512)::YES
 carol::ip xfrm state::auth hmac(sha512)::YES
-moon::ip xfrm state::auth hmac(sha512)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES
-
diff --git a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf
index 329de395c..2b65d1bef 100755
--- a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,14 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	ike=aes256-sha512-modp4096!
-	esp=aes256-sha512!
+	esp=aes256-sha512-modp4096!
 
 conn home
 	left=PH_IP_CAROL
+	leftfirewall=yes
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
-	auto=add
+	auto=add 
diff --git a/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf
index 8da459a8a..8152a547c 100755
--- a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,13 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	ike=aes256-sha512-modp4096!
-	esp=aes256-sha512!
+	esp=aes256-sha512-modp4096!
 
 conn rw
 	left=PH_IP_MOON
+	leftfirewall=yes
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
 	right=%any
-	rightid=carol@strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha512/posttest.dat b/testing/tests/ikev1/alg-sha512/posttest.dat
index c6d6235f9..94a400606 100644
--- a/testing/tests/ikev1/alg-sha512/posttest.dat
+++ b/testing/tests/ikev1/alg-sha512/posttest.dat
@@ -1,2 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/alg-sha512/pretest.dat b/testing/tests/ikev1/alg-sha512/pretest.dat
index 7d077c126..f360351e1 100644
--- a/testing/tests/ikev1/alg-sha512/pretest.dat
+++ b/testing/tests/ikev1/alg-sha512/pretest.dat
@@ -1,5 +1,6 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
-carol::sleep 2
+carol::ipsec start
+carol::sleep 1 
 carol::ipsec up home
diff --git a/testing/tests/ikev1/alg-sha512/test.conf b/testing/tests/ikev1/alg-sha512/test.conf
index 6abbb89a9..9cd583b16 100644
--- a/testing/tests/ikev1/alg-sha512/test.conf
+++ b/testing/tests/ikev1/alg-sha512/test.conf
@@ -19,4 +19,3 @@ TCPDUMPHOSTS="moon"
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/attr-cert/description.txt b/testing/tests/ikev1/attr-cert/description.txt
deleted file mode 100644
index b7f809c36..000000000
--- a/testing/tests/ikev1/attr-cert/description.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
-<b>venus</b> by means of <b>X.509 Attribute Certificates</b>. Access to <b>alice</b>
-is granted to members of the group 'Research' whereas <b>venus</b> can only
-be reached by members of the groups 'Accounting' and 'Sales'. The roadwarriors
-<b>carol</b> and <b>dave</b> belong to the groups 'Research' and 'Accounting',
-respectively. Therefore <b>carol</b> can access <b>alice</b> and <b>dave</b>
-can reach <b>venus</b>.
\ No newline at end of file
diff --git a/testing/tests/ikev1/attr-cert/evaltest.dat b/testing/tests/ikev1/attr-cert/evaltest.dat
deleted file mode 100644
index c6c3c66c3..000000000
--- a/testing/tests/ikev1/attr-cert/evaltest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::alice.*peer with attributes .*Research.* is a member of the groups .*Research::YES
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::cat /var/log/auth.log::venus.*peer with attributes .*Research.* is not a member of the groups .*Accounting::YES
-moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::venus.*peer with attributes .*Accounting.* is a member of the groups .*Accounting::YES
-moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::cat /var/log/auth.log::alice.*peer with attributes .*Accounting.* is not a member of the groups .*Research::YES
-moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/attr-cert/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/attr-cert/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index a84b3a6b2..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
-conn venus
-	rightsubnet=PH_IP_VENUS/32
-	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 11cf4d5d1..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn alice
-	leftsubnet=PH_IP_ALICE/32
-	right=%any
-	rightgroups=Research
-	auto=add
-	
-conn venus
-	leftsubnet=PH_IP_VENUS/32
-	right=%any
-	rightgroups="Accounting, Sales"
-	auto=add
-	
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
deleted file mode 100644
index 61d1c34e2..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv
-cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS
-dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx
-p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn
-d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K
-SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm
-s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC
-AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO
-LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
-Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh
-QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry
-b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K
-atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3
-u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/
-aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL
-wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov
-G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5
-8mcNXcKmqcyP2Tlnvbo=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
deleted file mode 100644
index 250441ad0..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEArDQ1aDwWmStagi03N7ESJpJ0RIX5uXDb7bLnW9WZsOT1518l
-yOTME0gS9j/QZc4OZy2GMTGJM2CY24J1DBqkIfGnf0doP3TavOa9+UjjR1lOaUVy
-fQ+njXA1u+NVo6mft/oyi/rxiaygtCvjv45Tqyd3dzyvH4Fc7iDpjJEHTGnAHaR8
-7fgVmHsXA57ixUAm7kTu6srSGKPZbX5p1k0WDspI/aLuWV+ijFalL7pWLpmO4n91
-wbK9eleevQfbHnyxl5oHmfwDL6aE8NfvbFd/ASazt/O2SGqaaLHZNUQf3p1H32i4
-IQ0XUKbw4JtHWSSFZF4vo/S0JuKtvAVtnEq05QIDAQABAoIBAQCbfhUPhtp8+imi
-zANFFW2nSK0VxsgEi4T7MIU6Zjh+A3CLuF2c9gPUEUuV8W9SzeoxfmjieLFDpCDC
-bR0VjeTRBazR//+A9RoiYlP+CbO4FEr6QYwsovsPetf6TT9iJeMjtBb6UODTCP6f
-UdY3fOPN8zgrga87yorINw3MMJSfiI21zSzCkueOQloktBgih5Wueu8FDFUB2fVa
-uLTUa+wOhXUBPyF5OXLox5TxE6gBPkiUsnNXP8X/kHLPk2iBQmdxz+uwG/Pz6pS2
-JsmX2WzFJ0+Rj4cJpoa4Ev5uAx79kcXnQT3d5/HIwuh7ZEMKorb1m8w8lhAW4ARU
-ddjhLkWhAoGBAOCpDGfLwQHWVejOcjEwfWts0hHLdlNfZEgsLSex2k/U6Mk1TjCo
-tAHQOvmqxZDxypJEem3RPaWZh+gttTpHvGkS9fsvTpyARcDp0FXI40hwARPsnMbI
-0fDmpVfOOLZdQKMDg42TrZC/mipU68gFP/rYC7xalJs0pe0LL3ffsSC5AoGBAMQ5
-3V6nuucpL87I0fKg56z0/3lcRxI46KuIXhHSAjxNb76cQuxiK8s5TPCot3Unq6GQ
-R7Y+dYd1FVEh2i3Q7/Yh/BSeYiDcDf5aELCwY32O/OnSSoNTbgGR5FT+/SHJK5bg
-j/O5S7+dajqtC2JZJl8smOeB5c187bc4FU72+6eNAoGAZUiRSTI434Ur0ftQzBBa
-WtYClvctb0TwRwFzkhPCon8QO7YGfDVygebIz8pHq6L2ep7Yuy28Jy5icTA6Jf41
-WQGtWALp4/CIggJnZGVe4kdslPj1bUEYNQ0mucFFHCJKg7OP2YIcm8dlz3PdoJ2N
-TJ+eGtqTaK2BqK6ERfzZNDECgYBbVTOcYyWzgpAmB4LxE8PB1Sc0LadG7AYgERD3
-6m/v8XsZlVHxBKCtrrYJLf52IUjZonY+dUPvEKgjY0ZSHPYT8i2Ky02RTduVkAZE
-t1UXk/5UNvVHuwVw5Z8JkMXxe9k2GL/oCU8gmPxg4zpxRF1/3xosZ2G3C3b52LjS
-UFNB4QKBgDX2UmLgRHAXDsmksNZaMUSNk+xws0B1M/EDd9h7e79ilENkOPDLo5+E
-z22WPNrgzKEUz44FZZOsislfPE7ffgQcRTxtNWqoElwxuHLuy46jaReL7zJSDtpv
-wtn4YoOpH0DnC994nziTQif33FBF/2o8hWoq4vcXKNSMGTwGzi/a
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem
deleted file mode 100644
index 6c41df9c7..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
-d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem
deleted file mode 100644
index f212e19cf..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMzczOVoXDTE0MDgyNjEwMzczOVowWzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzARBgNVBAsTCkFjY291
-bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDAB/JTbwVY5oNF0+8Behdbc0NOeX+bl0SOcgpZ
-ha6nbMBQO41jtOI5r5Xbg9sK9l+DYOnZQZEsEhIVZDoK8yGI/FIEE+gWRf+OLmI8
-k2K+G1dklTC/VP2tZWMQYQWs6UnX3iiVpHccI3CQqqJWe9fZsIsq0J9j9hu6h9dG
-IEbon6RXDLPI5DIiIKc3r0jDHNDsIUDzcjuUdCxKFCMuHUCfa1PBiqpj5pP6XT0G
-gI6UjbgnNWPTPb2axE7P1x5gQmVwiFiYs+VTh2fq9O9xNxnn/YmzLk4/YNly7xYX
-Q31NuhSvRpH7jsJ1p4VSuunYqvccPUKsp5PvCtCeGvNT2qt1AgMBAAGjggEFMIIB
-ATAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU7n842u6huBpBd394
-8mdL6EOdjg4wbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
-ExJzdHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
-d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAyAbxrpMtTARw3
-jvBwuapaHXnTppz+TkWyfXVpgTwtPlf3rbhPk4DjhT2ygyMTI1azoqProf2aBbDr
-DldCSQPsZAcuzOdruKKMo2CQwgLuBFXL+JUX0hiIpFS1ZZHA2aDKyUw4OyADOvDU
-8r1/WiwRb91TdYP9nEu9qP30k0vkUg8DCbCmPI1/MVaxVzh9LRAFyOHrnKSCXG7o
-StmVFm2Yf3pE4HS1W6DtommyPs7aUD5XAaQdr3DYKI/TazoU6t5g2aEqigu+pj2M
-qk5idJkx5VCFvUU1hlChyX6NNNjJNnV6u5YiuatcdYQhpCTBsxnBoM+w0BvNOCl+
-1PdgEy1K
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/default.conf b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/default.conf
deleted file mode 100644
index 134218eec..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/default.conf
+++ /dev/null
@@ -1,4 +0,0 @@
---cert /etc/ipsec.d/aacerts/aaCert.pem
---key /etc/openac/aaKey.pem
---quiet
---hours 8
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 1a47aeb7d..000000000
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-openac {
-  load = sha1 sha2 md5 pem pkcs1 x509 gmp random x509
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/attr-cert/posttest.dat b/testing/tests/ikev1/attr-cert/posttest.dat
deleted file mode 100644
index a59c3ff63..000000000
--- a/testing/tests/ikev1/attr-cert/posttest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::rm /etc/openac/*
-moon::rm /etc/ipsec.d/aacerts/aaCert.pem
-moon::rm /etc/ipsec.d/acerts/*
diff --git a/testing/tests/ikev1/attr-cert/pretest.dat b/testing/tests/ikev1/attr-cert/pretest.dat
deleted file mode 100644
index 3c7fb5dc6..000000000
--- a/testing/tests/ikev1/attr-cert/pretest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::cat /etc/openac/default.conf
-moon::ipsec openac --optionsfrom default.conf --usercert /etc/openac/carolCert.pem --groups Research --out /etc/ipsec.d/acerts/carolAC.pem 2> /dev/null
-moon::ipsec openac --optionsfrom default.conf --usercert /etc/openac/daveCert.pem --groups Accounting --out /etc/ipsec.d/acerts/daveAC.pem 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up alice
-carol::ipsec up venus
-dave::ipsec up venus
-dave::ipsec up alice
diff --git a/testing/tests/ikev1/compress/description.txt b/testing/tests/ikev1/compress/description.txt
deleted file mode 100644
index 47829839d..000000000
--- a/testing/tests/ikev1/compress/description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-This scenario enables IPCOMP compression between roadwarrior <b>carol</b> and
-gateway <b>moon</b>. Two pings from <b>carol</b> to <b>alice</b> checks
-the established tunnel with compression.
diff --git a/testing/tests/ikev1/compress/evaltest.dat b/testing/tests/ikev1/compress/evaltest.dat
deleted file mode 100644
index ff72e1762..000000000
--- a/testing/tests/ikev1/compress/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::policy.*COMPRESS::YES
-carol::ipsec statusall::policy.*COMPRESS::YES
-moon::ipsec statusall::comp.::YES
-carol::ipsec statusall::comp.::YES
-carol::ping -n -c 2 -s 8184 -p deadbeef PH_IP_ALICE::8192 bytes from PH_IP_ALICE::YES
-moon::tcpdump::carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::moon.strongswan.org >  carol.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev1/compress/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/compress/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index f5050fef1..000000000
--- a/testing/tests/ikev1/compress/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	compress=yes
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/compress/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/compress/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index aaf13f5fc..000000000
--- a/testing/tests/ikev1/compress/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	compress=yes
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/compress/posttest.dat b/testing/tests/ikev1/compress/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/compress/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/compress/pretest.dat b/testing/tests/ikev1/compress/pretest.dat
deleted file mode 100644
index 7d077c126..000000000
--- a/testing/tests/ikev1/compress/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/compress/test.conf b/testing/tests/ikev1/compress/test.conf
deleted file mode 100644
index 6abbb89a9..000000000
--- a/testing/tests/ikev1/compress/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/mode-config/description.txt b/testing/tests/ikev1/config-payload/description.txt
similarity index 84%
rename from testing/tests/ikev1/mode-config/description.txt
rename to testing/tests/ikev1/config-payload/description.txt
index 3e67f83f1..ff6928e89 100644
--- a/testing/tests/ikev1/mode-config/description.txt
+++ b/testing/tests/ikev1/config-payload/description.txt
@@ -1,6 +1,6 @@
 The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
 Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
-by using the <b>leftsourceip=%modeconfig</b> parameter. <b>leftfirewall=yes</b> automatically
+by using the <b>leftsourceip=%config</b> parameter. <b>leftfirewall=yes</b> automatically
 inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the
 tunnels, <b>carol</b> and <b>dave</b> then ping the client <b>alice</b> behind the gateway
 <b>moon</b>. The source IP addresses of the two pings will be the virtual IPs <b>carol1</b>
diff --git a/testing/tests/ikev1/config-payload/evaltest.dat b/testing/tests/ikev1/config-payload/evaltest.dat
new file mode 100644
index 000000000..a429e9b32
--- /dev/null
+++ b/testing/tests/ikev1/config-payload/evaltest.dat
@@ -0,0 +1,26 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
+carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/config-payload/hosts/carol/etc/ipsec.conf
similarity index 82%
rename from testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/config-payload/hosts/carol/etc/ipsec.conf
index 0c770de9f..3f67cbc8a 100755
--- a/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/config-payload/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..0e4e57729
--- /dev/null
+++ b/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/config-payload/hosts/dave/etc/ipsec.conf
similarity index 82%
rename from testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/config-payload/hosts/dave/etc/ipsec.conf
index 163c19516..bf0f9ccae 100755
--- a/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/config-payload/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..0e4e57729
--- /dev/null
+++ b/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/config-payload/hosts/moon/etc/ipsec.conf
similarity index 80%
rename from testing/tests/ikev1/mode-config/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/config-payload/hosts/moon/etc/ipsec.conf
index 37278081e..ea6cd0d31 100755
--- a/testing/tests/ikev1/mode-config/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/config-payload/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,10 +9,8 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	rekey=no
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftfirewall=yes
diff --git a/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..002166a54
--- /dev/null
+++ b/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,8 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr
+
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_VENUS
+}
diff --git a/testing/tests/ikev1/xauth-id-psk/posttest.dat b/testing/tests/ikev1/config-payload/posttest.dat
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk/posttest.dat
rename to testing/tests/ikev1/config-payload/posttest.dat
diff --git a/testing/tests/ikev1/ip-pool/pretest.dat b/testing/tests/ikev1/config-payload/pretest.dat
similarity index 100%
rename from testing/tests/ikev1/ip-pool/pretest.dat
rename to testing/tests/ikev1/config-payload/pretest.dat
diff --git a/testing/tests/ikev1/dynamic-initiator/test.conf b/testing/tests/ikev1/config-payload/test.conf
similarity index 100%
rename from testing/tests/ikev1/dynamic-initiator/test.conf
rename to testing/tests/ikev1/config-payload/test.conf
diff --git a/testing/tests/ikev1/crl-from-cache/description.txt b/testing/tests/ikev1/crl-from-cache/description.txt
deleted file mode 100644
index 17866f572..000000000
--- a/testing/tests/ikev1/crl-from-cache/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
-both roadwarrior <b>carol</b> and gateway <b>moon</b>. When <b>carol</b> initiates
-an IPsec connection to <b>moon</b>, both VPN endpoints find a cached CRL in
-their <b>/etc/ipsec.d/crls/</b> directories which allows them to immediately verify
-the certificate received from their peer.
diff --git a/testing/tests/ikev1/crl-from-cache/evaltest.dat b/testing/tests/ikev1/crl-from-cache/evaltest.dat
deleted file mode 100644
index bdceddb79..000000000
--- a/testing/tests/ikev1/crl-from-cache/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-moon::cat /var/log/auth.log::loaded crl from::YES
-carol::cat /var/log/auth.log::loaded crl from::YES
-moon::cat /var/log/auth.log::X.509 certificate rejected::NO
-carol::cat /var/log/auth.log::X.509 certificate rejected::NO
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::written crl file::NO
-carol::cat /var/log/auth.log::written crl file::NO
-moon::ipsec listcrls:: ok::YES
-carol::ipsec listcrls:: ok::YES
diff --git a/testing/tests/ikev1/crl-from-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/crl-from-cache/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index bb1879b1d..000000000
--- a/testing/tests/ikev1/crl-from-cache/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	cachecrls=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-
-conn home
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/crl-from-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/crl-from-cache/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index ec0bc2e88..000000000
--- a/testing/tests/ikev1/crl-from-cache/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	cachecrls=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn net-net
-	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=add
-        
-conn host-host
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	auto=add
-
-conn rw
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/crl-from-cache/posttest.dat b/testing/tests/ikev1/crl-from-cache/posttest.dat
deleted file mode 100644
index be17847c1..000000000
--- a/testing/tests/ikev1/crl-from-cache/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::rm /etc/ipsec.d/crls/*
-carol::rm /etc/ipsec.d/crls/*
diff --git a/testing/tests/ikev1/crl-from-cache/pretest.dat b/testing/tests/ikev1/crl-from-cache/pretest.dat
deleted file mode 100644
index acdb265ed..000000000
--- a/testing/tests/ikev1/crl-from-cache/pretest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::wget -q http://crl.strongswan.org/strongswan.crl
-moon::mv strongswan.crl /etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl
-carol::wget -q http://crl.strongswan.org/strongswan.crl
-carol::mv strongswan.crl /etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/crl-from-cache/test.conf b/testing/tests/ikev1/crl-from-cache/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/crl-from-cache/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/crl-ldap/description.txt b/testing/tests/ikev1/crl-ldap/description.txt
deleted file mode 100644
index 02dc0cbbe..000000000
--- a/testing/tests/ikev1/crl-ldap/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
-both roadwarrior <b>carol</b> and gateway <b>moon</b>. Thus when <b>carol</b> initiates
-the connection and only an expired CRL cache file in <b>/etc/ipsec.d/crls</b> is
-available, the Main Mode negotiation fails. A http fetch for an updated CRL fails
-because the web server is currently not reachable. Thus the second Main Mode negotiation
-fails, too. Finally an ldap fetch to get the CRL from the LDAP server <b>winnetou</b>
-is triggered. When the third Main Mode trial comes around, the fetched CRL has become
-available and the IKE negotiation completes. The new CRL is again cached locally as a
-file in <b>/etc/ipsec.d/crls</b> due to the <b>cachecrls=yes</b> option.
diff --git a/testing/tests/ikev1/crl-ldap/evaltest.dat b/testing/tests/ikev1/crl-ldap/evaltest.dat
deleted file mode 100644
index 80a84e1ef..000000000
--- a/testing/tests/ikev1/crl-ldap/evaltest.dat
+++ /dev/null
@@ -1,16 +0,0 @@
-moon::cat /var/log/auth.log::loaded crl from::YES
-carol::cat /var/log/auth.log::loaded crl from::YES
-moon::cat /var/log/auth.log::crl is stale::YES
-carol::cat /var/log/auth.log::crl is stale::YES
-moon::cat /var/log/auth.log::X.509 certificate rejected::YES
-carol::cat /var/log/auth.log::X.509 certificate rejected::YES
-moon::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::fetching crl from .*ldap://ldap.strongswan.org::YES
-carol::cat /var/log/auth.log::fetching crl from .*ldap://ldap.strongswan.org::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::written crl file::YES
-carol::cat /var/log/auth.log::written crl file::YES
-moon::ipsec listcrls:: ok::YES
-carol::ipsec listcrls:: ok::YES
diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/init.d/iptables b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/init.d/iptables
deleted file mode 100755
index 571459bae..000000000
--- a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/init.d/iptables
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow ldap crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 389 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 389 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 5a7668c64..000000000
--- a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	cachecrls=yes
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
-	auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=2
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl
deleted file mode 100644
index 75e8b0959..000000000
Binary files a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl and /dev/null differ
diff --git a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/crl-ldap/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 8de514a2e..000000000
--- a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow ldap crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 389 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 389 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 1b80c0ddd..000000000
--- a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	cachecrls=yes
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
-	auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=2
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
-conn net-net
-	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=add
-        
-conn host-host
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	auto=add
-
-conn rw
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl
deleted file mode 100644
index 75e8b0959..000000000
Binary files a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl and /dev/null differ
diff --git a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/crl-ldap/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/crl-ldap/posttest.dat b/testing/tests/ikev1/crl-ldap/posttest.dat
deleted file mode 100644
index bddd87424..000000000
--- a/testing/tests/ikev1/crl-ldap/posttest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-winnetou::/etc/init.d/slapd stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-moon::rm /etc/ipsec.d/crls/*
-carol::rm /etc/ipsec.d/crls/*
diff --git a/testing/tests/ikev1/crl-ldap/pretest.dat b/testing/tests/ikev1/crl-ldap/pretest.dat
deleted file mode 100644
index 64fa8116b..000000000
--- a/testing/tests/ikev1/crl-ldap/pretest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-winnetou::/etc/init.d/slapd start
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
-carol::sleep 3 
diff --git a/testing/tests/ikev1/crl-ldap/test.conf b/testing/tests/ikev1/crl-ldap/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/crl-ldap/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/crl-revoked/description.txt b/testing/tests/ikev1/crl-revoked/description.txt
deleted file mode 100644
index 780068ce6..000000000
--- a/testing/tests/ikev1/crl-revoked/description.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
-both roadwarrior <b>carol</b> and gateway <b>moon</b>. Thus when <b>carol</b> initiates
-the connection and no current CRL is available, the Main Mode negotiation fails
-and a http fetch to get the CRL from the web server <b>winnetou</b> is triggered.
-When the second Main Mode trial comes around the fetched CRL will be available
-but because the certificate presented by carol has been revoked,
-the IKE negotatiation will fail.
diff --git a/testing/tests/ikev1/crl-revoked/evaltest.dat b/testing/tests/ikev1/crl-revoked/evaltest.dat
deleted file mode 100644
index 0fd1cae8c..000000000
--- a/testing/tests/ikev1/crl-revoked/evaltest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::cat /var/log/auth.log::X.509 certificate rejected::YES
-moon::cat /var/log/auth.log::certificate was revoked::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::ipsec listcrls:: ok::YES
-moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
-carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
diff --git a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 77f6cfcb0..000000000
--- a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolRevokedCert.pem
-	leftid=carol@strongswan.org
-
-conn home
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
deleted file mode 100644
index a92610c4f..000000000
--- a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr
-lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD
-e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG
-Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi
-+BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ
-TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh
-ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
-d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/
-jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl
-nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC
-6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a
-cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f
-q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z
-0xafBd5x
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
deleted file mode 100644
index 60e7fdfa9..000000000
--- a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB
-msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf
-AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B
-hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F
-dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9
-dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O
-fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH
-Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc
-M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI
-0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2
-oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH
-VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx
-ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm
-VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g
-I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0
-bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD
-yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2
-u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN
-dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12
-coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx
-VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f
-YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4
-lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6
-95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P
-b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/crl-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/crl-revoked/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 1c011dccb..000000000
--- a/testing/tests/ikev1/crl-revoked/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn net-net
-	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=add
-        
-conn host-host
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	auto=add
-
-conn rw
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/crl-revoked/posttest.dat b/testing/tests/ikev1/crl-revoked/posttest.dat
deleted file mode 100644
index d742e8410..000000000
--- a/testing/tests/ikev1/crl-revoked/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
diff --git a/testing/tests/ikev1/crl-revoked/pretest.dat b/testing/tests/ikev1/crl-revoked/pretest.dat
deleted file mode 100644
index d92333d86..000000000
--- a/testing/tests/ikev1/crl-revoked/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/crl-revoked/test.conf b/testing/tests/ikev1/crl-revoked/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/crl-revoked/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/crl-strict/description.txt b/testing/tests/ikev1/crl-strict/description.txt
deleted file mode 100644
index 97011482e..000000000
--- a/testing/tests/ikev1/crl-strict/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
-both roadwarrior <b>carol</b> and gateway <b>moon</b>. Thus when <b>carol</b> initiates
-the connection and no current CRL is available, the Main Mode negotiation fails
-but a http fetch to get the CRL from the web server <b>winnetou</b> is triggered.
-When the second Main Mode trial comes around, the fetched CRL will be available
-and the IKE negotiation completes.
diff --git a/testing/tests/ikev1/crl-strict/evaltest.dat b/testing/tests/ikev1/crl-strict/evaltest.dat
deleted file mode 100644
index 1d7adb05e..000000000
--- a/testing/tests/ikev1/crl-strict/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::cat /var/log/auth.log::X.509 certificate rejected::YES
-carol::cat /var/log/auth.log::X.509 certificate rejected::YES
-moon::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec listcrls:: ok::YES
-carol::ipsec listcrls:: ok::YES
diff --git a/testing/tests/ikev1/crl-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/crl-strict/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 1c011dccb..000000000
--- a/testing/tests/ikev1/crl-strict/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn net-net
-	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=add
-        
-conn host-host
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	auto=add
-
-conn rw
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/crl-strict/posttest.dat b/testing/tests/ikev1/crl-strict/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/crl-strict/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/crl-strict/pretest.dat b/testing/tests/ikev1/crl-strict/pretest.dat
deleted file mode 100644
index d92333d86..000000000
--- a/testing/tests/ikev1/crl-strict/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/crl-strict/test.conf b/testing/tests/ikev1/crl-strict/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/crl-strict/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/crl-to-cache/description.txt b/testing/tests/ikev1/crl-to-cache/description.txt
deleted file mode 100644
index 9f542e73d..000000000
--- a/testing/tests/ikev1/crl-to-cache/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-By setting <b>cachecrls=yes</b> in ipsec.conf, a copy of the CRL fetched
-via http from the web server <b>winnetou</b> is saved locally in the
-directory <b>/etc/ipsec.d/crls</b> on both the roadwarrior <b>carol</b>
-and the gateway <b>moon</b> when the IPsec connection is set up. The
-<b>subjectKeyIdentifier</b> of the issuing CA plus the suffix <b>.crl</b>
-is used as a unique filename for the cached CRL. 
diff --git a/testing/tests/ikev1/crl-to-cache/evaltest.dat b/testing/tests/ikev1/crl-to-cache/evaltest.dat
deleted file mode 100644
index be7737185..000000000
--- a/testing/tests/ikev1/crl-to-cache/evaltest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::written crl file.*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
-carol::cat /var/log/auth.log::written crl file.*/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl::YES
diff --git a/testing/tests/ikev1/crl-to-cache/posttest.dat b/testing/tests/ikev1/crl-to-cache/posttest.dat
deleted file mode 100644
index be17847c1..000000000
--- a/testing/tests/ikev1/crl-to-cache/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::rm /etc/ipsec.d/crls/*
-carol::rm /etc/ipsec.d/crls/*
diff --git a/testing/tests/ikev1/crl-to-cache/pretest.dat b/testing/tests/ikev1/crl-to-cache/pretest.dat
deleted file mode 100644
index d92333d86..000000000
--- a/testing/tests/ikev1/crl-to-cache/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/crl-to-cache/test.conf b/testing/tests/ikev1/crl-to-cache/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/crl-to-cache/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/default-keys/description.txt b/testing/tests/ikev1/default-keys/description.txt
deleted file mode 100644
index 639e909da..000000000
--- a/testing/tests/ikev1/default-keys/description.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Because of the missing <b>/etc/ipsec.secrets</b> file, roadwarrior <b>carol</b>
-and gateway <b>moon</b> each automatically generate a PKCS#1 RSA private key
-and a self-signed X.509 certificate. Because the UML testing environment does
-not offer enough entropy, the non-blocking /dev/urandom device is used in place
-of /dev/random for generating the random primes.
-<p>
-The self-signed certificates are then distributed to the peers via scp
-and are used to set up a road warrior connection initiated by <b>carol</b> 
diff --git a/testing/tests/ikev1/default-keys/evaltest.dat b/testing/tests/ikev1/default-keys/evaltest.dat
deleted file mode 100644
index a18e3997e..000000000
--- a/testing/tests/ikev1/default-keys/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-carol::cat /var/log/auth.log::scepclient::YES
-moon::cat /var/log/auth.log::scepclient::YES
-carol::cat /var/log/auth.log::we have a cert but are not sending it::YES
-moon::cat /var/log/auth.log::we have a cert but are not sending it::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/default-keys/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/default-keys/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 4d5bff62c..000000000
--- a/testing/tests/ikev1/default-keys/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=0
-	strictcrlpolicy=no
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=selfCert.der
-	leftsendcert=never
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightcert=peerCert.der
-	auto=add
diff --git a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index e589a9425..000000000
--- a/testing/tests/ikev1/default-keys/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-scepclient {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/default-keys/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/default-keys/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 13ad3063f..000000000
--- a/testing/tests/ikev1/default-keys/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A INPUT  -p tcp --sport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/default-keys/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/default-keys/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index dd7ae0b20..000000000
--- a/testing/tests/ikev1/default-keys/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=0
-	strictcrlpolicy=no
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn carol
-	left=PH_IP_MOON
-	leftcert=selfCert.der
-	leftsendcert=never
-	leftfirewall=yes
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightcert=peerCert.der
-	auto=add
-
diff --git a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index e589a9425..000000000
--- a/testing/tests/ikev1/default-keys/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-scepclient {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/default-keys/posttest.dat b/testing/tests/ikev1/default-keys/posttest.dat
deleted file mode 100644
index 8cada5e7e..000000000
--- a/testing/tests/ikev1/default-keys/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
-moon::rm /etc/ipsec.d/private/*
-moon::rm /etc/ipsec.d/certs/*
diff --git a/testing/tests/ikev1/default-keys/pretest.dat b/testing/tests/ikev1/default-keys/pretest.dat
deleted file mode 100644
index 88f9a2ca9..000000000
--- a/testing/tests/ikev1/default-keys/pretest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::rm /etc/ipsec.secrets
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
-carol::rm /etc/ipsec.d/cacerts/*
-carol::ipsec start
-moon::rm /etc/ipsec.secrets
-moon::rm /etc/ipsec.d/private/*
-moon::rm /etc/ipsec.d/certs/*
-moon::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-moon::sleep 5 
-moon::scp /etc/ipsec.d/certs/selfCert.der carol:/etc/ipsec.d/certs/peerCert.der
-moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/peerCert.der
-moon::ipsec reload 
-carol::ipsec reload 
-carol::ipsec up home
diff --git a/testing/tests/ikev1/default-keys/test.conf b/testing/tests/ikev1/default-keys/test.conf
deleted file mode 100644
index 0baa48d90..000000000
--- a/testing/tests/ikev1/default-keys/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/double-nat-net/evaltest.dat b/testing/tests/ikev1/double-nat-net/evaltest.dat
index d00613c07..05dc82d70 100644
--- a/testing/tests/ikev1/double-nat-net/evaltest.dat
+++ b/testing/tests/ikev1/double-nat-net/evaltest.dat
@@ -1,5 +1,7 @@
-alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-bob::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES
+bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES
 moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
 moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/ipsec.conf
index caad279bb..dbcdc5830 100755
--- a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/ipsec.conf
@@ -1,11 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/ipsec.conf b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/ipsec.conf
index 32d2ab0f6..acd8b514e 100755
--- a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/ipsec.conf
+++ b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/ipsec.conf
@@ -1,11 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -21,5 +17,5 @@ conn nat-t
 	leftid=bob@strongswan.org
 	leftfirewall=yes
 	right=%any
-	rightsubnetwithin=10.1.0.0/16
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/double-nat-net/pretest.dat b/testing/tests/ikev1/double-nat-net/pretest.dat
index 84bc15092..41b69aed6 100644
--- a/testing/tests/ikev1/double-nat-net/pretest.dat
+++ b/testing/tests/ikev1/double-nat-net/pretest.dat
@@ -12,4 +12,4 @@ alice::ipsec start
 bob::ipsec start
 alice::sleep 2
 alice::ipsec up nat-t
-
+alice::sleep 1
diff --git a/testing/tests/ikev1/double-nat/evaltest.dat b/testing/tests/ikev1/double-nat/evaltest.dat
index 05e751422..b080482f9 100644
--- a/testing/tests/ikev1/double-nat/evaltest.dat
+++ b/testing/tests/ikev1/double-nat/evaltest.dat
@@ -1,5 +1,7 @@
-alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-bob::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*bob@strongswan.org::YES
+bob::  ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*bob@strongswan.org.*alice@strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+bob::  ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
 moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev1/double-nat/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/double-nat/hosts/alice/etc/ipsec.conf
index 7de7a951e..b6ada3289 100755
--- a/testing/tests/ikev1/double-nat/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev1/double-nat/hosts/alice/etc/ipsec.conf
@@ -1,11 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/double-nat/hosts/bob/etc/ipsec.conf b/testing/tests/ikev1/double-nat/hosts/bob/etc/ipsec.conf
new file mode 100755
index 000000000..507550e6c
--- /dev/null
+++ b/testing/tests/ikev1/double-nat/hosts/bob/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn nat-t
+	left=%defaultroute
+	leftcert=bobCert.pem
+	leftid=bob@strongswan.org
+	leftfirewall=yes
+	right=%any
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/double-nat/pretest.dat b/testing/tests/ikev1/double-nat/pretest.dat
index cf495b778..10ba6d735 100644
--- a/testing/tests/ikev1/double-nat/pretest.dat
+++ b/testing/tests/ikev1/double-nat/pretest.dat
@@ -10,4 +10,4 @@ alice::ipsec start
 bob::ipsec start
 alice::sleep 2
 alice::ipsec up nat-t
-
+alice::sleep 1
diff --git a/testing/tests/ikev1/dpd-clear/description.txt b/testing/tests/ikev1/dpd-clear/description.txt
index f76b2d741..7f62dc576 100644
--- a/testing/tests/ikev1/dpd-clear/description.txt
+++ b/testing/tests/ikev1/dpd-clear/description.txt
@@ -1,5 +1,5 @@
 The roadwarrior <b>carol</b> sets up an IPsec tunnel connection to the gateway <b>moon</b>
 which in turn activates <b>Dead Peer Detection</b> (DPD) with a polling interval of 10 s.
 When the network connectivity between <b>carol</b> and <b>moon</b> is forcefully disrupted,
-<b>moon</b> clears the connection after the configured timeout of 30 s.
+<b>moon</b> clears the connection after 4 unsuccessful retransmits.
 
diff --git a/testing/tests/ikev1/dpd-clear/evaltest.dat b/testing/tests/ikev1/dpd-clear/evaltest.dat
index 98d5b146b..f6f18212c 100644
--- a/testing/tests/ikev1/dpd-clear/evaltest.dat
+++ b/testing/tests/ikev1/dpd-clear/evaltest.dat
@@ -1,7 +1,7 @@
-carol::ipsec status::STATE_MAIN_I4 (ISAKMP SA established)::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::sleep 50::no output expected::NO
-moon::cat /var/log/auth.log::inserting event EVENT_DPD::YES
-moon::cat /var/log/auth.log::DPD: No response from peer - declaring peer dead::YES
-moon::cat /var/log/auth.log::DPD: Terminating all SAs using this connection::YES
-moon::cat /var/log/auth.log::DPD: Clearing connection::YES
+moon:: sleep 60::no output expected::NO
+moon:: cat /var/log/daemon.log::sending DPD request::YES
+moon::cat /var/log/daemon.log::DPD check timed out, enforcing DPD action::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED::NO
diff --git a/testing/tests/ikev1/crl-to-cache/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/ipsec.conf
similarity index 81%
rename from testing/tests/ikev1/crl-to-cache/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/dpd-clear/hosts/carol/etc/ipsec.conf
index 3fbad9070..869054113 100755
--- a/testing/tests/ikev1/crl-to-cache/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/ipsec.conf
@@ -1,23 +1,21 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	cachecrls=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
+
+conn home
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
-
-conn home
+	leftfirewall=yes
 	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	keyexchange=ikev1
 	auto=add
diff --git a/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf
index 34490a13a..c6d58c824 100755
--- a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -14,7 +11,7 @@ conn %default
 	keyexchange=ikev1
 	dpdaction=clear
 	dpddelay=10
-	dpdtimeout=30
+	dpdtimeout=45
 
 conn rw
 	left=PH_IP_MOON
@@ -24,6 +21,3 @@ conn rw
 	right=%any
 	rightid=carol@strongswan.org
 	auto=add
-
-
-
diff --git a/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/dpd-restart/description.txt b/testing/tests/ikev1/dpd-restart/description.txt
index 0a309cf52..410d3d636 100644
--- a/testing/tests/ikev1/dpd-restart/description.txt
+++ b/testing/tests/ikev1/dpd-restart/description.txt
@@ -1,13 +1,7 @@
-The peer <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that the remote end
-is defined symbolically by <b>right=%&lt;hostname&gt;</b>. The ipsec starter resolves the
-fully-qualified hostname into the current IP address via a DNS lookup (simulated by an
-/etc/hosts entry). Since the peer IP addresses are expected to change over time, the option
-<b>rightallowany=yes</b> will allow an IKE main mode rekeying to arrive from an arbitrary
-IP address under the condition that the peer identity remains unchanged. When this happens
-the old tunnel is replaced by an IPsec connection to the new origin.
-<p>
-In this scenario <b>moon</b> first initiates a tunnel to <b>carol</b>. After some time
-the responder <b>carol</b> disconnects (simulated by iptables blocking IKE and ESP traffic).
-<b>moon</b> detects via Dead Peer Detection (DPD) that the connection is down and tries to
-reconnect. After a few seconds the firewall is opened again and the connection is 
-reestablished.
+The roadwarrior <b>carol</b> sets up an IPsec tunnel connection to the gateway
+<b>moon</b>. Both end points activate <b>Dead Peer Detection</b> (DPD) with a
+polling interval of 10 s. When the network connectivity between <b>carol</b>
+and <b>moon</b> is forcefully disrupted for a duration of 100 s, <b>moon</b>
+clears the connection after 4 unsuccessful retransmits whereas <b>carol</b>
+also takes down the connection but immediately tries to reconnect which succeeds
+as soon as the connection becomes available again.
diff --git a/testing/tests/ikev1/dpd-restart/evaltest.dat b/testing/tests/ikev1/dpd-restart/evaltest.dat
index 8bc2e8688..6a749b826 100644
--- a/testing/tests/ikev1/dpd-restart/evaltest.dat
+++ b/testing/tests/ikev1/dpd-restart/evaltest.dat
@@ -1,10 +1,13 @@
-moon::ipsec status::STATE_MAIN_I4 (ISAKMP SA established)::YES
-carol::iptables -I INPUT 1 -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-carol::sleep 35::no output expected::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+moon:: iptables -A INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+carol::iptables -A INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
+carol::sleep 60::no output expected::NO
+carol::cat /var/log/daemon.log::sending DPD request::YES
+carol::cat /var/log/daemon.log::DPD check timed out, enforcing DPD action::YES
+carol::cat /var/log/daemon.log::restarting CHILD_SA home::YES
 carol::iptables -D INPUT -i eth0 -s PH_IP_MOON -j DROP::no output expected::NO
-moon::cat /var/log/auth.log::inserting event EVENT_DPD::YES
-moon::cat /var/log/auth.log::DPD: No response from peer - declaring peer dead::YES
-moon::cat /var/log/auth.log::DPD: Terminating all SAs using this connection::YES
-moon::cat /var/log/auth.log::DPD: Restarting connection::YES
-moon::sleep 10::no output expected::NO
-moon::ipsec status::STATE_MAIN_I4 (ISAKMP SA established)::YES
+moon:: iptables -D INPUT -i eth0 -s PH_IP_CAROL -j DROP::no output expected::NO
+carol::sleep 10::no output expected::NO
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/ipsec.conf
index 3c0b0bf15..b4ccb8145 100755
--- a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,15 +9,16 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	dpdaction=restart
+        dpddelay=10
+	dpdtimeout=45
 
-conn moon 
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsourceip=PH_IP_CAROL1
+conn home
+	left=PH_IP_CAROL
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	leftfirewall=yes
-	right=%moon.strongswan.org
-	rightsubnet=10.1.0.0/16
+	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/ipsec.conf
index 9f1aded0f..a13222ae6 100755
--- a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,19 +9,14 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-        dpdaction=restart
-        dpddelay=5
-        dpdtimeout=25
-
-conn carol
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
+	dpdaction=clear
+	dpddelay=10
+	dpdtimeout=45
+conn rw
+	left=PH_IP_MOON
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=%carol.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
 	rightid=carol@strongswan.org
-	rightsubnet=PH_IP_CAROL1/32
-	auto=start
+	auto=add
diff --git a/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/dpd-restart/posttest.dat b/testing/tests/ikev1/dpd-restart/posttest.dat
index e092608cb..c6d6235f9 100644
--- a/testing/tests/ikev1/dpd-restart/posttest.dat
+++ b/testing/tests/ikev1/dpd-restart/posttest.dat
@@ -1,5 +1,2 @@
-carol::ipsec stop
 moon::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
+carol::ipsec stop
diff --git a/testing/tests/ikev1/dpd-restart/pretest.dat b/testing/tests/ikev1/dpd-restart/pretest.dat
index caf89d6c6..14ed95322 100644
--- a/testing/tests/ikev1/dpd-restart/pretest.dat
+++ b/testing/tests/ikev1/dpd-restart/pretest.dat
@@ -1,5 +1,4 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
 moon::ipsec start
-moon::sleep 4
+carol::ipsec start
+carol::sleep 2 
+carol::ipsec up home
diff --git a/testing/tests/ikev1/dpd-restart/test.conf b/testing/tests/ikev1/dpd-restart/test.conf
index 4d648102b..2b240d895 100644
--- a/testing/tests/ikev1/dpd-restart/test.conf
+++ b/testing/tests/ikev1/dpd-restart/test.conf
@@ -5,15 +5,15 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice moon carol winnetou dave"
+UMLHOSTS="moon carol winnetou"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-m-c-w-d.png"
+DIAGRAM="m-c-w.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS="moon alice"
+TCPDUMPHOSTS=""
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
diff --git a/testing/tests/ikev1/dynamic-initiator/description.txt b/testing/tests/ikev1/dynamic-initiator/description.txt
deleted file mode 100644
index 319ed631d..000000000
--- a/testing/tests/ikev1/dynamic-initiator/description.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that the remote end
-is defined symbolically by <b>right=&lt;hostname&gt;</b>. The ipsec starter resolves the
-fully-qualified hostname into the current IP address via a DNS lookup (simulated by an
-/etc/hosts entry). Since the peer IP addresses are expected to change over time, the option
-<b>rightallowany=yes</b> will allow an IKE main mode rekeying to arrive from an arbitrary
-IP address under the condition that the peer identity remains unchanged. When this happens
-the old tunnel is replaced by an IPsec connection to the new origin.
-<p>
-In this scenario <b>carol</b> first initiates a tunnel to <b>moon</b>. After some time <b>carol</b>
-suddenly changes her IP address and restarts the connection to <b>moon</b> without deleting the
-old tunnel first (simulated by iptables blocking IKE packets to and from
-<b>carol</b> and starting the connection from host <b>dave</b> using <b>carol</b>'s identity). 
diff --git a/testing/tests/ikev1/dynamic-initiator/evaltest.dat b/testing/tests/ikev1/dynamic-initiator/evaltest.dat
deleted file mode 100644
index 3105ae38c..000000000
--- a/testing/tests/ikev1/dynamic-initiator/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-carol::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::PH_IP_CAROL.*IPsec SA established::YES
-moon::cat /var/log/auth.log::PH_IP_DAVE.*deleting connection.*with peer PH_IP_CAROL::YES 
-moon::cat /var/log/auth.log::PH_IP_DAVE.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index acf503f8e..000000000
--- a/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn moon 
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsourceip=PH_IP_CAROL1
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=moon.strongswan.org
-	rightallowany=yes
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index acf503f8e..000000000
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn moon 
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsourceip=PH_IP_CAROL1
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=moon.strongswan.org
-	rightallowany=yes
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 6c41df9c7..000000000
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
-d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index 41a139954..000000000
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429
-
-mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq
-i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH
-jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx
-m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce
-pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq
-J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf
-dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB
-h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC
-/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY
-EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV
-pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe
-sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz
-kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk
-gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja
-OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53
-D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM
-bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo
-BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx
-7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB
-UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs
-H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB
-y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA
-zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty
-AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6
-nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index ee28eebf3..000000000
--- a/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
-conn carol
-	right=carol.strongswan.org
-	rightallowany=yes
-	rightid=carol@strongswan.org
-	rightsubnet=PH_IP_CAROL1/32
-	auto=add
diff --git a/testing/tests/ikev1/dynamic-initiator/posttest.dat b/testing/tests/ikev1/dynamic-initiator/posttest.dat
deleted file mode 100644
index c30a35edd..000000000
--- a/testing/tests/ikev1/dynamic-initiator/posttest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-dave::ipsec stop
-carol::ipsec stop
-dave::sleep 1
-moon::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::rm /etc/ipsec.d/certs/*
-dave::rm /etc/ipsec.d/private/*
diff --git a/testing/tests/ikev1/dynamic-initiator/pretest.dat b/testing/tests/ikev1/dynamic-initiator/pretest.dat
deleted file mode 100644
index 92681011f..000000000
--- a/testing/tests/ikev1/dynamic-initiator/pretest.dat
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up moon
-carol::sleep 1
-carol::iptables -D INPUT  -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-dave::ipsec up moon
-dave::sleep 2 
diff --git a/testing/tests/ikev1/dynamic-responder/description.txt b/testing/tests/ikev1/dynamic-responder/description.txt
deleted file mode 100644
index 76471a973..000000000
--- a/testing/tests/ikev1/dynamic-responder/description.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that the remote end
-is defined symbolically by <b>right=&lt;hostname&gt;</b>. The ipsec starter resolves the
-fully-qualified hostname into the current IP address via a DNS lookup (simulated by an
-/etc/hosts entry). Since the peer IP addresses are expected to change over time, the option
-<b>rightallowany=yes</b> will allow an IKE main mode rekeying to arrive from an arbitrary
-IP address under the condition that the peer identity remains unchanged. When this happens
-the old tunnel is replaced by an IPsec connection to the new origin.
-<p>
-In this scenario <b>moon</b> first initiates a tunnel to <b>carol</b>. After some time
-the responder <b>carol</b> suddenly changes her IP address and restarts the connection to
-<b>moon</b> without deleting the old tunnel first (simulated by iptables blocking IKE packets
-to and from <b>carol</b> and starting the connection from host <b>dave</b> using
-<b>carol</b>'s identity). 
diff --git a/testing/tests/ikev1/dynamic-responder/evaltest.dat b/testing/tests/ikev1/dynamic-responder/evaltest.dat
deleted file mode 100644
index 391afaa42..000000000
--- a/testing/tests/ikev1/dynamic-responder/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-carol::ipsec status::moon.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::PH_IP_CAROL.*IPsec SA established::YES
-moon::cat /var/log/auth.log::PH_IP_DAVE.*deleting connection.*with peer PH_IP_CAROL::YES 
-moon::cat /var/log/auth.log::PH_IP_DAVE.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index acf503f8e..000000000
--- a/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn moon 
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsourceip=PH_IP_CAROL1
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=moon.strongswan.org
-	rightallowany=yes
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index acf503f8e..000000000
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn moon 
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsourceip=PH_IP_CAROL1
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=moon.strongswan.org
-	rightallowany=yes
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 6c41df9c7..000000000
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx
-6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ
-Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V
-Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G
-I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov
-x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5
-tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
-d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul
-GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7
-ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr
-F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ
-L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK
-ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k
-Rf5Z0GOR
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index 41a139954..000000000
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,01290773006220E4E96C2975C52D2429
-
-mSt4HT52dsYkDwk6DVYm+Uij1PnFAnYzJD7Jx6EJIA9HuWKfyHPSjtqEcCwZoKHq
-i18EuCZHkdMBc8+lY0iEpNwbs3UbCP73lGn+IIjlOrS0xi4PP9iV1jxg/k+WF4rH
-jhIUhi3wc1cAaFLLj8bBvnx6t4mF3nTZZ119wSsa5ewy5RZGWcdN8NKtyNgFYTFx
-m5ACRErFuq8aFmcKVgwzLZH+e9fd7xKHS7XoP9vla7+iKkW5bzfkGP5E8irbOqce
-pyUE81FrD8irD0uK4mnrMRDDGrD02mYNSMGyhT5o1RDQJbaRupih9nU+SaTR2Kxq
-J/ScYak4EwmCIXixwuhwokDPTB1EuyQ1h5ywarkgt1TCZKoI2odqoILB2Dbrsmdf
-dKLqI8Q/kR4h5meCc0e3401VXIaOJWk5GMbxz+6641uWnTdLKedzC5gWCI7QIDFB
-h5n5m3tsSe6LRksqJpgPL/+vV/r+OrNEi4KGK9NxETZxeb/7gBSVFWbDXH5AO+wC
-/RlPYHaoDt+peRm3LUDBGQBPtvZUDiDHlW4v8wtgCEZXAPZPdaFRUSDYMYdbbebY
-EsxWa6G00Gau08EOPSgFIReGuACRkP4diiSE4ZTiC9HD2cuUN/D01ck+SD6UgdHV
-pyf6tHej/AdVG3HD5dRCmCCyfucW0gS7R+/+C4DzVHwZKAXJRSxmXLOHT0Gk8Woe
-sM8gbHOoV8OfLAfZDwibvnDq7rc82q5sSiGOKH7Fg5LYIjRB0UazCToxGVtxfWMz
-kPrzZiQT45QDa3gQdkHzF21s+fNpx/cZ1V1Mv+1E3KAX9XsAm/sNl0NAZ6G0AbFk
-gHIWoseiKxouTCDGNe/gC40r9XNhZdFCEzzJ9A77eScu0aTa5FHrC2w9YO2wHcja
-OT2AyZrVqOWB1/hIwAqk8ApXA3FwJbnQE0FxyLcYiTvCNM+XYIPLstD09axLFb53
-D4DXEncmvW4+axDg8G3s84olPGLgJL3E8pTFPYWHKsJgqsloAc/GD2Qx0PCinySM
-bVQckgzpVL3SvxeRRfx8SHl9F9z+GS4gZtM/gT9cDgcVOpVQpOcln5AR/mF/aoyo
-BW96LSmEk5l4yeBBba63Qcz1HRr2NSvXJuqdjw6qTZNBWtjmSxHywKZYRlSqzNZx
-7B6DGHTIOfGNhcy2wsd4cuftVYByGxfFjw7bHIDa4/ySdDykL7J+REfg8QidlCJB
-UN/2VjaNipQo38RczWLUfloMkMMrWYpXOm9koes+Vldm7Bco+eCONIS50DJDOhZs
-H037A+UMElXmtCrHPJGxQf8k1Qirn6BWOuRmXg8sXqeblIrPlZU+DghYXzA/nRxB
-y+nUx+Ipbj022uJNVtFwhP70TIqYm/O6Ol/zRbo6yRsR6uEnnb4wRi5IxHnM/iGA
-zWPzLRDSeVPkhu2pZ7JygabCiXbbgFTN1enJvLWvIAcB0LS8wQz0yKQ7oj32T0Ty
-AD3c/qS8kmsrZDe3H+lEfMCcJRnHUrR/SBChSdx7LF9mnLlWuJLLHmrz87x7Z2o6
-nuRU15U5aQTniVikvFWchnwGy+23lgv5He9X99jxEu/U1pA4egejfMs3g070AY3J
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index ee28eebf3..000000000
--- a/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
-conn carol
-	right=carol.strongswan.org
-	rightallowany=yes
-	rightid=carol@strongswan.org
-	rightsubnet=PH_IP_CAROL1/32
-	auto=add
diff --git a/testing/tests/ikev1/dynamic-responder/posttest.dat b/testing/tests/ikev1/dynamic-responder/posttest.dat
deleted file mode 100644
index c30a35edd..000000000
--- a/testing/tests/ikev1/dynamic-responder/posttest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-dave::ipsec stop
-carol::ipsec stop
-dave::sleep 1
-moon::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::rm /etc/ipsec.d/certs/*
-dave::rm /etc/ipsec.d/private/*
diff --git a/testing/tests/ikev1/dynamic-responder/pretest.dat b/testing/tests/ikev1/dynamic-responder/pretest.dat
deleted file mode 100644
index c0f166ff4..000000000
--- a/testing/tests/ikev1/dynamic-responder/pretest.dat
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-moon::sleep 2
-moon::ipsec up carol
-moon::sleep 1
-carol::iptables -D INPUT  -i eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-carol::iptables -D OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-dave::ipsec up moon
-dave::sleep 2 
diff --git a/testing/tests/ikev1/dynamic-responder/test.conf b/testing/tests/ikev1/dynamic-responder/test.conf
deleted file mode 100644
index 1a8f2a4e0..000000000
--- a/testing/tests/ikev1/dynamic-responder/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/dynamic-two-peers/description.txt b/testing/tests/ikev1/dynamic-two-peers/description.txt
deleted file mode 100644
index 56a1c0754..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/description.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-The peers <b>carol</b>, <b>dave</b>, and <b>moon</b> all have dynamic IP addresses,
-so that the remote end is defined symbolically by <b>right=%&lt;hostname&gt;</b>.
-The ipsec starter resolves the fully-qualified hostname into the current IP address
-via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are
-expected to change over time, the prefix '%' is used as an implicit alternative to the
-explicit <b>rightallowany=yes</b> option which will allow an IKE
-main mode rekeying to arrive from an arbitrary IP address under the condition that
-the peer identity remains unchanged. When this happens the old tunnel is replaced
-by an IPsec connection to the new origin.
-<p>
-In this scenario both <b>carol</b> and <b>dave</b> initiate a tunnel to
-<b>moon</b> which has a named connection definition for each peer. Although
-the IP addresses of both <b>carol</b> and <b>dave</b> are stale, thanks to
-the '%' prefix <b>moon</b> will accept the IKE negotiations from the actual IP addresses.
-
diff --git a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat b/testing/tests/ikev1/dynamic-two-peers/evaltest.dat
deleted file mode 100644
index f46a6a20b..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec status::moon.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::dave.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 0f37e6188..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn moon 
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsourceip=PH_IP_CAROL1
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=%moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index ec35eac9a..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn moon
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsourceip=PH_IP_DAVE1
-	leftcert=daveCert.pem
-	leftid=dave@strongswan.org
-	leftfirewall=yes
-	right=%moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/hosts.stale b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/hosts.stale
deleted file mode 100644
index ebff4ec25..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/hosts.stale
+++ /dev/null
@@ -1,67 +0,0 @@
-# /etc/hosts:  This file describes a number of hostname-to-address
-#              mappings for the TCP/IP subsystem.  It is mostly
-#              used at boot time, when no name servers are running.
-#              On small systems, this file can be used instead of a
-#              "named" name server.  Just add the names, addresses
-#              and any aliases to this file...
-#
-
-127.0.0.1	localhost
-
-192.168.0.254	uml0.strongswan.org	uml0
-10.1.0.254	uml1.strongswan.org	uml1
-10.2.0.254	uml1.strongswan.org	uml2
-
-10.1.0.10	alice.strongswan.org	alice
-10.1.0.20	venus.strongswan.org	venus
-10.1.0.1	moon1.strongswan.org	moon1
-192.168.0.1	moon.strongswan.org	moon
-192.168.0.110	carol.strongswan.org	carol
-10.3.0.1	carol1.strongswan.org	carol1
-192.168.0.150	winnetou.strongswan.org	winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
-192.168.0.220	dave.strongswan.org	dave
-10.3.0.2	dave1.strongswan.org	dave1
-192.168.0.2	sun.strongswan.org	sun
-10.2.0.1	sun1.strongswan.org	sun1
-10.2.0.10	bob.strongswan.org	bob
-
-# IPv6 versions of localhost and co
-::1 ip6-localhost ip6-loopback
-fe00::0 ip6-localnet
-ff00::0 ip6-mcastprefix
-ff02::1 ip6-allnodes
-ff02::2 ip6-allrouters
-ff02::3 ip6-allhosts
-
-# IPv6 solicited-node multicast addresses
-ff02::1:ff00:1	ip6-mcast-1
-ff02::1:ff00:2	ip6-mcast-2
-ff02::1:ff00:10	ip6-mcast-10
-ff02::1:ff00:15	ip6-mcast-15
-ff02::1:ff00:20	ip6-mcast-20
-
-# IPv6 site-local addresses
-fec1::10	ip6-alice.strongswan.org    ip6-alice
-fec1::20	ip6-venus.strongswan.org    ip6-venus
-fec1::1 	ip6-moon1.strongswan.org    ip6-moon1
-fec0::1 	ip6-moon.strongswan.org     ip6-moon
-fec0::10	ip6-carol.strongswan.org    ip6-carol
-fec3::1 	ip6-carol1.strongswan.org   ip6-carol1
-fec0::15	ip6-winnetou.strongswan.org ip6-winnetou 
-fec0::20	ip6-dave.strongswan.org     ip6-dave
-fec3::2 	ip6-dave1.strongswan.org    ip6-dave1
-fec0::2 	ip6-sun.strongswan.org      ip6-sun
-fec2::1 	ip6-sun1.strongswan.org     ip6-sun1
-fec2::10	ip6-bob.strongswan.org      ip6-bob
-
-# IPv6 link-local HW derived addresses
-fe80::fcfd:0aff:fe01:14	ip6-hw-venus.strongswan.org    ip6-hw-venus
-fe80::fcfd:0aff:fe01:0a	ip6-hw-alice.strongswan.org    ip6-hw-alice
-fe80::fcfd:0aff:fe01:01	ip6-hw-moon1.strongswan.org    ip6-hw-moon1
-fe80::fcfd:c0ff:fea8:01 ip6-hw-moon.strongswan.org     ip6-hw-moon
-fe80::fcfd:c0ff:fea8:64	ip6-hw-carol.strongswan.org    ip6-hw-carol
-fe80::fcfd:c0ff:fea8:96 ip6-hw-winnetou.strongswan.org ip6-hw-winnetou
-fe80::fcfd:c0ff:fea8:c8	ip6-hw-dave.strongswan.org     ip6-hw-dave
-fe80::fcfd:c0ff:fea8:02	ip6-hw-sun.strongswan.org      ip6-hw-sun
-fe80::fcfd:0aff:fe02:01	ip6-hw-sun1.strongswan.org     ip6-hw-sun1
-fe80::fcfd:0aff:fe02:0a ip6-hw-bob.strongswan.org      ip6-hw-bob
diff --git a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 21848bc1c..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=%defaultroute
-	leftnexthop=%direct
-	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
-conn carol
-	right=%carol.strongswan.org
-	rightid=carol@strongswan.org
-	rightsubnet=PH_IP_CAROL1/32
-	auto=add
-
-conn dave
-	right=%dave.strongswan.org
-	rightid=dave@strongswan.org
-	rightsubnet=PH_IP_DAVE1/32
-	auto=add
diff --git a/testing/tests/ikev1/dynamic-two-peers/posttest.dat b/testing/tests/ikev1/dynamic-two-peers/posttest.dat
deleted file mode 100644
index 65292daae..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/posttest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ipsec stop
-dave::ipsec stop
-moon::sleep 1
-moon::ipsec stop
-moon::mv /etc/hosts.ori /etc/hosts
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1/dynamic-two-peers/pretest.dat b/testing/tests/ikev1/dynamic-two-peers/pretest.dat
deleted file mode 100644
index 6596a2527..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/pretest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-moon::mv /etc/hosts /etc/hosts.ori
-moon::mv /etc/hosts.stale /etc/hosts
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up moon
-dave::ipsec up moon
-carol::sleep 1
diff --git a/testing/tests/ikev1/dynamic-two-peers/test.conf b/testing/tests/ikev1/dynamic-two-peers/test.conf
deleted file mode 100644
index 1a8f2a4e0..000000000
--- a/testing/tests/ikev1/dynamic-two-peers/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/esp-ah-transport/description.txt b/testing/tests/ikev1/esp-ah-transport/description.txt
deleted file mode 100644
index f8ffce6e6..000000000
--- a/testing/tests/ikev1/esp-ah-transport/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
-In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
-marks all incoming AH packets with the ESP mark. The transport mode connection is
-tested by <b>carol</b> sending a ping to gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/esp-ah-transport/evaltest.dat b/testing/tests/ikev1/esp-ah-transport/evaltest.dat
deleted file mode 100644
index 526e0d96e..000000000
--- a/testing/tests/ikev1/esp-ah-transport/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
-moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_MOON::128 bytes from PH_IP_MOON: icmp_seq=1::YES
-carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
-moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*transport::YES
-moon::tcpdump::AH.*ESP::YES
diff --git a/testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/init.d/iptables b/testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/init.d/iptables
deleted file mode 100755
index 8c8817539..000000000
--- a/testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/init.d/iptables
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-        # allow AH
-	iptables -A INPUT  -i eth0 -p 51 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 51 -j ACCEPT
-			
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 299b6a831..000000000
--- a/testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	auth=ah
-	ike=aes128-sha
-	esp=aes128-sha1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	type=transport
-	auto=add
diff --git a/testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 3e8922581..000000000
--- a/testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow AH
-	iptables -A INPUT  -i eth0 -p 51 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 51 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 45ada023f..000000000
--- a/testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	auth=ah
-	ike=aes128-sha
-	esp=aes128-sha1
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=%any
-	rightid=carol@strongswan.org
-	type=transport
-	auto=add
diff --git a/testing/tests/ikev1/esp-ah-transport/posttest.dat b/testing/tests/ikev1/esp-ah-transport/posttest.dat
deleted file mode 100644
index 94a400606..000000000
--- a/testing/tests/ikev1/esp-ah-transport/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/esp-ah-transport/pretest.dat b/testing/tests/ikev1/esp-ah-transport/pretest.dat
deleted file mode 100644
index 4fe0ee90b..000000000
--- a/testing/tests/ikev1/esp-ah-transport/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-ah-transport/test.conf b/testing/tests/ikev1/esp-ah-transport/test.conf
deleted file mode 100644
index fd33cfb57..000000000
--- a/testing/tests/ikev1/esp-ah-transport/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/esp-ah-tunnel/description.txt b/testing/tests/ikev1/esp-ah-tunnel/description.txt
deleted file mode 100644
index 332f8177a..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP AES 128 bit encryption algorithm combined with AH HMAC_SHA1 authentication.
-In order to accept the AH and ESP encapsulated plaintext packets, the iptables firewall
-marks all incoming AH packets with the ESP mark. The tunnel mode connection is
-tested by <b>carol</b> sending a ping to client <b>alice</b> hiding behind 
-gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat b/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
deleted file mode 100644
index 5103a6318..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
-moon::ipsec statusall::ESP/AH proposal: AES_CBC_128/HMAC_SHA1::YES
-carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
-moon::ipsec status::ah\..*ah\..*esp\..*ago.*esp\..*ago.*tunnel::YES
-moon::tcpdump::AH.*ESP::YES
diff --git a/testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/init.d/iptables b/testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/init.d/iptables
deleted file mode 100755
index 8c8817539..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/init.d/iptables
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-        # allow AH
-	iptables -A INPUT  -i eth0 -p 51 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 51 -j ACCEPT
-			
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 168e5d2a8..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	auth=ah
-	ike=aes128-sha
-	esp=aes128-sha1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 3e8922581..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow AH
-	iptables -A INPUT  -i eth0 -p 51 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 51 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index b89d8e861..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	auth=ah
-	ike=aes128-sha
-	esp=aes128-sha1
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-ah-tunnel/posttest.dat b/testing/tests/ikev1/esp-ah-tunnel/posttest.dat
deleted file mode 100644
index 94a400606..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/esp-ah-tunnel/pretest.dat b/testing/tests/ikev1/esp-ah-tunnel/pretest.dat
deleted file mode 100644
index 49973a7a5..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2 
-carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-ah-tunnel/test.conf b/testing/tests/ikev1/esp-ah-tunnel/test.conf
deleted file mode 100644
index 6abbb89a9..000000000
--- a/testing/tests/ikev1/esp-ah-tunnel/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat
index 9c17ae903..6f7c13704 100644
--- a/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/evaltest.dat
@@ -1,9 +1,11 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::AES_CCM_12_128::YES
-carol::ipsec statusall::AES_CCM_12_128::YES
+moon:: ipsec statusall 2> /dev/null::AES_CCM_12_128::YES
+carol::ipsec statusall 2> /dev/null::AES_CCM_12_128::YES
 carol::ip xfrm state::aead rfc4309(ccm(aes))::YES
-moon::ip xfrm state::aead rfc4309(ccm(aes))::YES
+moon:: ip xfrm state::aead rfc4309(ccm(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
index f8baa00e1..24e7c5057 100755
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	plutodebug="control crypt"
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..d70d7b989
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
index d4f0c3adc..5910e4e99 100755
--- a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	plutodebug="control crypt"
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..d70d7b989
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ccm stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat
index c7992fbe4..9a8b46897 100644
--- a/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/evaltest.dat
@@ -1,9 +1,11 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES
-carol::ipsec statusall::AES_CTR_256/AES_XCBC_96::YES
-moon::ip xfrm state::rfc3686(ctr(aes))::YES
+moon:: ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES
+carol::ipsec statusall 2> /dev/null::AES_CTR_256/AES_XCBC_96::YES
+moon:: ip xfrm state::rfc3686(ctr(aes))::YES
 carol::ip xfrm state::rfc3686(ctr(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf
index acb4126cf..29a0304b2 100755
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	plutodebug="control crypt"
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..e607bbae7
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf
index b5baa2b5d..b09de994c 100755
--- a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	plutodebug="control crypt"
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..e607bbae7
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc ctr stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat
index da5d7c604..9d5fb7cc3 100644
--- a/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/evaltest.dat
@@ -1,9 +1,11 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::AES_GCM_16_256::YES
-carol::ipsec statusall::AES_GCM_16_256::YES
+moon:: ipsec statusall 2> /dev/null::AES_GCM_16_256::YES
+carol::ipsec statusall 2> /dev/null::AES_GCM_16_256::YES
 carol::ip xfrm state::aead rfc4106(gcm(aes))::YES
-moon::ip xfrm state::aead rfc4106(gcm(aes))::YES
+moon:: ip xfrm state::aead rfc4106(gcm(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
index 5026e0d9e..463f90aab 100755
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	plutodebug="control crypt"
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..e063e446a
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
index 5fa07962e..93839c6c3 100755
--- a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	plutodebug="control crypt"
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..e063e446a
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc gcm stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
index bc9b7c760..823ec253d 100644
--- a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
@@ -1,4 +1,4 @@
 Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
-ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac!</b>
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b>
 in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
 the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
index 4678155ee..74150fb04 100644
--- a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
@@ -1,9 +1,11 @@
-moon::ipsec statusall::rw.*IPsec SA established::YES
-carol::ipsec statusall::home.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::ESP proposal: AES_GMAC_256::YES
-carol::ipsec statusall::ESP proposal: AES_GMAC_256::YES
+moon:: ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
+carol::ipsec statusall 2> /dev/null::NULL_AES_GMAC_256::YES
 carol::ip xfrm state::aead rfc4543(gcm(aes))::YES
-moon::ip xfrm state::aead rfc4543(gcm(aes))::YES
+moon:: ip xfrm state::aead rfc4543(gcm(aes))::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
index 69ef8d49d..e870d9d5c 100755
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,8 +9,8 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	ike=aes256-sha384-modp2048!
-	esp=aes256gmac!
+	ike=aes256-sha256-modp2048!
+	esp=aes256gmac-modp2048!
 
 conn home
 	left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
index 41a583763..e2cec6194 100755
--- a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,8 +9,8 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	ike=aes256-sha384-modp2048!
-	esp=aes256gmac!
+	ike=aes256-sha256-modp2048!
+	esp=aes256gmac-modp2048!
 
 conn rw
 	left=PH_IP_MOON
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/description.txt b/testing/tests/ikev1/esp-alg-aes-xcbc/description.txt
similarity index 100%
rename from testing/tests/ikev1/esp-alg-aesxcbc/description.txt
rename to testing/tests/ikev1/esp-alg-aes-xcbc/description.txt
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat
new file mode 100644
index 000000000..6f5b89332
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/evaltest.dat
@@ -0,0 +1,11 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES
+moon:: ipsec statusall 2> /dev/null::AES_CBC_256/AES_XCBC_96,::YES
+carol::ip xfrm state::auth xcbc(aes)::YES
+moon:: ip xfrm state::auth xcbc(aes)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf
similarity index 80%
rename from testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf
index b4bc2101c..479f24226 100755
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,11 +9,13 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	ike=aes256-sha256-modp2048!
+	esp=aes256-aesxcbc!
+
+conn home
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
-
-conn home
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-weak/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf
similarity index 78%
rename from testing/tests/ikev1/esp-alg-weak/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf
index e5fed2f06..513449d25 100755
--- a/testing/tests/ikev1/esp-alg-weak/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,6 +9,8 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	ike=aes256-sha256-modp2048!
+	esp=aes256-aesxcbc!
 
 conn rw
 	left=PH_IP_MOON
diff --git a/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/alg-sha256-96/posttest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/posttest.dat
similarity index 100%
rename from testing/tests/ikev1/alg-sha256-96/posttest.dat
rename to testing/tests/ikev1/esp-alg-aes-xcbc/posttest.dat
diff --git a/testing/tests/ikev1/alg-sha256-96/pretest.dat b/testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat
similarity index 100%
rename from testing/tests/ikev1/alg-sha256-96/pretest.dat
rename to testing/tests/ikev1/esp-alg-aes-xcbc/pretest.dat
diff --git a/testing/tests/ikev1/alg-sha256-96/test.conf b/testing/tests/ikev1/esp-alg-aes-xcbc/test.conf
similarity index 100%
rename from testing/tests/ikev1/alg-sha256-96/test.conf
rename to testing/tests/ikev1/esp-alg-aes-xcbc/test.conf
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
deleted file mode 100644
index 5cee96b08..000000000
--- a/testing/tests/ikev1/esp-alg-aesxcbc/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-carol::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
-moon::ipsec statusall::ESP proposal: AES_CBC_256/AES_XCBC_96::YES
-carol::ip xfrm state::auth xcbc(aes)::YES
-moon::ip xfrm state::auth xcbc(aes)::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
-
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 75ce0fbbe..000000000
--- a/testing/tests/ikev1/esp-alg-aesxcbc/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes256-sha2_256-modp2048!
-	esp=aes256-aesxcbc!
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index c2e0a6dde..000000000
--- a/testing/tests/ikev1/esp-alg-aesxcbc/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes256-sha2_256-modp2048!
-	esp=aes256-aesxcbc!
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/posttest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/esp-alg-aesxcbc/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/pretest.dat b/testing/tests/ikev1/esp-alg-aesxcbc/pretest.dat
deleted file mode 100644
index 7d077c126..000000000
--- a/testing/tests/ikev1/esp-alg-aesxcbc/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aesxcbc/test.conf b/testing/tests/ikev1/esp-alg-aesxcbc/test.conf
deleted file mode 100644
index 6abbb89a9..000000000
--- a/testing/tests/ikev1/esp-alg-aesxcbc/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/esp-alg-des/description.txt b/testing/tests/ikev1/esp-alg-des/description.txt
deleted file mode 100644
index 9546569dd..000000000
--- a/testing/tests/ikev1/esp-alg-des/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP 1DES encryption algorithm with MD5 authentication. <b>moon</b> must
-explicitly accept the choice of this insecure algorithm by setting the strict
-flag '!' in <b>esp=des-md5!</b>. The tunnel is tested by <b>carol</b> 
-sending a ping to client <b>alice</b> behind gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/esp-alg-des/evaltest.dat b/testing/tests/ikev1/esp-alg-des/evaltest.dat
deleted file mode 100644
index 8e42707a2..000000000
--- a/testing/tests/ikev1/esp-alg-des/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES
-moon::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
-carol::ipsec statusall::ESP proposal: DES_CBC/HMAC_MD5::YES
-moon::ip xfrm state::enc cbc(des)::YES
-carol::ip xfrm state::enc cbc(des)::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 180::YES
diff --git a/testing/tests/ikev1/esp-alg-des/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-des/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index a5715a7f1..000000000
--- a/testing/tests/ikev1/esp-alg-des/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=3des-md5-modp1024!
-	esp=des-md5!
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-des/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-des/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 0329a533d..000000000
--- a/testing/tests/ikev1/esp-alg-des/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=3des-md5-modp1024!
-	esp=des-md5!
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-des/posttest.dat b/testing/tests/ikev1/esp-alg-des/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/esp-alg-des/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/esp-alg-des/test.conf b/testing/tests/ikev1/esp-alg-des/test.conf
deleted file mode 100644
index 6abbb89a9..000000000
--- a/testing/tests/ikev1/esp-alg-des/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/esp-alg-null/description.txt b/testing/tests/ikev1/esp-alg-null/description.txt
index 7880a799c..8fd203098 100644
--- a/testing/tests/ikev1/esp-alg-null/description.txt
+++ b/testing/tests/ikev1/esp-alg-null/description.txt
@@ -1,5 +1,3 @@
-In IKE phase 2 the roadwarrior <b>carol</b> proposes to gateway <b>moon</b>
-the ESP NULL encryption algorithm with SHA-1 authentication. <b>moon</b> must
-explicitly accept the choice of this insecure algorithm by setting the strict
-flag '!' in <b>esp=null-sha1!</b>. The tunnel is tested by <b>carol</b> 
-sending a ping to client <b>alice</b> behind gateway <b>moon</b>.
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the ESP cipher suite
+<b>NULL / HMAC_SHA1_96</b> by defining <b>esp=null-sha1</b> in ipsec.conf.
+A ping from <b>carol</b> to <b>alice</b> successfully checks the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-null/evaltest.dat b/testing/tests/ikev1/esp-alg-null/evaltest.dat
index a259e6d09..937d85ed2 100644
--- a/testing/tests/ikev1/esp-alg-null/evaltest.dat
+++ b/testing/tests/ikev1/esp-alg-null/evaltest.dat
@@ -1,9 +1,11 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
-carol::ipsec statusall::ESP proposal::NULL/HMAC_SHA1::YES
-moon::ip xfrm state::enc ecb(cipher_null)::YES
+moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES
+moon:: ip xfrm state::enc ecb(cipher_null)::YES
 carol::ip xfrm state::enc ecb(cipher_null)::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 172::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 172::YES
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
index fe76579ac..85c4ab478 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,14 +9,15 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	ike=aes-sha1
+	ike=aes128-sha1-modp2048!
 	esp=null-sha1!
 
 conn home
 	left=PH_IP_CAROL
+	leftfirewall=yes
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
-	auto=add
+	auto=add 
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
index b768b8ee4..2b83c2bea 100755
--- a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,14 +9,14 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	ike=aes-sha1!
+	ike=aes128-sha1-modp2048!
 	esp=null-sha1!
 
 conn rw
 	left=PH_IP_MOON
+	leftfirewall=yes
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
 	right=%any
-	rightid=carol@strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/esp-alg-null/posttest.dat b/testing/tests/ikev1/esp-alg-null/posttest.dat
index c6d6235f9..94a400606 100644
--- a/testing/tests/ikev1/esp-alg-null/posttest.dat
+++ b/testing/tests/ikev1/esp-alg-null/posttest.dat
@@ -1,2 +1,4 @@
 moon::ipsec stop
 carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/esp-alg-null/pretest.dat b/testing/tests/ikev1/esp-alg-null/pretest.dat
index 7d077c126..3c3df0196 100644
--- a/testing/tests/ikev1/esp-alg-null/pretest.dat
+++ b/testing/tests/ikev1/esp-alg-null/pretest.dat
@@ -1,5 +1,7 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
-carol::sleep 2
+carol::ipsec start
+carol::sleep 1 
 carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1/esp-alg-null/test.conf b/testing/tests/ikev1/esp-alg-null/test.conf
index 6abbb89a9..9cd583b16 100644
--- a/testing/tests/ikev1/esp-alg-null/test.conf
+++ b/testing/tests/ikev1/esp-alg-null/test.conf
@@ -19,4 +19,3 @@ TCPDUMPHOSTS="moon"
 # Used for IPsec logging purposes
 #
 IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/description.txt b/testing/tests/ikev1/esp-alg-strict-fail/description.txt
deleted file mode 100644
index 252080e80..000000000
--- a/testing/tests/ikev1/esp-alg-strict-fail/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
-as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
-leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
deleted file mode 100644
index 83d99bea1..000000000
--- a/testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::YES
-carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
-moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::YES
-moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*ISAKMP SA established::NO
-moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
-moon::cat /var/log/auth.log::no acceptable Proposal in IPsec SA::YES
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 46a619016..000000000
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=3des-sha1
-	esp=3des-sha1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 86a15c96d..000000000
--- a/testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes128-sha1
-	esp=aes128-sha1!
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/posttest.dat b/testing/tests/ikev1/esp-alg-strict-fail/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/esp-alg-strict-fail/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/pretest.dat b/testing/tests/ikev1/esp-alg-strict-fail/pretest.dat
deleted file mode 100644
index f5aa989fe..000000000
--- a/testing/tests/ikev1/esp-alg-strict-fail/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-strict-fail/test.conf b/testing/tests/ikev1/esp-alg-strict-fail/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/esp-alg-strict-fail/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/esp-alg-strict/description.txt b/testing/tests/ikev1/esp-alg-strict/description.txt
deleted file mode 100644
index 149a1e013..000000000
--- a/testing/tests/ikev1/esp-alg-strict/description.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-Roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption (together with
-HMAC_SHA1 authentication) in the first place and <b>AES_CBC_128</b> encryption in
-second place for both the ISAKMP and IPsec SAs. Gateway <b>moon</b> defines
-<b>ike=aes128-sha1</b> but will accept any other supported algorithm proposed
-by the peer during Phase 1. But for ESP encryption <b>moon</b> enforces
-<b>esp=aes128-sha1!</b> by applying the strict flag '!'.
-
diff --git a/testing/tests/ikev1/esp-alg-strict/evaltest.dat b/testing/tests/ikev1/esp-alg-strict/evaltest.dat
deleted file mode 100644
index 912a8d830..000000000
--- a/testing/tests/ikev1/esp-alg-strict/evaltest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::IPSec Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
-moon::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
-moon::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
-carol::ipsec statusall::IKE proposal: 3DES_CBC/HMAC_SHA1::YES
-carol::ipsec statusall::ESP proposal: AES_CBC_128/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 052541b21..000000000
--- a/testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=3des-sha,aes128-sha1
-	esp=3des-sha1,aes128-sha1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 86a15c96d..000000000
--- a/testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes128-sha1
-	esp=aes128-sha1!
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-strict/posttest.dat b/testing/tests/ikev1/esp-alg-strict/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/esp-alg-strict/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/esp-alg-strict/pretest.dat b/testing/tests/ikev1/esp-alg-strict/pretest.dat
deleted file mode 100644
index f5aa989fe..000000000
--- a/testing/tests/ikev1/esp-alg-strict/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-strict/test.conf b/testing/tests/ikev1/esp-alg-strict/test.conf
deleted file mode 100644
index a6c8f026c..000000000
--- a/testing/tests/ikev1/esp-alg-strict/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/esp-alg-weak/description.txt b/testing/tests/ikev1/esp-alg-weak/description.txt
deleted file mode 100644
index e49b6c620..000000000
--- a/testing/tests/ikev1/esp-alg-weak/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarrior <b>carol</b> proposes <b>DES_CBC</b> encryption with HMAC_MD5 authentication
-as the only cipher suite for the IPsec SA. Because gateway <b>moon</b> does
-not use an explicit <b>esp</b> statement any strong encryption algorithm will be
-accepted but any weak key length will be rejected by default and thus the ISAKMP SA
-is bound to fail.
diff --git a/testing/tests/ikev1/esp-alg-weak/evaltest.dat b/testing/tests/ikev1/esp-alg-weak/evaltest.dat
deleted file mode 100644
index 72b14e805..000000000
--- a/testing/tests/ikev1/esp-alg-weak/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::NO
-moon::cat /var/log/auth.log::IPSec Transform.*refused due to insecure key_len::YES
-moon::cat /var/log/auth.log::no acceptable Proposal in IPsec SA::YES
diff --git a/testing/tests/ikev1/esp-alg-weak/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-weak/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index a5715a7f1..000000000
--- a/testing/tests/ikev1/esp-alg-weak/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control crypt"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=3des-md5-modp1024!
-	esp=des-md5!
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/esp-alg-weak/posttest.dat b/testing/tests/ikev1/esp-alg-weak/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/esp-alg-weak/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/esp-alg-weak/pretest.dat b/testing/tests/ikev1/esp-alg-weak/pretest.dat
deleted file mode 100644
index 7d077c126..000000000
--- a/testing/tests/ikev1/esp-alg-weak/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-weak/test.conf b/testing/tests/ikev1/esp-alg-weak/test.conf
deleted file mode 100644
index a6c8f026c..000000000
--- a/testing/tests/ikev1/esp-alg-weak/test.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
-
diff --git a/testing/tests/ikev1/host2host-cert/evaltest.dat b/testing/tests/ikev1/host2host-cert/evaltest.dat
index d19f970f2..53e5589ca 100644
--- a/testing/tests/ikev1/host2host-cert/evaltest.dat
+++ b/testing/tests/ikev1/host2host-cert/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec status::host-host.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::host-host.*STATE_QUICK_R2.*IPsec SA established::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TUNNEL::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..cf5b071d1
--- /dev/null
+++ b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,20 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn host-host
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/host2host-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/ipsec.conf
similarity index 70%
rename from testing/tests/ikev1/host2host-swapped/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/host2host-cert/hosts/sun/etc/ipsec.conf
index 95739fe51..a70750d58 100755
--- a/testing/tests/ikev1/host2host-swapped/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -14,10 +11,10 @@ conn %default
 	keyexchange=ikev1
 
 conn host-host
-	right=PH_IP_MOON
-	rightcert=moonCert.pem
-	rightid=@moon.strongswan.org
-	rightfirewall=yes
 	left=PH_IP_SUN
+	leftcert=sunCert.pem
 	leftid=@sun.strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/host2host-cert/pretest.dat b/testing/tests/ikev1/host2host-cert/pretest.dat
index 3536fd886..1fa70177c 100644
--- a/testing/tests/ikev1/host2host-cert/pretest.dat
+++ b/testing/tests/ikev1/host2host-cert/pretest.dat
@@ -2,5 +2,5 @@ moon::/etc/init.d/iptables start 2> /dev/null
 sun::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
 sun::ipsec start
-moon::sleep 2 
+moon::sleep 1 
 moon::ipsec up host-host
diff --git a/testing/tests/ikev1/host2host-cert/test.conf b/testing/tests/ikev1/host2host-cert/test.conf
index cf2e704fd..305a67316 100644
--- a/testing/tests/ikev1/host2host-cert/test.conf
+++ b/testing/tests/ikev1/host2host-cert/test.conf
@@ -6,11 +6,11 @@
 # All UML instances that are required for this test
 #
 UMLHOSTS="moon winnetou sun"
- 
+
 # Corresponding block diagram
 #
 DIAGRAM="m-w-s.png"
-
+ 
 # UML instances on which tcpdump is to be started
 #
 TCPDUMPHOSTS="sun"
diff --git a/testing/tests/ikev1/host2host-swapped/description.txt b/testing/tests/ikev1/host2host-swapped/description.txt
deleted file mode 100644
index 34cfe43cc..000000000
--- a/testing/tests/ikev1/host2host-swapped/description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Same scenario as test <a href="../host2host-cert/"><b>host2host-cert</b></a> but with
-swapped end definitions:  <b>right</b> denotes the <b>local</b> side whereas
-<b>left</b> stands for the <b>remote</b> peer.
diff --git a/testing/tests/ikev1/host2host-swapped/evaltest.dat b/testing/tests/ikev1/host2host-swapped/evaltest.dat
deleted file mode 100644
index d19f970f2..000000000
--- a/testing/tests/ikev1/host2host-swapped/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec status::host-host.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::host-host.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/host2host-swapped/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/host2host-swapped/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index a0d600a6f..000000000
--- a/testing/tests/ikev1/host2host-swapped/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn host-host
-	right=PH_IP_SUN
-	rightcert=sunCert.pem
-	rightfirewall=yes
-	rightid=@sun.strongswan.org
-	left=PH_IP_MOON
-	leftid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/host2host-swapped/posttest.dat b/testing/tests/ikev1/host2host-swapped/posttest.dat
deleted file mode 100644
index 5a9150bc8..000000000
--- a/testing/tests/ikev1/host2host-swapped/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/host2host-swapped/pretest.dat b/testing/tests/ikev1/host2host-swapped/pretest.dat
deleted file mode 100644
index e2d98f2eb..000000000
--- a/testing/tests/ikev1/host2host-swapped/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-sun::ipsec start
-moon::sleep 2
-moon::ipsec up host-host
diff --git a/testing/tests/ikev1/host2host-swapped/test.conf b/testing/tests/ikev1/host2host-swapped/test.conf
deleted file mode 100644
index cf2e704fd..000000000
--- a/testing/tests/ikev1/host2host-swapped/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon winnetou sun"
- 
-# Corresponding block diagram
-#
-DIAGRAM="m-w-s.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/host2host-transport/evaltest.dat b/testing/tests/ikev1/host2host-transport/evaltest.dat
index 04c0eb3a2..3021b5e04 100644
--- a/testing/tests/ikev1/host2host-transport/evaltest.dat
+++ b/testing/tests/ikev1/host2host-transport/evaltest.dat
@@ -1,7 +1,7 @@
-moon::ipsec status::host-host.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::host-host.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ip xfrm state::mode transport::YES
-sun::ip xfrm state::mode transport::YES
+moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
+sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES
 moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/ipsec.conf
index b56189c6c..ad0758778 100755
--- a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..8e685c862
--- /dev/null
+++ b/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  multiple_authentication = no
+}
diff --git a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/ipsec.conf
index 1f2ade20b..fd33244d7 100755
--- a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -22,4 +19,3 @@ conn host-host
 	rightid=@moon.strongswan.org
 	type=transport
 	auto=add
-
diff --git a/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..8e685c862
--- /dev/null
+++ b/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+  multiple_authentication = no
+}
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/description.txt b/testing/tests/ikev1/ike-alg-strict-fail/description.txt
deleted file mode 100644
index 252080e80..000000000
--- a/testing/tests/ikev1/ike-alg-strict-fail/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with HMAC_SHA1 authentication
-as the only cipher suite for both the ISAKMP and IPsec SA. The gateway <b>moon</b> defines
-<b>ike=aes128-sha1</b> only, but will accept any other support algorithm proposed by the peer,
-leading to a successful negotiation of Phase 1. Because for Phase 2 <b>moon</b> enforces
-<b>esp=aes128-sha1!</b> by using the strict flag '!', the ISAKMP SA will fail.
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat b/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
deleted file mode 100644
index 0c6bc7f7e..000000000
--- a/testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
-moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
-carol::cat /var/log/auth.log::NO_PROPOSAL_CHOSEN::YES
-moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
-moon::cat /var/log/auth.log::no acceptable Oakley Transform::YES
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index d75a7022e..000000000
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=3des-sha1
-	esp=3des-sha1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add 
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 460ff749c..000000000
--- a/testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes128-sha1!
-	esp=aes128-sha1
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/posttest.dat b/testing/tests/ikev1/ike-alg-strict-fail/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/ike-alg-strict-fail/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/pretest.dat b/testing/tests/ikev1/ike-alg-strict-fail/pretest.dat
deleted file mode 100644
index f5aa989fe..000000000
--- a/testing/tests/ikev1/ike-alg-strict-fail/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/ike-alg-strict-fail/test.conf b/testing/tests/ikev1/ike-alg-strict-fail/test.conf
deleted file mode 100644
index 7e7848831..000000000
--- a/testing/tests/ikev1/ike-alg-strict-fail/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-##!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/ike-alg-strict/description.txt b/testing/tests/ikev1/ike-alg-strict/description.txt
deleted file mode 100644
index af93b95c3..000000000
--- a/testing/tests/ikev1/ike-alg-strict/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarrior <b>carol</b> proposes <b>3DES_CBC</b> encryption with <b>HMAC_SHA1</b> authentication in the first place
-and <b>AES_CBC_128</b> encryption with <b>HMAC_SHA1</b> authentication in the second place for both the ISAKMP and IPsec SA.
-The gateway <b>moon</b> enforces <b>ike=aes128-sha!</b> for Phase 1 by using the strict flag '!', 
-but will accept any other supported algorithm proposed by the peer for Phase 2 , even though <b>moon</b>
-defines itself <b>esp=aes128-sha1</b> only.
diff --git a/testing/tests/ikev1/ike-alg-strict/evaltest.dat b/testing/tests/ikev1/ike-alg-strict/evaltest.dat
deleted file mode 100644
index 8acd0d039..000000000
--- a/testing/tests/ikev1/ike-alg-strict/evaltest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::Oakley Transform.*3DES_CBC (192), HMAC_SHA1.*refused due to strict flag::YES
-moon::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1::YES
-moon::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
-carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA::YES
-carol::ipsec statusall::ESP proposal: 3DES_CBC/HMAC_SHA1::YES
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 36bdc0fa4..000000000
--- a/testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=3des-sha1,aes128-sha1
-	esp=3des-sha1,aes128-sha1
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 460ff749c..000000000
--- a/testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes128-sha1!
-	esp=aes128-sha1
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightid=carol@strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ike-alg-strict/posttest.dat b/testing/tests/ikev1/ike-alg-strict/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/ike-alg-strict/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/ike-alg-strict/pretest.dat b/testing/tests/ikev1/ike-alg-strict/pretest.dat
deleted file mode 100644
index f5aa989fe..000000000
--- a/testing/tests/ikev1/ike-alg-strict/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/ike-alg-strict/test.conf b/testing/tests/ikev1/ike-alg-strict/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/ike-alg-strict/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/ip-pool-db-push/description.txt b/testing/tests/ikev1/ip-pool-db-push/description.txt
deleted file mode 100644
index dc510e21a..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-Using Mode Config push mode (<b>modeconfig=push</b>) the gateway <b>moon</b> assigns virtual
-IP addresses from a pool named <b>bigpool</b> that was created in an SQL database by the command
-<b>ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0</b>.
diff --git a/testing/tests/ikev1/ip-pool-db-push/evaltest.dat b/testing/tests/ikev1/ip-pool-db-push/evaltest.dat
deleted file mode 100644
index 9a5c5c7ee..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/evaltest.dat
+++ /dev/null
@@ -1,30 +0,0 @@
-carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::cat /var/log/auth.log::handling INTERNAL_IP4_NBNS attribute failed::YES
-carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
-carol::ip addr list dev eth0::PH_IP_CAROL1::YES
-carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/auth.log::starting ModeCfg server in push mode::YES
-moon::cat /var/log/auth.log::acquired new lease for address.*in pool.*bigpool::YES
-moon::cat /var/log/auth.log::assigning virtual IP::YES
-moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES
-moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES
-moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES
-moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
-moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec status::rw.*IPsec SA established::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 5e7cc89a7..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	modeconfig=push
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=%config
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 56f13324a..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 56f13324a..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index c365004bf..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	rekey=no
-	keyexchange=ikev1
-	modeconfig=push
-
-conn rw
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=%any
-	rightsourceip=%bigpool
-	auto=add
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 630135adc..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql kernel-netlink
-}
-
-libhydra {
-  plugins {
-    attr-sql {
-      database = sqlite:///etc/ipsec.d/ipsec.db
-    }
-  }
-}
-
-pool {
-  load = sqlite
-}
diff --git a/testing/tests/ikev1/ip-pool-db-push/posttest.dat b/testing/tests/ikev1/ip-pool-db-push/posttest.dat
deleted file mode 100644
index 5022c6cf1..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/posttest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
-moon::ipsec pool --del bigpool 2> /dev/null
-moon::ipsec pool --del dns 2> /dev/null
-moon::ipsec pool --del nbns 2> /dev/null
-moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-pool-db-push/pretest.dat b/testing/tests/ikev1/ip-pool-db-push/pretest.dat
deleted file mode 100644
index 4a2add194..000000000
--- a/testing/tests/ikev1/ip-pool-db-push/pretest.dat
+++ /dev/null
@@ -1,16 +0,0 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
-moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
-moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2> /dev/null
-moon::ipsec pool --addattr dns  --server PH_IP_WINNETOU 2> /dev/null
-moon::ipsec pool --addattr dns  --server PH_IP_VENUS 2> /dev/null
-moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2 
-carol::ipsec up home
-dave::ipsec up home
-carol::sleep 1
diff --git a/testing/tests/ikev1/ip-pool-db/description.txt b/testing/tests/ikev1/ip-pool-db/description.txt
index 364b96cd7..7bc4ef3ab 100644
--- a/testing/tests/ikev1/ip-pool-db/description.txt
+++ b/testing/tests/ikev1/ip-pool-db/description.txt
@@ -1,5 +1,5 @@
 The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv1 Mode Config payload
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv2 configuration payload
 by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual IP
 addresses from a pool named <b>bigpool</b> that was created in an SQL database by the command
 <b>ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0</b>.
diff --git a/testing/tests/ikev1/ip-pool-db/evaltest.dat b/testing/tests/ikev1/ip-pool-db/evaltest.dat
index 566bab972..941cb34c0 100644
--- a/testing/tests/ikev1/ip-pool-db/evaltest.dat
+++ b/testing/tests/ikev1/ip-pool-db/evaltest.dat
@@ -1,25 +1,33 @@
-carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::cat /var/log/auth.log::handling INTERNAL_IP4_NBNS attribute failed::YES
-carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::cat /var/log/daemon.log::installing new virtual IP PH_IP_CAROL1::YES
+carol::cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
+carol::cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
+carol::cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
 carol::ip addr list dev eth0::PH_IP_CAROL1::YES
 carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/auth.log::peer requested virtual IP %any::YES
-moon::cat /var/log/auth.log::acquired new lease for address.*in pool.*bigpool::YES
-moon::cat /var/log/auth.log::assigning virtual IP::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP PH_IP_DAVE1::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_WINNETOU::YES
+dave:: cat /var/log/daemon.log::installing DNS server PH_IP_VENUS::YES
+dave:: cat /var/log/daemon.log::handling INTERNAL_IP4_NBNS attribute failed::YES
+dave:: ip addr list dev eth0::PH_IP_DAVE1::YES
+dave:: ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon:: cat /var/log/daemon.log::peer requested virtual IP %any::YES
+moon:: cat /var/log/daemon.log::acquired new lease for address.*in pool.*bigpool::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP::YES
 moon::ipsec pool --status 2> /dev/null::dns servers: PH_IP_WINNETOU PH_IP_VENUS::YES
 moon::ipsec pool --status 2> /dev/null::nbns servers: PH_IP_VENUS::YES
 moon::ipsec pool --status 2> /dev/null::bigpool.*10.3.0.1.*10.3.3.232.*static.*2::YES
 moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.1,id=carol@strongswan.org 2> /dev/null::online::YES
 moon::ipsec pool --leases --filter pool=bigpool,addr=10.3.0.2,id=dave@strongswan.org 2> /dev/null::online::YES
-moon::ipsec status::rw.*IPsec SA established::YES
+moon::ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon::ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon::ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf
index 0c770de9f..3f67cbc8a 100755
--- a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
index 56f13324a..bd19ffe3d 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
 }
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf
index 163c19516..bf0f9ccae 100755
--- a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
index 56f13324a..bd19ffe3d 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown resolve
 }
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf
index 0cefb7ab0..d1ae4fbd8 100755
--- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/ipsec.conf
@@ -1,17 +1,13 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	rekey=no
 	keyexchange=ikev1
 
 conn rw
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
index 630135adc..04ffaf64d 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql kernel-netlink
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
 }
 
 libhydra {
diff --git a/testing/tests/ikev1/ip-pool-db/posttest.dat b/testing/tests/ikev1/ip-pool-db/posttest.dat
index 5022c6cf1..5b88b2163 100644
--- a/testing/tests/ikev1/ip-pool-db/posttest.dat
+++ b/testing/tests/ikev1/ip-pool-db/posttest.dat
@@ -1,11 +1,9 @@
-moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
+moon::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
 moon::ipsec pool --del bigpool 2> /dev/null
 moon::ipsec pool --del dns 2> /dev/null
 moon::ipsec pool --del nbns 2> /dev/null
diff --git a/testing/tests/ikev1/ip-pool-db/pretest.dat b/testing/tests/ikev1/ip-pool-db/pretest.dat
index 190672652..4a2add194 100644
--- a/testing/tests/ikev1/ip-pool-db/pretest.dat
+++ b/testing/tests/ikev1/ip-pool-db/pretest.dat
@@ -4,7 +4,6 @@ moon::ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0 2>
 moon::ipsec pool --addattr dns  --server PH_IP_WINNETOU 2> /dev/null
 moon::ipsec pool --addattr dns  --server PH_IP_VENUS 2> /dev/null
 moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null
-moon::ipsec pool --statusattr
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
diff --git a/testing/tests/ikev1/ip-pool/description.txt b/testing/tests/ikev1/ip-pool/description.txt
deleted file mode 100644
index b3f584c57..000000000
--- a/testing/tests/ikev1/ip-pool/description.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv1 Mode Config payload
-by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
-IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
-increasing order. 
-<p>
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
-the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
-pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat
deleted file mode 100644
index f67ab321b..000000000
--- a/testing/tests/ikev1/ip-pool/evaltest.dat
+++ /dev/null
@@ -1,26 +0,0 @@
-carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
-carol::ip addr list dev eth0::PH_IP_CAROL1::YES
-carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
-carol::ipsec status::home.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
-dave::ip addr list dev eth0::PH_IP_DAVE1::YES
-dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
-dave::ipsec status::home.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::cat /var/log/auth.log::adding virtual IP address pool::YES
-moon::cat /var/log/auth.log::peer requested virtual IP %any::YES
-moon::cat /var/log/auth.log::assigning virtual IP::YES
-moon::ipsec leases rw::2/15, 2 online::YES
-moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES
-moon::ipsec statusall::rw.*carol@strongswan.org.*erouted::YES
-moon::ipsec statusall::rw.*dave@strongswan.org.*erouted::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index ddedd7e7b..000000000
--- a/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn rw
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=%any
-	rightsourceip=10.3.0.0/28
-	auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-pool/test.conf b/testing/tests/ikev1/ip-pool/test.conf
deleted file mode 100644
index 1a8f2a4e0..000000000
--- a/testing/tests/ikev1/ip-pool/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/description.txt b/testing/tests/ikev1/ip-two-pools-mixed/description.txt
deleted file mode 100644
index 3869ced0a..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
-Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
-<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
-addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
-to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from an SQLite-based pool
-named <b>intpool</b> [10.4.0.1..10.4.1.244] to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
-<p>
-Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and 
-both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
deleted file mode 100644
index f237ce53f..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
+++ /dev/null
@@ -1,17 +0,0 @@
-carol::ipsec status::home.*IPsec SA established::YES
-alice::ipsec status::home.*IPsec SA established::YES
-moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
-moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
-moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
-moon::ipsec leases ext::1/15, 1 online::YES
-moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
-moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
-carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
-alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
-alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
deleted file mode 100755
index 97b773645..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-        # allow ESP 
-        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow MOBIKE 
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
deleted file mode 100755
index e8077b22a..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-		
-conn home 
-	left=%defaultroute
-	leftsourceip=%config
-	leftcert=aliceCert.pem
-	leftid=alice@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON1
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 99a8c60ff..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=%config
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index bb9d03acd..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-        iptables -A INPUT  -i eth1 -p 50 -j ACCEPT
-        iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-        iptables -A INPUT  -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-        iptables -A INPUT  -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
-        iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-	iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# masquerade crl fetches to winnetou
-	iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index e844ba989..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=%any
-
-conn int 
-	left=PH_IP_MOON1
-	rightsourceip=%intpool
-	auto=add
-
-conn ext 
-	left=PH_IP_MOON
-	rightsourceip=10.3.0.0/28
-	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 630135adc..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql kernel-netlink
-}
-
-libhydra {
-  plugins {
-    attr-sql {
-      database = sqlite:///etc/ipsec.d/ipsec.db
-    }
-  }
-}
-
-pool {
-  load = sqlite
-}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
deleted file mode 100644
index 74e3cf2c0..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
+++ /dev/null
@@ -1,13 +0,0 @@
-carol::ipsec stop
-alice::ipsec stop
-moon::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-alice::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del 10.3.0.1/32 dev eth0
-alice::ip addr del 10.4.0.1/32 dev eth0
-moon::ip route del 10.3.0.0/16 via PH_IP_MOON
-moon::ip route del 10.4.0.0/16 via PH_IP_MOON1
-moon::conntrack -F
-moon::ipsec pool --del intpool 2> /dev/null
-moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
deleted file mode 100644
index 21e28ce0c..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
+++ /dev/null
@@ -1,15 +0,0 @@
-moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
-moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
-moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout  0 2> /dev/null
-moon::ip route add 10.3.0.0/16 via PH_IP_MOON
-moon::ip route add 10.4.0.0/16 via PH_IP_MOON1
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-alice::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-moon::ipsec start
-alice::ipsec start
-carol::sleep 2 
-carol::ipsec up home
-alice::ipsec up home
-alice::sleep 1
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/test.conf b/testing/tests/ikev1/ip-two-pools-mixed/test.conf
deleted file mode 100644
index 329774c0a..000000000
--- a/testing/tests/ikev1/ip-two-pools-mixed/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="alice carol"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/ip-two-pools/description.txt b/testing/tests/ikev1/ip-two-pools/description.txt
deleted file mode 100644
index 33a5187c5..000000000
--- a/testing/tests/ikev1/ip-two-pools/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
-Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
-<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
-addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
-to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from a simple pool defined 
-by <b>rightsourceip=10.4.0.0/28</b> to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
-<p>
-Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and 
-both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools/evaltest.dat b/testing/tests/ikev1/ip-two-pools/evaltest.dat
deleted file mode 100644
index 2f19a77ba..000000000
--- a/testing/tests/ikev1/ip-two-pools/evaltest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-carol::ipsec status::home.*IPsec SA established::YES
-alice::ipsec status::home.*IPsec SA established::YES
-moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
-moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
-moon::cat /var/log/auth.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES
-moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
-moon::ipsec leases ext::1/15, 1 online::YES
-moon::ipsec leases int::1/15, 1 online::YES
-moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
-moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES
-carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
-alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
-carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
-alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
deleted file mode 100755
index 97b773645..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-        # allow ESP 
-        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow MOBIKE 
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
deleted file mode 100755
index e8077b22a..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-		
-conn home 
-	left=%defaultroute
-	leftsourceip=%config
-	leftcert=aliceCert.pem
-	leftid=alice@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON1
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 99a8c60ff..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=%config
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index bb9d03acd..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-        iptables -A INPUT  -i eth1 -p 50 -j ACCEPT
-        iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-        iptables -A INPUT  -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-        iptables -A INPUT  -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
-        iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-	iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# masquerade crl fetches to winnetou
-	iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 4771e26d6..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=%any
-
-conn int 
-	left=PH_IP_MOON1
-	rightsourceip=10.4.0.0/28
-	auto=add
-
-conn ext 
-	left=PH_IP_MOON
-	rightsourceip=10.3.0.0/28
-	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 4c40f76cc..000000000
--- a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/ip-two-pools/posttest.dat b/testing/tests/ikev1/ip-two-pools/posttest.dat
deleted file mode 100644
index 4474e5ade..000000000
--- a/testing/tests/ikev1/ip-two-pools/posttest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-alice::ipsec stop
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-alice::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del 10.3.0.1/32 dev eth0
-alice::ip addr del 10.4.0.1/32 dev eth0
-moon::ip route del 10.3.0.0/16 via 192.168.0.1
-moon::ip route del 10.4.0.0/16 via 10.1.0.1
-moon::conntrack -F
-moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools/pretest.dat b/testing/tests/ikev1/ip-two-pools/pretest.dat
deleted file mode 100644
index 8091a6ed2..000000000
--- a/testing/tests/ikev1/ip-two-pools/pretest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-moon::ip route add 10.3.0.0/16 via 192.168.0.1
-moon::ip route add 10.4.0.0/16 via 10.1.0.1
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-alice::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-moon::ipsec start
-alice::ipsec start
-carol::sleep 2 
-carol::ipsec up home
-alice::ipsec up home
-alice::sleep 1 
diff --git a/testing/tests/ikev1/ip-two-pools/test.conf b/testing/tests/ikev1/ip-two-pools/test.conf
deleted file mode 100644
index 329774c0a..000000000
--- a/testing/tests/ikev1/ip-two-pools/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="alice carol"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/mode-config-multiple/description.txt b/testing/tests/ikev1/mode-config-multiple/description.txt
deleted file mode 100644
index 6be00e744..000000000
--- a/testing/tests/ikev1/mode-config-multiple/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
-by using the <b>leftsourceip=%modeconfig</b> parameter. After setting up an IPsec SA to reach
-the hosts <b>alice</b> and <b>venus</b>, respectively, both roadwarriors set up a second 
-IPsec SA to <b>venus</b> and <b>alice</b>, respectively, inheriting the virtual IP address
-from the previous Mode Config negotiation.
diff --git a/testing/tests/ikev1/mode-config-multiple/evaltest.dat b/testing/tests/ikev1/mode-config-multiple/evaltest.dat
deleted file mode 100644
index 735345315..000000000
--- a/testing/tests/ikev1/mode-config-multiple/evaltest.dat
+++ /dev/null
@@ -1,29 +0,0 @@
-carol::cat /var/log/auth.log::alice.*setting virtual IP source address to PH_IP_CAROL1::YES
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::cat /var/log/auth.log::venus.*inheriting virtual IP source address PH_IP_CAROL1 from ModeCfg::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::cat /var/log/auth.log::venus.*setting virtual IP source address to PH_IP_DAVE1::YES
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::cat /var/log/auth.log::alice.*inheriting virtual IP source address PH_IP_DAVE1 from ModeCfg::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::carol-alice.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::carol-venus.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::dave-venus.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::dave-alice.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
-venus::tcpdump::IP carol1.strongswan.org > venus.strongswan.org: ICMP echo request::YES
-venus::tcpdump::IP venus.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-venus::tcpdump::IP dave1.strongswan.org > venus.strongswan.org: ICMP echo request::YES
-venus::tcpdump::IP venus.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
-
diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/mode-config-multiple/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 3d6addb62..000000000
--- a/testing/tests/ikev1/mode-config-multiple/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn alice
-	also=home
-	rightsubnet=10.1.0.10/32
-	auto=add
-
-conn venus
-	also=home
-	rightsubnet=10.1.0.20/32
-	auto=add
-
-conn home
-	left=192.168.0.100
-	leftsourceip=%modeconfig
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=192.168.0.1
-	rightid=@moon.strongswan.org
diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/mode-config-multiple/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index 0b93eb58f..000000000
--- a/testing/tests/ikev1/mode-config-multiple/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn alice
-        also=home
-        rightsubnet=10.1.0.10/32
-        auto=add
-
-conn venus
-        also=home
-        rightsubnet=10.1.0.20/32
-        auto=add
-
-conn home
-	left=PH_IP_DAVE
-	leftsourceip=%modeconfig
-	leftcert=daveCert.pem
-	leftid=dave@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 7f5bb812f..000000000
--- a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,52 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=192.168.0.1
-	leftsourceip=10.1.0.1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
-conn carol-alice
-	also=carol
-	leftsubnet=10.1.0.10/32
-	rightsourceip=10.3.0.1
-	auto=add
-
-conn carol-venus
-	also=carol
-	leftsubnet=10.1.0.20/32
-	rightsourceip=%carol-alice
-	auto=add
-	
-conn carol
-	right=%any
-	rightid=carol@strongswan.org
-
-conn dave-alice
-        also=dave
-        leftsubnet=10.1.0.10/32
-	rightsourceip=10.3.0.2
-        auto=add
-
-conn dave-venus
-        also=dave
-        leftsubnet=10.1.0.20/32
-	rightsourceip=%dave-alice
-        auto=add
-
-conn dave
-        right=%any
-        rightid=dave@strongswan.org
-
diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index fb989daff..000000000
--- a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr kernel-netlink
-  dns1 = PH_IP_WINNETOU
-  dns2 = PH_IP6_VENUS
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/mode-config-multiple/pretest.dat b/testing/tests/ikev1/mode-config-multiple/pretest.dat
deleted file mode 100644
index 63f52e274..000000000
--- a/testing/tests/ikev1/mode-config-multiple/pretest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up alice
-carol::ipsec up venus 
-dave::ipsec up venus
-dave::ipsec up alice
-carol::sleep 1
diff --git a/testing/tests/ikev1/mode-config-multiple/test.conf b/testing/tests/ikev1/mode-config-multiple/test.conf
deleted file mode 100644
index d8fa5162d..000000000
--- a/testing/tests/ikev1/mode-config-multiple/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice venus"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/mode-config-push/description.txt b/testing/tests/ikev1/mode-config-push/description.txt
deleted file mode 100644
index 387c3b409..000000000
--- a/testing/tests/ikev1/mode-config-push/description.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
-Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKE Mode Config protocol
-by using the <b>leftsourceip=%modeconfig</b> parameter. By setting the option <b>modeconfig=push</b>
-on both the roadwarriors and the gateway, the Mode Config server <b>moon</b> will actively push
-the configuration down to <b>carol</b> and <b>dave</b>.
-<p>
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the
-tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping the client
-<b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two pings will
-be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1/mode-config-push/evaltest.dat b/testing/tests/ikev1/mode-config-push/evaltest.dat
deleted file mode 100644
index 3135a18fb..000000000
--- a/testing/tests/ikev1/mode-config-push/evaltest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.2::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/mode-config-push/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/mode-config-push/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 64c97eb16..000000000
--- a/testing/tests/ikev1/mode-config-push/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	rekey=no
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=%modeconfig
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	modeconfig=push
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/mode-config-push/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/mode-config-push/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 56f13324a..000000000
--- a/testing/tests/ikev1/mode-config-push/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/mode-config-push/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/mode-config-push/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index ba47559a0..000000000
--- a/testing/tests/ikev1/mode-config-push/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_DAVE
-	leftsourceip=%modeconfig
-	leftcert=daveCert.pem
-	leftid=dave@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	modeconfig=push
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/mode-config-push/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/mode-config-push/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 56f13324a..000000000
--- a/testing/tests/ikev1/mode-config-push/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/mode-config-push/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/mode-config-push/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 8b125ab80..000000000
--- a/testing/tests/ikev1/mode-config-push/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	modeconfig=push
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
-conn rw-carol
-	right=%any
-	rightid=carol@strongswan.org
-	rightsourceip=PH_IP_CAROL1
-	auto=add
-
-conn rw-dave
-	right=%any
-	rightid=dave@strongswan.org
-	rightsourceip=PH_IP_DAVE1
-	auto=add
diff --git a/testing/tests/ikev1/mode-config-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config-push/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index f8d952d21..000000000
--- a/testing/tests/ikev1/mode-config-push/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr kernel-netlink
-  dns1 = PH_IP_WINNETOU
-  dns2 = PH_IP_VENUS
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/mode-config-push/pretest.dat b/testing/tests/ikev1/mode-config-push/pretest.dat
deleted file mode 100644
index bb222992e..000000000
--- a/testing/tests/ikev1/mode-config-push/pretest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
-dave::ipsec up home
-carol::sleep 1
diff --git a/testing/tests/ikev1/mode-config-push/test.conf b/testing/tests/ikev1/mode-config-push/test.conf
deleted file mode 100644
index 1a8f2a4e0..000000000
--- a/testing/tests/ikev1/mode-config-push/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/mode-config-swapped/description.txt b/testing/tests/ikev1/mode-config-swapped/description.txt
deleted file mode 100644
index e29e6f654..000000000
--- a/testing/tests/ikev1/mode-config-swapped/description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Same scenario as test <a href="../mode-config/"><b>mode-config</b></a> but with
-swapped end definitions:  <b>right</b> denotes the <b>local</b> side whereas
-<b>left</b> stands for the <b>remote</b> peer.
diff --git a/testing/tests/ikev1/mode-config-swapped/evaltest.dat b/testing/tests/ikev1/mode-config-swapped/evaltest.dat
deleted file mode 100644
index 9d60cf7b0..000000000
--- a/testing/tests/ikev1/mode-config-swapped/evaltest.dat
+++ /dev/null
@@ -1,16 +0,0 @@
-carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/mode-config-swapped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/mode-config-swapped/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 4cea3d81b..000000000
--- a/testing/tests/ikev1/mode-config-swapped/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	right=PH_IP_CAROL
-	rightsourceip=%modeconfig
-	rightcert=carolCert.pem
-	rightid=carol@strongswan.org
-	rightfirewall=yes
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/mode-config-swapped/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/mode-config-swapped/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index cf96ddeca..000000000
--- a/testing/tests/ikev1/mode-config-swapped/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	right=PH_IP_DAVE
-	rightsourceip=%modeconfig
-	rightcert=daveCert.pem
-	rightid=dave@strongswan.org
-	rightfirewall=yes
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/mode-config-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/mode-config-swapped/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index b01f5b112..000000000
--- a/testing/tests/ikev1/mode-config-swapped/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightsourceip=PH_IP_MOON1
-	rightcert=moonCert.pem
-	rightid=@moon.strongswan.org
-	rightfirewall=yes
-
-conn rw-carol
-	left=%any
-	leftid=carol@strongswan.org
-	leftsourceip=PH_IP_CAROL1
-	auto=add
-
-conn rw-dave
-	left=%any
-	leftid=dave@strongswan.org
-	leftsourceip=PH_IP_DAVE1
-	auto=add
diff --git a/testing/tests/ikev1/mode-config-swapped/posttest.dat b/testing/tests/ikev1/mode-config-swapped/posttest.dat
deleted file mode 100644
index 42fa8359b..000000000
--- a/testing/tests/ikev1/mode-config-swapped/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1/mode-config-swapped/pretest.dat b/testing/tests/ikev1/mode-config-swapped/pretest.dat
deleted file mode 100644
index 1e45f00fd..000000000
--- a/testing/tests/ikev1/mode-config-swapped/pretest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/ikev1/mode-config-swapped/test.conf b/testing/tests/ikev1/mode-config-swapped/test.conf
deleted file mode 100644
index 1a8f2a4e0..000000000
--- a/testing/tests/ikev1/mode-config-swapped/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/mode-config/evaltest.dat b/testing/tests/ikev1/mode-config/evaltest.dat
deleted file mode 100644
index 7355a0560..000000000
--- a/testing/tests/ikev1/mode-config/evaltest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_WINNETOU .*from moon.strongswan.org::YES
-carol::cat /etc/resolv.conf::nameserver PH_IP_VENUS .*from moon.strongswan.org::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/mode-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/mode-config/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 9c75434c2..000000000
--- a/testing/tests/ikev1/mode-config/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=%modeconfig
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/mode-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 56f13324a..000000000
--- a/testing/tests/ikev1/mode-config/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/mode-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 56f13324a..000000000
--- a/testing/tests/ikev1/mode-config/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index f8d952d21..000000000
--- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr kernel-netlink
-  dns1 = PH_IP_WINNETOU
-  dns2 = PH_IP_VENUS
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/mode-config/posttest.dat b/testing/tests/ikev1/mode-config/posttest.dat
deleted file mode 100644
index 42fa8359b..000000000
--- a/testing/tests/ikev1/mode-config/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1/mode-config/test.conf b/testing/tests/ikev1/mode-config/test.conf
deleted file mode 100644
index 1a8f2a4e0..000000000
--- a/testing/tests/ikev1/mode-config/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/description.txt b/testing/tests/ikev1/multi-level-ca-cr-init/description.txt
new file mode 100644
index 000000000..602d026c2
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/description.txt
@@ -0,0 +1,6 @@
+The VPN gateway <b>moon</b> grants access to the hosts <b>alice</b> and
+<b>venus</b> to anyone presenting a certificate belonging to a trust chain anchored
+in the strongSwan Root CA.  The hosts <b>carol</b> and <b>dave</b> have certificates from
+the intermediate Research CA and Sales CA, respectively. Initiator <b>moon</b> does not possess
+copies of the Research and Sales CA certificates and must therefore request them from
+the responders <b>carol</b> and <b>dave</b>, respectively.
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/evaltest.dat b/testing/tests/ikev1/multi-level-ca-cr-init/evaltest.dat
new file mode 100644
index 000000000..03426ac44
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/evaltest.dat
@@ -0,0 +1,12 @@
+carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES
+dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
similarity index 73%
rename from testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
index 39a1aa825..7d2777a50 100755
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,13 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 
-conn home
+conn alice
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	leftsendcert=ifasked
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+	rightsubnet=PH_IP_ALICE/32
 	auto=add
-
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.secrets
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/attr-cert/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
similarity index 71%
rename from testing/tests/ikev1/attr-cert/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
index ce3903596..d012d7e50 100755
--- a/testing/tests/ikev1/attr-cert/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,21 +9,14 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+
+conn venus
 	left=PH_IP_DAVE
 	leftcert=daveCert.pem
 	leftid=dave@strongswan.org
+	leftsendcert=ifasked
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
-
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
-conn venus
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 	rightsubnet=PH_IP_VENUS/32
 	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
similarity index 56%
rename from testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
index 0b9917b53..7369e82ef 100755
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
+	plutostart=no
 
 ca strongswan
 	cacert=strongswanCert.pem
@@ -19,10 +16,19 @@ conn %default
 	keyexchange=ikev1
 	left=PH_IP_MOON
 	leftcert=moonCert.pem
+	leftsendcert=ifasked
 	leftid=@moon.strongswan.org
 
 conn alice
 	leftsubnet=PH_IP_ALICE/32
-	right=%any
-	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+	right=PH_IP_CAROL
+	rightid=carol@strongswan.org
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
+	auto=add
+	
+conn venus
+	leftsubnet=PH_IP_VENUS/32
+	right=PH_IP_DAVE
+	rightid=dave@strongswan.org
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 	auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-init/posttest.dat b/testing/tests/ikev1/multi-level-ca-cr-init/posttest.dat
new file mode 100644
index 000000000..24cd041ed
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
diff --git a/testing/tests/ikev1/esp-alg-des/pretest.dat b/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat
similarity index 52%
rename from testing/tests/ikev1/esp-alg-des/pretest.dat
rename to testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat
index 7d077c126..c8e7adcb7 100644
--- a/testing/tests/ikev1/esp-alg-des/pretest.dat
+++ b/testing/tests/ikev1/multi-level-ca-cr-init/pretest.dat
@@ -1,5 +1,7 @@
 moon::echo 1 > /proc/sys/net/ipv4/ip_forward
 carol::ipsec start
+dave::ipsec start
 moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
+moon::sleep 2
+moon::ipsec up alice
+moon::ipsec up venus
diff --git a/testing/tests/ikev1/attr-cert/test.conf b/testing/tests/ikev1/multi-level-ca-cr-init/test.conf
similarity index 100%
rename from testing/tests/ikev1/attr-cert/test.conf
rename to testing/tests/ikev1/multi-level-ca-cr-init/test.conf
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/description.txt b/testing/tests/ikev1/multi-level-ca-cr-resp/description.txt
new file mode 100644
index 000000000..06f9f6b91
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/description.txt
@@ -0,0 +1,6 @@
+The VPN gateway <b>moon</b> grants access to the hosts <b>alice</b> and
+<b>venus</b> to anyone presenting a certificate belonging to a trust chain anchored
+in the strongSwan Root CA.  The hosts <b>carol</b> and <b>dave</b> have certificates from
+the intermediate Research CA and Sales CA, respectively. Responder <b>moon</b> does not possess
+copies of the Research and Sales CA certificates and must therefore request them from
+the initiators <b>carol</b> and <b>dave</b>, respectively.
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/evaltest.dat b/testing/tests/ikev1/multi-level-ca-cr-resp/evaltest.dat
new file mode 100644
index 000000000..dcd271772
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/evaltest.dat
@@ -0,0 +1,12 @@
+carol::cat /var/log/daemon.log::sending issuer cert.*CN=Research CA::YES
+dave:: cat /var/log/daemon.log::sending issuer cert.*CN=Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
similarity index 76%
rename from testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
index 4d42b1419..303de2494 100755
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -14,14 +11,11 @@ conn %default
 	keyexchange=ikev1
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
+	leftsendcert=ifasked
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 
 conn alice
 	rightsubnet=PH_IP_ALICE/32
 	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.secrets
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.secrets
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
similarity index 69%
rename from testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
index 5f04445d2..8fe8e2cb4 100755
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -14,18 +11,11 @@ conn %default
 	keyexchange=ikev1
 	left=PH_IP_DAVE
 	leftcert=daveCert.pem
+	leftsendcert=ifasked
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
 conn venus
 	rightsubnet=PH_IP_VENUS/32
 	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
similarity index 69%
rename from testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
index f79c501a8..9286b6147 100755
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
+	plutostart=no
 
 ca strongswan
 	cacert=strongswanCert.pem
@@ -19,17 +16,17 @@ conn %default
 	keyexchange=ikev1
 	left=PH_IP_MOON
 	leftcert=moonCert.pem
+	leftsendcert=ifasked
 	leftid=@moon.strongswan.org
 
 conn alice
 	leftsubnet=PH_IP_ALICE/32
 	right=%any
-	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 	auto=add
 	
 conn venus
 	leftsubnet=PH_IP_VENUS/32
 	right=%any
-	rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 	auto=add
-	
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca-cr-resp/posttest.dat b/testing/tests/ikev1/multi-level-ca-cr-resp/posttest.dat
new file mode 100644
index 000000000..24cd041ed
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
diff --git a/testing/tests/ikev1/multi-level-ca-strict/pretest.dat b/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat
similarity index 78%
rename from testing/tests/ikev1/multi-level-ca-strict/pretest.dat
rename to testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat
index 67c50c2ef..f15265e32 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/pretest.dat
+++ b/testing/tests/ikev1/multi-level-ca-cr-resp/pretest.dat
@@ -4,6 +4,4 @@ dave::ipsec start
 moon::ipsec start
 carol::sleep 2
 carol::ipsec up alice
-carol::ipsec up venus
 dave::ipsec up venus
-dave::ipsec up alice
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/test.conf b/testing/tests/ikev1/multi-level-ca-cr-resp/test.conf
similarity index 100%
rename from testing/tests/ikev1/multi-level-ca-ldap/test.conf
rename to testing/tests/ikev1/multi-level-ca-cr-resp/test.conf
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/description.txt b/testing/tests/ikev1/multi-level-ca-ldap/description.txt
deleted file mode 100644
index 18fb88840..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/description.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
-<b>venus</b> by means of two different Intermediate CAs. Access to
-<b>alice</b> is granted to users presenting a certificate issued by the Research CA
-whereas <b>venus</b> can only be reached with a certificate issued by the
-Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from
-the Research CA and Sales CA, respectively. Therefore <b>carol</b> can access
-<b>alice</b> and <b>dave</b> can reach <b>venus</b>.
-<p>
-By setting <b>strictcrlpolicy=yes</b> the CRLs from the strongSwan, Research and
-Sales CAs must be fetched from the LDAP server <b>winnetou</b> first, before the
-connection setups can be successfully completed.
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat
deleted file mode 100644
index 9cfa502aa..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::cat /var/log/auth.log::PH_IP_CAROL.*X.509 certificate rejected::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::PH_IP_DAVE.*X.509 certificate rejected::YES
-dave::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::fetching crl from .*ldap://ldap.strongswan.org::YES
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index d9e5b119e..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-ca strongswan
-        cacert=strongswanCert.pem
-        crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
-        auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
-conn venus
-	rightsubnet=PH_IP_VENUS/32
-	auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index bf83264af..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
-	auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_DAVE
-	leftcert=daveCert.pem
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
-conn venus
-	rightsubnet=PH_IP_VENUS/32
-	auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 8de514a2e..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow ldap crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 389 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 389 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 50b896541..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,46 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
-	auto=add
-
-ca research 
-        cacert=researchCert.pem
-	crluri="ldap://ldap.strongswan.org/cn=Research CA, ou=Research, o=Linux strongSwan, c=CH?certificateRevocationList"
-	auto=add
-	
-ca sales 
-        cacert=salesCert.pem
-	crluri="ldap://ldap.strongswan.org/cn=Sales CA, ou=Sales, o=Linux strongSwan, c=CH?certificateRevocationList"
-	auto=add
-			
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
-conn alice
-	leftsubnet=PH_IP_ALICE/32
-	right=%any
-	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
-	auto=add
-	
-conn venus
-	leftsubnet=PH_IP_VENUS/32
-	right=%any
-	rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
-	auto=add
-	
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/posttest.dat b/testing/tests/ikev1/multi-level-ca-ldap/posttest.dat
deleted file mode 100644
index ec4ba6e10..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/posttest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::rm /etc/ipsec.d/cacerts/*
-winnetou::/etc/init.d/slapd stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/pretest.dat b/testing/tests/ikev1/multi-level-ca-ldap/pretest.dat
deleted file mode 100644
index 322f42102..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/pretest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-winnetou::/etc/init.d/slapd start
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up alice
-carol::ipsec up venus
-dave::ipsec up venus
-dave::ipsec up alice
diff --git a/testing/tests/ikev1/multi-level-ca-loop/description.txt b/testing/tests/ikev1/multi-level-ca-loop/description.txt
deleted file mode 100644
index 9b63c2c66..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-The roadwarrior <b>carol</b>, possessing a certificate issued by the
-Research CA, tries to set up a tunnel to gateway <b>moon</b>.
-The Research CA's certificate is signed by the Sales CA and
-the Sales CA's certificate in turn is signed by the Research CA.
-This leads to an endless trust path loop but which is aborted by
-<b>moon</b> when the path level reaches a depth of 7 iterations.
diff --git a/testing/tests/ikev1/multi-level-ca-loop/evaltest.dat b/testing/tests/ikev1/multi-level-ca-loop/evaltest.dat
deleted file mode 100644
index 524846109..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/evaltest.dat
+++ /dev/null
@@ -1,3 +0,0 @@
-moon::cat /var/log/auth.log::maximum path length of 7 exceeded::YES
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index f91ca63a8..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn alice
-	leftsubnet=PH_IP_ALICE/32
-	right=%any
-	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
-	auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem
deleted file mode 100644
index 37ef9c665..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/TCCAuWgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTEwMDcwMzE1MjgyOVoXDTE1MDcwMjE1MjgyOVowUTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsT
-CFJlc2VhcmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHf
-rxnGsvmDFCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9ID
-BxzQaQyUzsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx
-4PKJ54FO/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5q
-m+0iNKy0C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha
-/m0Ug494+wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOB5TCB4jAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPM
-x8gPKfPdVCAwbQYDVR0jBGYwZIAUX5sTRvkgcsgA1Yi1p0wul+oLkyihSaRHMEUx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
-ExJzdHJvbmdTd2FuIFJvb3QgQ0GCASEwNAYDVR0fBC0wKzApoCegJYYjaHR0cDov
-L2NybC5zdHJvbmdzd2FuLm9yZy9zYWxlcy5jcmwwDQYJKoZIhvcNAQELBQADggEB
-ALRTVUS8bpb3NrwWV/aIE6K9MvtX1kPzMUbZgykwOm4g1jfDmqbPw28X6YZESQ2B
-bG1QRh3SUpSoT5vplPcD4OCv3ORKACzGhx4xemd7TpYP8dnptfk66cfFCP+It0t4
-hP45BqlgVZfd5ZAO/ogRQ+2s79Obc5XPq/ShGvConGVOPDuqkWrP/ISIMdBXFHqk
-WyW24e/Kzq7pPMG18Ect7NA4gRXSiWx0U33lhWNasPvSKtKgC6dcmRNqjyTHQoFy
-02FLgKP1p214ThLkSr9dgHT6e69R7ES9Vin3DUgPuJdlXcax/BWm6gLugqHcXVGF
-yuVPkDSgPds6m0KQcEVnuaU=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem
deleted file mode 100644
index 0a435b90d..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBBzANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDcwMzE1MTgzOVoXDTE1MDcwMjE1MTgz
-OVowSzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAM
-BgNVBAsTBVNhbGVzMREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH
-/QcWm1Xfqnc9qaPPGoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq
-4JI87exSen1ggmCVEib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6
-XL9DKcRk3TxZtv9SuDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562
-kDtfQdwezat0LAyOsVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAj
-gbBRI1A3iqoU3Nq1vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOB6DCB5TAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1
-p0wul+oLkygwbQYDVR0jBGYwZIAU53XwoPKtIM3NYCPMx8gPKfPdVCChSaRHMEUx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQD
-ExJzdHJvbmdTd2FuIFJvb3QgQ0GCASAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDov
-L2NybC5zdHJvbmdzd2FuLm9yZy9yZXNlYXJjaC5jcmwwDQYJKoZIhvcNAQELBQAD
-ggEBADPiBfTbTkHwRdpt4iAY/wx0AKKwnF636+1E+m8dHn1HhTU8FZkiRCsRSRdx
-qpzprMga6v7ksV29CIJpTciaD48S2zWNsiQ2vfNB4UenG4wKVG8742CQakCzZk/7
-MrHutk+VDcN3oGcu4gFECPzrZiYPTVv74PCFRfd37SYlXmN0KF0Ivzgu2DNwJNMD
-Aa6sHs+/8H/7BbzHxUZkT7zrTuy4M5FGIKllQBxALp/8N/LN4vz0ZbLgbNU7Eo16
-EikbEASUs3Scmna+dFBSfexf0G9oqvHvxjWPiZRw6ZrS5TZkAE1DmdqLWwTNq/Fo
-aeDWsllgAdqMA2fL7i9tsFHZVYk=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/posttest.dat b/testing/tests/ikev1/multi-level-ca-loop/posttest.dat
deleted file mode 100644
index 076f51f4d..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::rm /etc/ipsec.d/cacerts/*
-
diff --git a/testing/tests/ikev1/multi-level-ca-loop/pretest.dat b/testing/tests/ikev1/multi-level-ca-loop/pretest.dat
deleted file mode 100644
index 0a0ec22bf..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::rm /etc/ipsec.d/cacerts/strongswanCert.pem
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up alice
diff --git a/testing/tests/ikev1/multi-level-ca-loop/test.conf b/testing/tests/ikev1/multi-level-ca-loop/test.conf
deleted file mode 100644
index 3189fdfc7..000000000
--- a/testing/tests/ikev1/multi-level-ca-loop/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/description.txt b/testing/tests/ikev1/multi-level-ca-pathlen/description.txt
deleted file mode 100644
index 1852f7157..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The <b>strongSwan Root CA</b> constrains the path length to <b>one</b> intermediate CA
-but the <b>Research CA</b> creates a subsidiary <b>Duck Research CA</b> which in turn
-issues an end entity certificate to roadwarrior <b>carol</b> so that the total
-path length becomes <b>two</b>. This is detected by gateway <b>moon</b> which aborts
-the negotiation.
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/evaltest.dat b/testing/tests/ikev1/multi-level-ca-pathlen/evaltest.dat
deleted file mode 100644
index 235b7672e..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/evaltest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::cat /var/log/auth.log::path length of 2 violates constraint of 1::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::duck.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 4e13b52d0..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEBzCCAu+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxGTAX
-BgNVBAMTEER1Y2sgUmVzZWFyY2ggQ0EwHhcNMDkxMTA0MTYyMzM1WhcNMTQxMTAz
-MTYyMzM1WjBfMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
-bjEWMBQGA1UECxMNRHVjayBSZXNlYXJjaDEdMBsGA1UEAxQUY2Fyb2xAc3Ryb25n
-c3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LueCi67Y
-IGRDKP5bkysGWZHrFrztq7elIFCPPSUxyIOYo4Upzr5WsvO0dIfcZY3agV2NcAI2
-30sATlfTUp+obedZMHbzE3VBvQuLjgK42ox2XIXDj23Vy496mVqlwUQulhBcAhMb
-jnBb4T0aR7WCnJvfzyckEyWrTN0ajRyQhJEmTn+spYNQX/2lg6hEn/K1T/3Py7sG
-veeF6BRenHR5L60NSK7qV7AU+hM4R0UIvgwYqzxSStgGS9G6Bwj9QTOWwSV1tuii
-ABiRdZSBoON0uMMpRjgEzuVe0f4VbOCIEXO8MtdpCu7Rwa9tc8OwneLcGCYVomr5
-7KKRJdvC5As3AgMBAAGjgdYwgdMwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD
-VR0OBBYEFFSYDz2TYOMxfyrIx20NhPPHTCOIMHkGA1UdIwRyMHCAFHYqqKQxp8Zx
-jzAlvAJmm8sXVI0goVWkUzBRMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXgg
-c3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDASBgNVBAMTC1Jlc2VhcmNo
-IENBggEFMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMA0GCSqGSIb3
-DQEBCwUAA4IBAQBIpl8SH4Nytgr6KvmXzns80u615WnDmP6oJrnwIZUkunVns8HH
-TFUVjvDKoQ+8CvuaH9Ifo2dokGjtGObeO4Y38y0xBIkUO+JpwfTa3SeCEhdOZb3G
-4e9WxHhV9IGfRyPsXQG+3JpAMaHYH+PNKiv7RBTq6rGaHzvgUEXRMTbv/bJI+Fs6
-Yfd/XxIur/ftVh4dZocyC74MUyXy5tyZJkHe1aBszOa0iT1852fq93lNUQPQqw0O
-3q3Lg7CvbNSdWqeAMqUgeBqh6oQItY9Exrwh0tfuCsjZ0oWXUBghsuiV+GTmZ6ok
-BiGmSmtX5OD4UtKcicuMRqnK2MYJHp1z1goE
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index 48727ed9d..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAui7ngouu2CBkQyj+W5MrBlmR6xa87au3pSBQjz0lMciDmKOF
-Kc6+VrLztHSH3GWN2oFdjXACNt9LAE5X01KfqG3nWTB28xN1Qb0Li44CuNqMdlyF
-w49t1cuPeplapcFELpYQXAITG45wW+E9Gke1gpyb388nJBMlq0zdGo0ckISRJk5/
-rKWDUF/9pYOoRJ/ytU/9z8u7Br3nhegUXpx0eS+tDUiu6lewFPoTOEdFCL4MGKs8
-UkrYBkvRugcI/UEzlsEldbboogAYkXWUgaDjdLjDKUY4BM7lXtH+FWzgiBFzvDLX
-aQru0cGvbXPDsJ3i3BgmFaJq+eyikSXbwuQLNwIDAQABAoIBAGK7cOXXsTbHpqO+
-33QsjQpnAWyLuFDJWS/l/RKYuFq4HKEbRgivrFxJtdciXNHRwPH43GWe2m3C6AEX
-ipd0H1qwPZkcjFfHH81mtPKismrY6tfxpLXaH8LamhHHtTxlSwTxa2d/aiaY2JjA
-zyhakrTa3AZJ0lXdGYLH1hC4eEdiPghIqwL8YNB0V2ldq+bMdtQ1i3dcmseV9TI2
-DEAKWzjc7oIcuY9HtfEEAIPzSSqwrM7wUWd9dk70o7b05eK9pnTF59Lnk5U1J1Ag
-QnXBHBZfLVDnTYd+dFWM8wUIpO0n6ccUToINppwSejyOs726jUuWGZCthxLBsFZp
-5Pj9B6ECgYEA3lRxGRJsAfMoyOc4kLfDmlDtrP88knRlqRW7mVYjclhMbVtrtaTP
-44VqmxKIVNQt1p5hB/Gn4kbhC7OnUja/FVHdosEjFhYNh+QCisyaS2V7RNyEidJX
-Q61V8v0Z7MxHxxDljVvWfSdAUDRrFwWYxRXZJWwStEmtdAbiZa6aydkCgYEA1mEV
-2D+gaR+oBouqcZMiSAjV/qHbnfw4EC2XFCw84JMPerBwl4noWCgvgf0lRirbI+Ar
-PDOfoclLnDQRgnqkK4okSIW0SddxttbKdDhhZ2c2CoyKxUqN7/NEyy/tZ2WZRcmX
-LILTLXzi/9qq8lF9odjIl5KKsRpXhqMsf5b1w48CgYEAqDT8yDo+yw7b6Xu+OQc/
-Ds5xs3P7sNYtX8qYfz9DXCxfzlDfYbMKsZlr+V0BFiTddUWoJal4GeMEOqU2TyYq
-VYf1hkBXOkt++zPPlJGNnsNtisDH6bng2cwXfdpttdEr8Pjgo5063r9GkifGacmL
-Nnj8K6rjT9F6UJEw0jtS0qkCgYAi3RMSYfaSYgWPWvNTGRyAHn++s0/l93iemOty
-6mbUFtZzm3IUEudoPtDLEQIY0StmQDSHy9VwGC5lrsoSMCO2uPaBnMzfHVxu4at3
-Dxw4Fr7hJE4FG8TNewB7EsZHBGzSvqAJKxVw1liMR2F5musVgQ3OKJTJjIEjcjHw
-Zfp93QKBgQCPp6SH510qK9Rf+HjeWXJpOB2ByruC5rBgqrxE4rbIB3/fAl86a3Kq
-Q1VqdGb+CW0FlkPshDmmdi3IoCliXywadSaXi/unPfPTel0pQAC8NM7WpPoaUfnS
-QgL5iNXshicKoE8U6PRhYvn81zVpt4bFn3DZRgIlau2GQnijLkGvQw==
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index ca5919d5c..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn duck 
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftsendcert=ifasked
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Duck Research CA"
-	auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem
deleted file mode 100644
index bb205a0fd..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/duckCert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID0jCCArqgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA5MTEwNDE2MTUwM1oXDTE1MTEwMzE2MTUw
-M1owVjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
-BgNVBAsTCFJlc2VhcmNoMRkwFwYDVQQDExBEdWNrIFJlc2VhcmNoIENBMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIBRSgHCxHhMjsVZo4PtFnENkHNu
-MfyRDsc7m1KRDVt8N4h/EcbduU7xeq/RjxZSmlc1q6EWEgDv3KwDYY0sX+qrpQKa
-ub5AgsRa2fOOR9xfyf0Q7Nc3oR3keWqQUiigCuaw9NQRtdMm/JFdXLNY3r60tBsO
-UHOJAPZNoGPey5UL9ZjjsN6ROUVTh0NAkFwkmnTRwmUvY5bi/T7ulsSkO9BrfqKD
-h/pliP7uZANd0ZpPcrIc68WwrelpI1zu0kYGqu/y8HZpuPuAXtGqS2jctrjSieeY
-i9wFLnS2tgV3ID4LzEEICSeqVqOvYgGKbarqLkARdxmdRKM9QYpu+5J+YQIDAQAB
-o4GvMIGsMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBR2
-KqikMafGcY8wJbwCZpvLF1SNIDBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
-891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDzANBgkqhkiG9w0BAQsF
-AAOCAQEAsHR1vDlz2sPQpD9xnt1PL4qX7XWSSM6d+QG3cjdiKCjH8t78ecEm1duv
-YozLg6SYHGUF9qYuPz2SAZjQjmIWLlkQpBfQm8/orG+jbsQl5HkXFYX0UWAKZFGx
-rjHnOzmQxnmIWHky4uMDT/UmhmWy6kuCmZbKeeOqkBR2gVxfLyzelTSbF4ntEm1C
-1XqqtM4OfTOD5QUPD+6rZ5RoIPId9+2A8pJ2NyCUCf47FbkmYzU5+oiChhcGzsC5
-wDlgP32NA88kSiSJ2p2ZveYveRqcyZXZDAiTxRaIwJY0bt2Dk4wKicvy6vPdLA5v
-DSlBqDpnqK8tEI9V9YeroihTcygrEg==
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/posttest.dat b/testing/tests/ikev1/multi-level-ca-pathlen/posttest.dat
deleted file mode 100644
index f84b7e37b..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/posttest.dat
+++ /dev/null
@@ -1,3 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::rm /etc/ipsec.d/cacerts/*
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/pretest.dat b/testing/tests/ikev1/multi-level-ca-pathlen/pretest.dat
deleted file mode 100644
index 9f0232a7b..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home 
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/test.conf b/testing/tests/ikev1/multi-level-ca-pathlen/test.conf
deleted file mode 100644
index b118cb7dc..000000000
--- a/testing/tests/ikev1/multi-level-ca-pathlen/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/description.txt b/testing/tests/ikev1/multi-level-ca-revoked/description.txt
deleted file mode 100644
index c91ac285b..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-The roadwarrior <b>carol</b> possesses a certificate issued by the Research CA.
-The certificate of the Research CA has been revoked by the Root CA by entering
-the serial number in the CRL. Therefore upon verification of the trust path
-the gateway <b>moon</b> will reject the roadwarrior's certificate  
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/evaltest.dat b/testing/tests/ikev1/multi-level-ca-revoked/evaltest.dat
deleted file mode 100644
index 0fd1cae8c..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/evaltest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::cat /var/log/auth.log::X.509 certificate rejected::YES
-moon::cat /var/log/auth.log::certificate was revoked::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::ipsec listcrls:: ok::YES
-moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
-carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 69e5c05e3..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
-N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
-BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
-dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
-hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
-HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
-3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
-Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
-AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
-891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
-YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
-ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
-il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
-CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
-n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
-8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
-pwU12A3BovJKUaR0B7Uy2A==
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index 53e18680b..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
-azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
-nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
-b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
-H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
-GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
-N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
-er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
-kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
-BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
-Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
-DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
-waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
-1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
-RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
-CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
-eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
-FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
-auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
-rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
-iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
-qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
-/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
-hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
-5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index fac55d63b..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
deleted file mode 100644
index c380a5110..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjUzNloXDTE0MDMyMTA2MjUzNlowUTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
-FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
-zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
-/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
-C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
-+wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
-BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
-VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAA4jpa5Vc/q94/X1
-LAHO2m7v2AFPl68SwspZLbCL7Le+iv5BUQ814Y9qCXMySak+NpZ5RLzm/cC+3GCa
-6eyozhZnS5LDxIgtStXWaC3vIQKQhJMwnc43RgcqneqqS5/H5zNXz/f0g/bRG8bN
-T6nO0ZRdpy8Zu0+fH3f/u9/sQPRX3iNL/rd3x/UVLoowkQHdKzZfjcrFm+8CPl4r
-9xOKjzC6epPY2ApfXmLodd0zemf84CKSJCXfkVlk0cYw1YLKUINnHToFfDAw0kCL
-cVc7wHWZlzSVSE3u0PYXVssnsm08RWqAGPL3TO09fnUntNMzlIxNpOTuWsKVXZPq
-YO2C4HE=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/posttest.dat b/testing/tests/ikev1/multi-level-ca-revoked/posttest.dat
deleted file mode 100644
index f84b7e37b..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/posttest.dat
+++ /dev/null
@@ -1,3 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::rm /etc/ipsec.d/cacerts/*
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/pretest.dat b/testing/tests/ikev1/multi-level-ca-revoked/pretest.dat
deleted file mode 100644
index d92333d86..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/test.conf b/testing/tests/ikev1/multi-level-ca-revoked/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/multi-level-ca-revoked/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/multi-level-ca-strict/description.txt b/testing/tests/ikev1/multi-level-ca-strict/description.txt
deleted file mode 100644
index 32413e3de..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/description.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
-<b>venus</b> by means of two different Intermediate CAs. Access to
-<b>alice</b> is granted to users presenting a certificate issued by the Research CA
-whereas <b>venus</b> can only be reached with a certificate issued by the
-Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from
-the Research CA and Sales CA, respectively. Therefore <b>carol</b> can access
-<b>alice</b> and <b>dave</b> can reach <b>venus</b>.
-<p>
-By setting <b>strictcrlpolicy=yes</b> the CRLs from the strongSwan, Research and
-Sales CAs must be fetched first, before the connection setups can be successfully completed.
diff --git a/testing/tests/ikev1/multi-level-ca-strict/evaltest.dat b/testing/tests/ikev1/multi-level-ca-strict/evaltest.dat
deleted file mode 100644
index 5a181a62d..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/evaltest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-moon::cat /var/log/auth.log::PH_IP_CAROL.*X.509 certificate rejected::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::PH_IP_DAVE.*X.509 certificate rejected::YES
-dave::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index cf93bb231..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
-conn venus
-	rightsubnet=PH_IP_VENUS/32
-	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 69e5c05e3..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
-N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
-BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
-dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
-hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
-HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
-3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
-Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
-AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
-891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
-YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
-ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
-il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
-CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
-n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
-8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
-pwU12A3BovJKUaR0B7Uy2A==
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index 53e18680b..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
-azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
-nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
-b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
-H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
-GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
-N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
-er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
-kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
-BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
-Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
-DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
-waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
-1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
-RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
-CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
-eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
-FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
-auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
-rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
-iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
-qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
-/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
-hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
-5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index fac55d63b..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
deleted file mode 100644
index d53365f78..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
-FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
-zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
-/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
-C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
-+wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
-BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
-VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
-FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
-cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
-POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
-xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
-dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
-8sFmiZI=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/posttest.dat b/testing/tests/ikev1/multi-level-ca-strict/posttest.dat
deleted file mode 100644
index 1646d5ed2..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/posttest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::rm /etc/ipsec.d/cacerts/*
-
diff --git a/testing/tests/ikev1/multi-level-ca-strict/test.conf b/testing/tests/ikev1/multi-level-ca-strict/test.conf
deleted file mode 100644
index 08e5cc145..000000000
--- a/testing/tests/ikev1/multi-level-ca-strict/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/multi-level-ca/evaltest.dat b/testing/tests/ikev1/multi-level-ca/evaltest.dat
index 72f620b8e..ede771fb6 100644
--- a/testing/tests/ikev1/multi-level-ca/evaltest.dat
+++ b/testing/tests/ikev1/multi-level-ca/evaltest.dat
@@ -1,12 +1,18 @@
-carol::cat /var/log/auth.log::alice.*we have a cert and are sending it upon request::YES
-moon::cat /var/log/auth.log::alice.*we have a cert and are sending it upon request::YES
-dave::cat /var/log/auth.log::venus.*we have a cert and are sending it upon request::YES
-moon::cat /var/log/auth.log::venus.*we have a cert and are sending it upon request::YES
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*research.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Research CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*sales.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*Sales CA::YES
+moon:: cat /var/log/daemon.log::fetching crl from.*http.*strongswan.crl::YES
+moon:: cat /var/log/daemon.log::crl correctly signed by.*strongSwan Root CA::YES
+carol::ipsec status 2> /dev/null::alice.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*carol@strongswan.org::YES
+carol::cat /var/log/daemon.log::received INVALID_ID_INFORMATION error notify::YES
+carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO
+moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
+moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
+dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES
+dave:: cat /var/log/daemon.log::received INVALID_ID_INFORMATION error notify::YES
+dave:: ipsec status 2> /dev/null::alice.*INSTALLED::NO
+moon:: ipsec status 2> /dev/null::alice.*ESTABLISHED.*dave@strongswan.org::NO
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
index d11724c28..7449468ef 100755
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -17,6 +14,7 @@ conn %default
 	leftsendcert=ifasked
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 
 conn alice
 	rightsubnet=PH_IP_ALICE/32
@@ -25,8 +23,3 @@ conn alice
 conn venus
 	rightsubnet=PH_IP_VENUS/32
 	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
index 2d80aad8a..1c7943ee4 100755
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -17,6 +14,7 @@ conn %default
 	leftsendcert=ifasked
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
+	rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
 
 conn alice
 	rightsubnet=PH_IP_ALICE/32
@@ -25,8 +23,3 @@ conn alice
 conn venus
 	rightsubnet=PH_IP_VENUS/32
 	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
index 9b97015fd..e799d6392 100755
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 ca strongswan
 	cacert=strongswanCert.pem
@@ -33,4 +30,3 @@ conn venus
 	right=%any
 	rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
 	auto=add
-	
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..85d8c191f
--- /dev/null
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
+}
diff --git a/testing/tests/ikev1/nat-before-esp/description.txt b/testing/tests/ikev1/nat-before-esp/description.txt
deleted file mode 100644
index e42ace476..000000000
--- a/testing/tests/ikev1/nat-before-esp/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-An IPsec tunnel connecting the gateway <b>moon</b> with the subnet behind
-gateway <b>sun</b> is set up. This host-to-net connection can also be
-used by the clients <b>alice</b> and <b>venus</b> via the trick of NAT-ing
-them to the outer IP address of gateway <b>moon</b> prior to tunnelling.
-The IPsec tunnel is first tested by <b>moon</b> pinging <b>bob</b> and vice versa,
-followed by the NAT-ed clients <b>alice</b> and <b>venus</b> pinging <b>bob</b>.
diff --git a/testing/tests/ikev1/nat-before-esp/evaltest.dat b/testing/tests/ikev1/nat-before-esp/evaltest.dat
deleted file mode 100644
index d466038ed..000000000
--- a/testing/tests/ikev1/nat-before-esp/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::ipsec status::host-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::host-net.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-bob::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
-bob::tcpdump::ICMP::YES
diff --git a/testing/tests/ikev1/nat-before-esp/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/nat-before-esp/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index f87ec0e58..000000000
--- a/testing/tests/ikev1/nat-before-esp/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# NAT traffic from 10.1.0.0/16
-	iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -j MASQUERADE
-	
-	# forward traffic from 10.1.0.0/16 to POSTROUTING chain
-	iptables -A FORWARD -i eth1 -o eth0 -s 10.1.0.0/16 -d 10.2.0.0/16 -j ACCEPT
-	iptables -A FORWARD -o eth1 -i eth0 -d 10.1.0.0/16 -s 10.2.0.0/16 -j ACCEPT
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/nat-before-esp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/nat-before-esp/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 1ee1b7749..000000000
--- a/testing/tests/ikev1/nat-before-esp/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn host-net
-	left=192.168.0.1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=192.168.0.2
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/nat-before-esp/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/nat-before-esp/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index 57496e10e..000000000
--- a/testing/tests/ikev1/nat-before-esp/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn host-net
-	left=192.168.0.2
-	leftcert=sunCert.pem
-	leftid=@sun.strongswan.org
-	leftfirewall=yes
-	leftsubnet=10.2.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/nat-before-esp/posttest.dat b/testing/tests/ikev1/nat-before-esp/posttest.dat
deleted file mode 100644
index 307b96888..000000000
--- a/testing/tests/ikev1/nat-before-esp/posttest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::iptables -t nat -v -n -L
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/nat-before-esp/pretest.dat b/testing/tests/ikev1/nat-before-esp/pretest.dat
deleted file mode 100644
index 75565540a..000000000
--- a/testing/tests/ikev1/nat-before-esp/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-sun::ipsec start
-moon::sleep 2
-moon::ipsec up host-net
diff --git a/testing/tests/ikev1/nat-before-esp/test.conf b/testing/tests/ikev1/nat-before-esp/test.conf
deleted file mode 100644
index 4234eaf63..000000000
--- a/testing/tests/ikev1/nat-before-esp/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
- 
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun bob"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/nat-one-rw/description.txt b/testing/tests/ikev1/nat-one-rw/description.txt
deleted file mode 100644
index c3b9bb820..000000000
--- a/testing/tests/ikev1/nat-one-rw/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarrior <b>alice</b> sitting behind the NAT router <b>moon</b> sets up a tunnel to
-gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnel, the NAT-ed host <b>alice</b> pings the
-client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/nat-one-rw/evaltest.dat b/testing/tests/ikev1/nat-one-rw/evaltest.dat
deleted file mode 100644
index bc193963d..000000000
--- a/testing/tests/ikev1/nat-one-rw/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev1/nat-one-rw/posttest.dat b/testing/tests/ikev1/nat-one-rw/posttest.dat
deleted file mode 100644
index cd0d4df25..000000000
--- a/testing/tests/ikev1/nat-one-rw/posttest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-alice::ipsec stop
-sun::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-moon::iptables -t nat -F
-moon::conntrack -F
diff --git a/testing/tests/ikev1/nat-one-rw/pretest.dat b/testing/tests/ikev1/nat-one-rw/pretest.dat
deleted file mode 100644
index 9dacc672c..000000000
--- a/testing/tests/ikev1/nat-one-rw/pretest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-alice::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-alice::ipsec start
-sun::ipsec start
-alice::sleep 5
-alice::ipsec up nat-t
-
diff --git a/testing/tests/ikev1/nat-one-rw/test.conf b/testing/tests/ikev1/nat-one-rw/test.conf
deleted file mode 100644
index d84149aaf..000000000
--- a/testing/tests/ikev1/nat-one-rw/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice sun"
diff --git a/testing/tests/ikev1/nat-two-rw/description.txt b/testing/tests/ikev1/nat-rw/description.txt
similarity index 100%
rename from testing/tests/ikev1/nat-two-rw/description.txt
rename to testing/tests/ikev1/nat-rw/description.txt
diff --git a/testing/tests/ikev1/nat-rw/evaltest.dat b/testing/tests/ikev1/nat-rw/evaltest.dat
new file mode 100644
index 000000000..e0b458dba
--- /dev/null
+++ b/testing/tests/ikev1/nat-rw/evaltest.dat
@@ -0,0 +1,18 @@
+alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES
+venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES
+sun::  ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES
+alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL, ESP in UDP::YES
+sun::  ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL, ESP in UDP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+moon:: sleep 6::no output expected::NO
+bob::  ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+bob::  ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP-encap: ESP::YES
+moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP-encap: ESP::YES
+moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: isakmp-nat-keep-alive::YES
+alice::cat /var/log/daemon.log::sending keep alive::YES
+venus::cat /var/log/daemon.log::sending keep alive::YES
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/nat-rw/hosts/alice/etc/ipsec.conf
similarity index 69%
rename from testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.conf
rename to testing/tests/ikev1/nat-rw/hosts/alice/etc/ipsec.conf
index eee3c45e8..864878104 100755
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/alice/etc/ipsec.conf
@@ -1,9 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	nat_traversal=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -11,11 +9,13 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	authby=secret
 		
 conn nat-t
-	left=%defaultroute
+	left=%any
+	leftcert=aliceCert.pem
+	leftid=alice@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
 	rightsubnet=10.2.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..dabff38e4
--- /dev/null
+++ b/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  keep_alive = 5
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/nat-rw/hosts/sun/etc/ipsec.conf
similarity index 71%
rename from testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.conf
rename to testing/tests/ikev1/nat-rw/hosts/sun/etc/ipsec.conf
index a7c500fe2..2d9cbf786 100755
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/sun/etc/ipsec.conf
@@ -1,9 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	nat_traversal=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -11,12 +9,13 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	authby=secret
-	
+
 conn nat-t
 	left=PH_IP_SUN
-	leftsubnet=10.2.0.0/16
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
 	leftfirewall=yes
+	leftsubnet=10.2.0.0/16
 	right=%any
-	rightsubnetwithin=10.1.0.0/16
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..ca23c6971
--- /dev/null
+++ b/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1/nat-rw/hosts/venus/etc/ipsec.conf
similarity index 69%
rename from testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.conf
rename to testing/tests/ikev1/nat-rw/hosts/venus/etc/ipsec.conf
index eee3c45e8..87bce2552 100755
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.conf
+++ b/testing/tests/ikev1/nat-rw/hosts/venus/etc/ipsec.conf
@@ -1,9 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	nat_traversal=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -11,11 +9,13 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	authby=secret
-		
+
 conn nat-t
-	left=%defaultroute
+	left=%any
+	leftcert=venusCert.pem
+	leftid=@venus.strongswan.org
 	leftfirewall=yes
 	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
 	rightsubnet=10.2.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
new file mode 100644
index 000000000..dabff38e4
--- /dev/null
+++ b/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+
+  keep_alive = 5
+}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/posttest.dat b/testing/tests/ikev1/nat-rw/posttest.dat
similarity index 100%
rename from testing/tests/ikev1/nat-two-rw-psk/posttest.dat
rename to testing/tests/ikev1/nat-rw/posttest.dat
diff --git a/testing/tests/ikev1/nat-two-rw/pretest.dat b/testing/tests/ikev1/nat-rw/pretest.dat
similarity index 91%
rename from testing/tests/ikev1/nat-two-rw/pretest.dat
rename to testing/tests/ikev1/nat-rw/pretest.dat
index dd5259936..e365ff5c5 100644
--- a/testing/tests/ikev1/nat-two-rw/pretest.dat
+++ b/testing/tests/ikev1/nat-rw/pretest.dat
@@ -7,7 +7,8 @@ moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-
 alice::ipsec start
 venus::ipsec start
 sun::ipsec start
-alice::sleep 5 
+alice::sleep 2 
 alice::ipsec up nat-t
-venus::sleep 5 
+venus::sleep 2 
 venus::ipsec up nat-t
+venus::sleep 2
diff --git a/testing/tests/ikev1/nat-two-rw-psk/test.conf b/testing/tests/ikev1/nat-rw/test.conf
similarity index 100%
rename from testing/tests/ikev1/nat-two-rw-psk/test.conf
rename to testing/tests/ikev1/nat-rw/test.conf
diff --git a/testing/tests/ikev1/nat-two-rw-mark/description.txt b/testing/tests/ikev1/nat-two-rw-mark/description.txt
deleted file mode 100644
index 2a93d11d8..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/description.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
-tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
-Since both roadwarriors possess the same 10.1.0.0/25 subnet, gateway <b>sun</b> uses Source NAT
-after ESP decryption to map these subnets to 10.3.0.10 and 10.3.0.20, respectively.
-<p/>
-In order to differentiate between the tunnels to <b>alice</b> and <b>venus</b>, respectively,
-<b>XFRM marks</b> are defined for both the inbound and outbound IPsec SAs and policies using
-the <b>mark</b> parameter in ipsec.conf.
-<p/>
-<b>iptables -t mangle</b> rules are then used in the PREROUTING chain to mark the traffic to
-and from <b>alice</b> and <b>venus</b>, respectively.
-<p/>
-The script designated by <b>leftupdown=/etc/mark_updown</b> automatically inserts 
-iptables mangle rules that mark the inbound ESP_IN_UDP packets as well as iptables IPsec-policy rules 
-that let pass the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> 
-and <b>venus</b> ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/nat-two-rw-mark/evaltest.dat b/testing/tests/ikev1/nat-two-rw-mark/evaltest.dat
deleted file mode 100644
index fa64c3d88..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/evaltest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-venus::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::alice.*STATE_QUICK_R2.*IPsec SA established::YES
-sun::ipsec status::alice.*alice@strongswan.org::YES
-sun::ipsec status::venus.*STATE_QUICK_R2.*IPsec SA established::YES
-sun::ipsec status::venus.*venus.strongswan.org::YES
-sun::ipsec statusall::alice.*10.2.0.0/16===.*===10.1.0.0/25::YES
-sun::ipsec statusall::venus.*10.2.0.0/16===.*===10.1.0.0/25::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.4510.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP moon.strongswan.org.4520.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.4510.*: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.4520.*: UDP::YES
-bob::tcpdump::10.3.0.10 > bob.strongswan.org: ICMP echo request::YES
-bob::tcpdump::10.3.0.20 > bob.strongswan.org: ICMP echo request::YES
-bob::tcpdump::bob.strongswan.org > 10.3.0.10: ICMP echo reply::YES
-bob::tcpdump::bob.strongswan.org > 10.3.0.20: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/nat-two-rw-mark/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/nat-two-rw-mark/hosts/alice/etc/ipsec.conf
deleted file mode 100755
index 4ed556226..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn nat-t
-	left=%defaultroute
-	leftsubnet=10.1.0.0/25
-	leftcert=aliceCert.pem
-	leftid=alice@strongswan.org
-	leftfirewall=yes
-	lefthostaccess=yes
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	rightsubnet=10.2.0.0/16
-	auto=add
diff --git a/testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index 2b346430e..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control parsing" #parsing to get knl 2 messages
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn alice
-	rightid=alice@strongswan.org
-	mark=10/0xffffffff
-	also=sun
-	auto=add
-
-conn venus
-	rightid=@venus.strongswan.org
-	mark=20  #0xffffffff is used by default
-	also=sun
-	auto=add
-
-conn sun
-	left=PH_IP_SUN
-	leftcert=sunCert.pem
-	leftid=@sun.strongswan.org
-	leftsubnet=10.2.0.0/16
-	leftupdown=/etc/mark_updown
-	right=%any
-	rightsubnet=10.1.0.0/25
diff --git a/testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/mark_updown b/testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/mark_updown
deleted file mode 100755
index 0d22e684d..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/hosts/sun/etc/mark_updown
+++ /dev/null
@@ -1,527 +0,0 @@
-#! /bin/sh
-# updown script setting inbound marks on ESP traffic in the mangle chain
-#
-# Copyright (C) 2003-2004 Nigel Meteringham
-# Copyright (C) 2003-2004 Tuomo Soini
-# Copyright (C) 2002-2004 Michael Richardson
-# Copyright (C) 2005-2010 Andreas Steffen <andreas.steffen@strongswan.org>
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-
-# CAUTION:  Installing a new version of strongSwan will install a new
-# copy of this script, wiping out any custom changes you make.  If
-# you need changes, make a copy of this under another name, and customize
-# that, and use the (left/right)updown parameters in ipsec.conf to make
-# strongSwan use yours instead of this default one.
-
-# things that this script gets (from ipsec_pluto(8) man page)
-#
-#      PLUTO_VERSION
-#              indicates  what  version of this interface is being
-#              used.  This document describes version  1.1.   This
-#              is upwardly compatible with version 1.0.
-#
-#       PLUTO_VERB
-#              specifies the name of the operation to be performed
-#              (prepare-host, prepare-client, up-host, up-client,
-#              down-host, or down-client).  If the address family
-#              for security gateway to security gateway communica-
-#              tions is IPv6, then a suffix of -v6 is added to the
-#              verb.
-#
-#       PLUTO_CONNECTION
-#              is the name of the  connection  for  which  we  are
-#              routing.
-#
-#       PLUTO_NEXT_HOP
-#              is the next hop to which packets bound for the peer
-#              must be sent.
-#
-#       PLUTO_INTERFACE
-#              is the name of the ipsec interface to be used.
-#
-#       PLUTO_REQID
-#              is the requid of the ESP policy
-#
-#       PLUTO_ME
-#              is the IP address of our host.
-#
-#       PLUTO_MY_ID
-#              is the ID of our host.
-#
-#       PLUTO_MY_CLIENT
-#              is the IP address / count of our client subnet.  If
-#              the  client  is  just  the  host,  this will be the
-#              host's own IP address / max (where max  is  32  for
-#              IPv4 and 128 for IPv6).
-#
-#       PLUTO_MY_CLIENT_NET
-#              is the IP address of our client net.  If the client
-#              is just the host, this will be the  host's  own  IP
-#              address.
-#
-#       PLUTO_MY_CLIENT_MASK
-#              is  the  mask for our client net.  If the client is
-#              just the host, this will be 255.255.255.255.
-#
-#       PLUTO_MY_SOURCEIP
-#              if non-empty, then the source address for the route will be
-#              set to this IP address.
-#
-#       PLUTO_MY_PROTOCOL
-#              is the IP protocol that will be transported.
-#
-#       PLUTO_MY_PORT
-#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
-#              restricted on our side.
-#
-#       PLUTO_PEER
-#              is the IP address of our peer.
-#
-#       PLUTO_PEER_ID
-#              is the ID of our peer.
-#
-#       PLUTO_PEER_CA
-#              is the CA which issued the cert of our peer.
-#
-#       PLUTO_PEER_CLIENT
-#              is the IP address / count of the peer's client sub-
-#              net.   If the client is just the peer, this will be
-#              the peer's own IP address / max (where  max  is  32
-#              for IPv4 and 128 for IPv6).
-#
-#       PLUTO_PEER_CLIENT_NET
-#              is the IP address of the peer's client net.  If the
-#              client is just the peer, this will  be  the  peer's
-#              own IP address.
-#
-#       PLUTO_PEER_CLIENT_MASK
-#              is  the  mask  for  the  peer's client net.  If the
-#              client   is   just   the   peer,   this   will   be
-#              255.255.255.255.
-#
-#       PLUTO_PEER_PROTOCOL
-#              is the IP protocol that will be transported.
-#
-#       PLUTO_PEER_PORT
-#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
-#              restricted on the peer side.
-#
-#       PLUTO_XAUTH_ID
-#              is an optional user ID employed by the XAUTH protocol
-#
-#       PLUTO_MARK_IN
-#              is an optional XFRM mark set on the inbound IPsec SA
-#
-#       PLUTO_MARK_OUT
-#              is an optional XFRM mark set on the outbound IPsec SA
-#
-#       PLUTO_UDP_ENC
-#              contains the remote UDP port in the case of ESP_IN_UDP
-#              encapsulation
-#
-
-# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin"
-export PATH
-
-# uncomment to log VPN connections
-VPN_LOGGING=1
-#
-# tag put in front of each log entry:
-TAG=vpn
-#
-# syslog facility and priority used:
-FAC_PRIO=local0.notice
-#
-# to create a special vpn logging file, put the following line into
-# the syslog configuration file /etc/syslog.conf:
-#
-# local0.notice                   -/var/log/vpn
-
-# in order to use source IP routing the Linux kernel options
-# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES
-# must be enabled
-#
-# special routing table for sourceip routes
-SOURCEIP_ROUTING_TABLE=220
-#
-# priority of the sourceip routing table
-SOURCEIP_ROUTING_TABLE_PRIO=220
-
-# check interface version
-case "$PLUTO_VERSION" in
-1.[0|1])	# Older Pluto?!?  Play it safe, script may be using new features.
-	echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
-	echo "$0: 	called by obsolete Pluto?" >&2
-	exit 2
-	;;
-1.*)	;;
-*)	echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
-	exit 2
-	;;
-esac
-
-# check parameter(s)
-case "$1:$*" in
-':')			# no parameters
-	;;
-iptables:iptables)	# due to (left/right)firewall; for default script only
-	;;
-custom:*)		# custom parameters (see above CAUTION comment)
-	;;
-*)	echo "$0: unknown parameters \`$*'" >&2
-	exit 2
-	;;
-esac
-
-# utility functions for route manipulation
-# Meddling with this stuff should not be necessary and requires great care.
-uproute() {
-	doroute add
-	ip route flush cache
-}
-downroute() {
-	doroute delete
-	ip route flush cache
-}
-
-addsource() {
-	st=0
-	if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
-	then
-	    it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
-	    oops="`eval $it 2>&1`"
-	    st=$?
-	    if test " $oops" = " " -a " $st" != " 0"
-	    then
-		oops="silent error, exit status $st"
-	    fi
-	    if test " $oops" != " " -o " $st" != " 0"
-	    then
-		echo "$0: addsource \`$it' failed ($oops)" >&2
-	    fi
-	fi
-	return $st
-}
-
-doroute() {
-	st=0
-
-	if [ -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    for dir in /etc/sysconfig /etc/conf.d; do
-		if [ -f "$dir/defaultsource" ]
-		then
-		    . "$dir/defaultsource"
-		fi
-	    done
-
-	    if [ -n "$DEFAULTSOURCE" ]
-	    then
-		PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
-	    fi
-        fi
-
-	if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    # leave because no route entry is required
-	    return $st
-	fi
-
-	parms1="$PLUTO_PEER_CLIENT"
-
-	if [ -n "$PLUTO_NEXT_HOP" ]
-	then
-	    parms2="via $PLUTO_NEXT_HOP"
-	else
-	    parms2="via $PLUTO_PEER"
-	fi
-	parms2="$parms2 dev $PLUTO_INTERFACE"
-
-	parms3=
-	if [ -n "$PLUTO_MY_SOURCEIP" ]
-	then
-	    if test "$1" = "add"
-	    then
-		addsource
-		if ! ip rule list | grep -q "lookup $SOURCEIP_ROUTING_TABLE"
-		then
-		    ip rule add pref $SOURCEIP_ROUTING_TABLE_PRIO table $SOURCEIP_ROUTING_TABLE
-		fi
-	    fi
-	    parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table $SOURCEIP_ROUTING_TABLE"
-	fi
-
-	case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-	"0.0.0.0/0.0.0.0")
-		# opportunistic encryption work around
-		# need to provide route that eclipses default, without
-		# replacing it.
-		it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
-			ip route $1 128.0.0.0/1 $parms2 $parms3"
-		;;
-	*)	it="ip route $1 $parms1 $parms2 $parms3"
-		;;
-	esac
-	oops="`eval $it 2>&1`"
-	st=$?
-	if test " $oops" = " " -a " $st" != " 0"
-	then
-	    oops="silent error, exit status $st"
-	fi
-	if test " $oops" != " " -o " $st" != " 0"
-	then
-	    echo "$0: doroute \`$it' failed ($oops)" >&2
-	fi
-	return $st
-}
-
-# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
-if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
-then
-	KLIPS=1
-	IPSEC_POLICY_IN=""
-	IPSEC_POLICY_OUT=""
-else
-	KLIPS=
-	IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
-	IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-	IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-fi
-
-# is there an inbound mark to be set?
-if [ -n "$PLUTO_MARK_IN" ]
-then
-	if [ -n "$PLUTO_UDP_ENC" ]
-	then
-	    SET_MARK="-p udp --sport $PLUTO_UDP_ENC"
-	else
-		SET_MARK="-p esp"
-	fi
-	SET_MARK="$SET_MARK -s $PLUTO_PEER -j MARK --set-mark $PLUTO_MARK_IN"
-fi
-
-# are there port numbers?
-if [ "$PLUTO_MY_PORT" != 0 ]
-then
-	S_MY_PORT="--sport $PLUTO_MY_PORT"
-	D_MY_PORT="--dport $PLUTO_MY_PORT"
-fi
-if [ "$PLUTO_PEER_PORT" != 0 ]
-then
-	S_PEER_PORT="--sport $PLUTO_PEER_PORT"
-	D_PEER_PORT="--dport $PLUTO_PEER_PORT"
-fi
-
-# resolve octal escape sequences
-PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
-PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
-
-# the big choice
-case "$PLUTO_VERB:$1" in
-prepare-host:*|prepare-client:*)
-	if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    # exit because no route will be added,
-	    # so that existing routes can stay
-	    exit 0
-	fi
-
-	# delete possibly-existing route (preliminary to adding a route)
-	case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-	"0.0.0.0/0.0.0.0")
-		# need to provide route that eclipses default, without
-		# replacing it.
-		parms1="0.0.0.0/1"
-		parms2="128.0.0.0/1"
-		it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
-		oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
-		;;
-	*)
-		parms="$PLUTO_PEER_CLIENT"
-		it="ip route delete $parms 2>&1"
-		oops="`ip route delete $parms 2>&1`"
-		;;
-	esac
-	status="$?"
-	if test " $oops" = " " -a " $status" != " 0"
-	then
-		oops="silent error, exit status $status"
-	fi
-	case "$oops" in
-	*'RTNETLINK answers: No such process'*)
-		# This is what route (currently -- not documented!) gives
-		# for "could not find such a route".
-		oops=
-		status=0
-		;;
-	esac
-	if test " $oops" != " " -o " $status" != " 0"
-	then
-		echo "$0: \`$it' failed ($oops)" >&2
-	fi
-	exit $status
-	;;
-route-host:*|route-client:*)
-	# connection to me or my client subnet being routed
-	uproute
-	;;
-unroute-host:*|unroute-client:*)
-	# connection to me or my client subnet being unrouted
-	downroute
-	;;
-up-host:)
-	# connection to me coming up
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -A PREROUTING $SET_MARK
-	fi
-	iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
-	#
-	# log IPsec host connection setup
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
-	  else
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-	  fi
-	fi
-	;;
-down-host:)
-	# connection to me going down
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -D PREROUTING $SET_MARK
-	fi
-	iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
-	#
-	# log IPsec host connection teardown
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO -- \
-	      "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
-	  else
-	    logger -t $TAG -p $FAC_PRIO -- \
-	    "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-	  fi
-	fi
-	;;
-up-client:)
-	# connection to my client subnet coming up
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -A PREROUTING $SET_MARK
-	fi
-	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-	then
-	  iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
-	  iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	fi
-	#
-	# a virtual IP requires an INPUT and OUTPUT rule on the host
-	# or sometimes host access via the internal IP is needed
-	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-	then
-	  iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	  iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
-	fi
-	#
-	# log IPsec client connection setup
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  else
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  fi
-	fi
-	;;
-down-client:)
-	# connection to my client subnet going down
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -D PREROUTING $SET_MARK
-	fi
-	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-	then
-	  iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-	         $IPSEC_POLICY_OUT -j ACCEPT
-	  iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
-	         $IPSEC_POLICY_IN -j ACCEPT
-	fi
-	#
-	# a virtual IP requires an INPUT and OUTPUT rule on the host
-	# or sometimes host access via the internal IP is needed
-	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-	then
-	  iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
-	         $IPSEC_POLICY_IN -j ACCEPT
-	  iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-	         $IPSEC_POLICY_OUT -j ACCEPT
-	fi
-	#
-	# log IPsec client connection teardown
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO -- \
-	      "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  else
-	    logger -t $TAG -p $FAC_PRIO -- \
-	      "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  fi
-	fi
-	;;
-*)	echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
-	exit 1
-	;;
-esac
diff --git a/testing/tests/ikev1/nat-two-rw-mark/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1/nat-two-rw-mark/hosts/venus/etc/ipsec.conf
deleted file mode 100755
index 0be3477c1..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/hosts/venus/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn nat-t
-	left=%defaultroute
-	leftsubnet=10.1.0.0/25
-	leftcert=venusCert.pem
-	leftid=@venus.strongswan.org
-	leftfirewall=yes
-	lefthostaccess=yes
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	rightsubnet=10.2.0.0/16
-	auto=add
diff --git a/testing/tests/ikev1/nat-two-rw-mark/posttest.dat b/testing/tests/ikev1/nat-two-rw-mark/posttest.dat
deleted file mode 100644
index 89d5f534b..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/posttest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-sun::iptables -t mangle -v -n -L PREROUTING
-sun::ipsec stop
-alice::ipsec stop
-venus::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-venus::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-moon::iptables -t nat -F
-moon::conntrack -F
-sun::conntrack -F
-sun::rm /etc/mark_updown
diff --git a/testing/tests/ikev1/nat-two-rw-mark/pretest.dat b/testing/tests/ikev1/nat-two-rw-mark/pretest.dat
deleted file mode 100644
index 310e5be71..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/pretest.dat
+++ /dev/null
@@ -1,21 +0,0 @@
-alice::/etc/init.d/iptables start 2> /dev/null
-venus::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON
-moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 500  -j SNAT --to PH_IP_MOON:510
-moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_VENUS -p udp --sport 500  -j SNAT --to PH_IP_MOON:520
-moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_ALICE -p udp --sport 4500 -j SNAT --to PH_IP_MOON:4510
-moon::iptables -t nat -A POSTROUTING -o eth0 -s PH_IP_VENUS -p udp --sport 4500 -j SNAT --to PH_IP_MOON:4520
-sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3.0.10
-sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20
-sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 10
-sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 20
-alice::ipsec start
-venus::ipsec start
-sun::ipsec start
-alice::sleep 2
-alice::ipsec up nat-t
-venus::sleep 2
-venus::ipsec up nat-t
-venus::sleep 2
diff --git a/testing/tests/ikev1/nat-two-rw-mark/test.conf b/testing/tests/ikev1/nat-two-rw-mark/test.conf
deleted file mode 100644
index ae3c190b8..000000000
--- a/testing/tests/ikev1/nat-two-rw-mark/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon bob"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1/nat-two-rw-psk/description.txt b/testing/tests/ikev1/nat-two-rw-psk/description.txt
deleted file mode 100644
index c74897d9a..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the NAT router <b>moon</b> set up
-tunnels to gateway <b>sun</b>. UDP encapsulation is used to traverse the NAT router.
-Both roadwarriors share the same Pre-Shared Key (PSK) with the gateway <b>sun</b>.
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
-ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/nat-two-rw-psk/evaltest.dat b/testing/tests/ikev1/nat-two-rw-psk/evaltest.dat
deleted file mode 100644
index e8aaf0b5f..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-venus::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
-sun::ipsec status::nat-t.*\[PH_IP_ALICE\]::YES
-sun::ipsec status::nat-t.*\[PH_IP_VENUS\]::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets
deleted file mode 100644
index e8c151f05..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 453cdc07c..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets
deleted file mode 100644
index e8c151f05..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index 453cdc07c..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets
deleted file mode 100644
index e8c151f05..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
deleted file mode 100644
index 453cdc07c..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/nat-two-rw-psk/pretest.dat b/testing/tests/ikev1/nat-two-rw-psk/pretest.dat
deleted file mode 100644
index 6172bd088..000000000
--- a/testing/tests/ikev1/nat-two-rw-psk/pretest.dat
+++ /dev/null
@@ -1,16 +0,0 @@
-alice::/etc/init.d/iptables start 2> /dev/null
-venus::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p udp -j SNAT --to-source PH_IP_MOON:1024-1100
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to-source PH_IP_MOON:2000-2100
-alice::rm /etc/ipsec.d/cacerts/*
-venus::rm /etc/ipsec.d/cacerts/*
-sun::rm /etc/ipsec.d/cacerts/*
-alice::ipsec start
-venus::ipsec start
-sun::ipsec start
-alice::sleep 5 
-alice::ipsec up nat-t
-venus::sleep 5 
-venus::ipsec up nat-t
diff --git a/testing/tests/ikev1/nat-two-rw/evaltest.dat b/testing/tests/ikev1/nat-two-rw/evaltest.dat
deleted file mode 100644
index 03c6d8ae6..000000000
--- a/testing/tests/ikev1/nat-two-rw/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-venus::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
-sun::ipsec status::nat-t.*alice@strongswan.org::YES
-sun::ipsec status::nat-t.*venus.strongswan.org::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
-moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
diff --git a/testing/tests/ikev1/nat-two-rw/posttest.dat b/testing/tests/ikev1/nat-two-rw/posttest.dat
deleted file mode 100644
index 52572ece8..000000000
--- a/testing/tests/ikev1/nat-two-rw/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-sun::ipsec stop
-alice::ipsec stop
-venus::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-venus::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-moon::iptables -t nat -F
-moon::conntrack -F
diff --git a/testing/tests/ikev1/nat-two-rw/test.conf b/testing/tests/ikev1/nat-two-rw/test.conf
deleted file mode 100644
index 84317fd70..000000000
--- a/testing/tests/ikev1/nat-two-rw/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1/net2net-cert/evaltest.dat b/testing/tests/ikev1/net2net-cert/evaltest.dat
index 7cbf92687..c98f5d78d 100644
--- a/testing/tests/ikev1/net2net-cert/evaltest.dat
+++ b/testing/tests/ikev1/net2net-cert/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/ipsec.conf
similarity index 77%
rename from testing/tests/ikev1/net2net-route/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/net2net-cert/hosts/moon/etc/ipsec.conf
index bc72fab0f..46d243c18 100755
--- a/testing/tests/ikev1/net2net-route/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -13,13 +10,13 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 
-conn net-net
+conn net-net 
 	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
 	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
 	rightid=@sun.strongswan.org
-	auto=route
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/passthrough/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/ipsec.conf
similarity index 68%
rename from testing/tests/ikev1/passthrough/hosts/sun/etc/ipsec.conf
rename to testing/tests/ikev1/net2net-cert/hosts/sun/etc/ipsec.conf
index 7541aa894..6545f66c9 100755
--- a/testing/tests/ikev1/passthrough/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/ipsec.conf
@@ -1,26 +1,22 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
-	keyingtries=1
+        keyingtries=1
 	keyexchange=ikev1
 
-conn net-net
+conn net-net 
 	left=PH_IP_SUN
 	leftcert=sunCert.pem
 	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
 	leftfirewall=yes
-	leftsubnet=0.0.0.0/0
 	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..bad10ca43
--- /dev/null
+++ b/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/net2net-cert/posttest.dat b/testing/tests/ikev1/net2net-cert/posttest.dat
index 5a9150bc8..a4c96e10f 100644
--- a/testing/tests/ikev1/net2net-cert/posttest.dat
+++ b/testing/tests/ikev1/net2net-cert/posttest.dat
@@ -2,3 +2,4 @@ moon::ipsec stop
 sun::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 sun::/etc/init.d/iptables stop 2> /dev/null
+
diff --git a/testing/tests/ikev1/net2net-cert/pretest.dat b/testing/tests/ikev1/net2net-cert/pretest.dat
index 9f60760c6..2d7a78acb 100644
--- a/testing/tests/ikev1/net2net-cert/pretest.dat
+++ b/testing/tests/ikev1/net2net-cert/pretest.dat
@@ -2,5 +2,5 @@ moon::/etc/init.d/iptables start 2> /dev/null
 sun::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
 sun::ipsec start
-moon::sleep 2
+moon::sleep 1 
 moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-pgp-v3/description.txt b/testing/tests/ikev1/net2net-pgp-v3/description.txt
deleted file mode 100644
index bd680b57a..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-The authentication is based on <b>OpenPGP V3 keys</b>. Upon the successful
-establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
-pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/net2net-pgp-v3/evaltest.dat b/testing/tests/ikev1/net2net-pgp-v3/evaltest.dat
deleted file mode 100644
index 7cbf92687..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index a38c66023..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control parsing"
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	
-conn net-net
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftcert=moonCert.asc
-	leftid=@#71270432cd763a18020ac988c0e75aed
-	leftfirewall=yes
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightcert=sunCert.asc
-	auto=add
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc
deleted file mode 100644
index 135cfaec0..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/moonCert.asc
+++ /dev/null
@@ -1,15 +0,0 @@
-Type Bits/KeyID    Date       User ID
-pub  1024/613A3B61 2005/08/07 moon <moon.strongswan.org>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: 2.6.3i
-
-mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61
-+bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9
-RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR
-tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB
-vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1
-f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac
-t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP
-=oaBj
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc
deleted file mode 100644
index 32f204b10..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/certs/sunCert.asc
+++ /dev/null
@@ -1,15 +0,0 @@
-Type Bits/KeyID    Date       User ID
-pub  1024/79949ADD 2005/08/07 sun <sun.strongswan.org>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: 2.6.3i
-
-mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ
-rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7
-I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR
-tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR
-A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj
-0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn
-lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ==
-=lLvB
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc
deleted file mode 100644
index 6524773e0..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.d/private/moonKey.asc
+++ /dev/null
@@ -1,19 +0,0 @@
-Type Bits/KeyID    Date       User ID
-sec  1024/613A3B61 2005/08/07 moon <moon.strongswan.org>
-
------BEGIN PGP SECRET KEY BLOCK-----
-Version: 2.6.3i
-
-lQHYA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61
-+bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9
-RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR
-AAP9Fj7OaaCfTL3Met8yuS8ZGMDL/fq+4f2bM+OdPSgD4N1Fiye0B1QMCVGWI1Xd
-JXS0+9QI0A3iD12YAnYwsP50KmsLHA69AqchN7BuimoMfHDXqpTSRW57E9MCEzQ9
-FFN8mVPRiDxAUro8qCjdHmk1vmtdt/PXn1BuXHE36SzZmmMCANBA4WHaO6MJshM6
-7StRicSCxoMn/lPcj6rfJS4EaS+a0MwECxKQ3HKTpP3/+7kaWfLI/D65Xmi3cVK3
-0CPwUK8CAP2RYWoBZPSA8dBGFYwR7W6bdNYhdmGmsVCaM7v4sVr0FwHwMERadByN
-8v0n5As3ZbrCURRp68wuE+JjfOM5mO8CAM3ZK7AVlBOqkoI3X3Ji3yviLlsr2ET7
-QrVKFQBq7eUhwYFo6mVemEqQb61tGirq+qL4Wfk/7+FffZPsUyLX1amfjLQabW9v
-biA8bW9vbi5zdHJvbmdzd2FuLm9yZz4=
-=YFQm
------END PGP SECRET KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index afb1ff927..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.asc
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 71896491e..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index 6a373e29f..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	
-conn net-net
-	left=PH_IP_SUN
-	leftsubnet=10.2.0.0/16
-	leftcert=sunCert.asc
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightcert=moonCert.asc
-	rightid=@#71270432cd763a18020ac988c0e75aed
-	auto=add
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc
deleted file mode 100644
index 135cfaec0..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/moonCert.asc
+++ /dev/null
@@ -1,15 +0,0 @@
-Type Bits/KeyID    Date       User ID
-pub  1024/613A3B61 2005/08/07 moon <moon.strongswan.org>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: 2.6.3i
-
-mQCNA0L2KI8AAAEEAM5GYrwuf1M9Cv7+Yfr6i5+17zMVGIyj/D4+msK43iUbEH61
-+bhRKcrF+9NKvM+ujjZoUbfGjUipsBbTlPTaY7muZ9KaVy2OBHm73x13eiemkPS9
-RFWesrL9L39aBO5K47ti0PwRP8QIPMaNWMs2z7yoZLE/flVNQfWsCnlhOjthAAUR
-tBptb29uIDxtb29uLnN0cm9uZ3N3YW4ub3JnPokAlQMFEEL2KI/1rAp5YTo7YQEB
-vX4EAKtr0e6WMDIRlpE4VhhdQ7AgBgGyhgfqAdD9KDx8o4fG4nkmh7H1bG/PLJA1
-f+UfDGnOyIwPOrILNyNnwAbDHXjJaNylahM7poOP7i0VlbhZPLAC0cSQi02/Zrac
-t5bED5tHSrNSjcA/CjuxRuu9lmR6s57IQnQnwt9I4LTM+CFP
-=oaBj
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc
deleted file mode 100644
index 32f204b10..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/certs/sunCert.asc
+++ /dev/null
@@ -1,15 +0,0 @@
-Type Bits/KeyID    Date       User ID
-pub  1024/79949ADD 2005/08/07 sun <sun.strongswan.org>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: 2.6.3i
-
-mQCNA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ
-rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7
-I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR
-tBhzdW4gPHN1bi5zdHJvbmdzd2FuLm9yZz6JAJUDBRBC9ipvHSlWl3mUmt0BAUZR
-A/43nuZbxADMSviu54Mj8pvQbYeGLQVabiWT6h7L0ZPX4MWpFH3dTixBfRrZRSsj
-0AgiMMuZAMebfOe+Xf9uDQv7p1yumEiNg43tg85zyawkARWNTZZ04woxtvAqNwXn
-lQotGz7YA6JMxry9RQo5yI4Y4dPnVZ/o8eDpP0+I88cOhQ==
-=lLvB
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc
deleted file mode 100644
index de2393649..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.d/private/sunKey.asc
+++ /dev/null
@@ -1,19 +0,0 @@
-Type Bits/KeyID    Date       User ID
-sec  1024/79949ADD 2005/08/07 sun <sun.strongswan.org>
-
------BEGIN PGP SECRET KEY BLOCK-----
-Version: 2.6.3i
-
-lQHYA0L2Km8AAAEEANRAVMn8HBxfYaGhLqtQ3IZJArn9wpcQ+7sH/F9PaXIjzHRQ
-rfFkfmxxp9lVjCk0LM/BnnlnUmyz6F8K7V0Gi40Am4+ln1zHvZZIQJYGrDhDnjb7
-I5TVeD4Ib5bQ1CoUbIhv2LocCeR6OjefQgGmerC5RQ3d5ci7uB0pVpd5lJrdAAUR
-AAP8DHxBOQ7UeiO6cutdGSLfy6nxGf/eRR8d3dNLFKpRfy9IQxPN/yQHb8pzSQUI
-Pqi3V4PcJUJQJIMNqzzgyTyey/OdTc+IFngywRGKQowyD7vY+urVbcEDHe+sRTL1
-GvrsQGMZoXNDimABHn5NbT6Pc06xQ9rNvpCSyHMyzcylpk0CANqf96aEaryGJozg
-vSN5GlS77rPJ9Y9mU2EJs1+0BlMcb7Sy4HN2RRc/V56ZmlW2m3UbGwPqG8R9XQQ2
-LO03bTcCAPiJbTcRdA/YnZExbZPgEnV5nq8tVXTc7bz1Sw7ZWRef0iZyIQEXbwLn
-2Z2EJik9bQpkcVJSBV17cH7Av/VdIosCAKJPVoBETiVzWejIpGHHqbnmZC8P9rUs
-xAXZbNukbL3YElLeopNMyddTi6kf45/m0sb7fr7rzW/OJ7WP8mDrGPec4rQYc3Vu
-IDxzdW4uc3Ryb25nc3dhbi5vcmc+
-=DwEu
------END PGP SECRET KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets
deleted file mode 100644
index ee98b1611..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA sunKey.asc
diff --git a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index 71896491e..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/net2net-pgp-v3/posttest.dat b/testing/tests/ikev1/net2net-pgp-v3/posttest.dat
deleted file mode 100644
index fafcde975..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-moon::rm /etc/ipsec.d/certs/*
-moon::rm /etc/ipsec.d/private/*
-sun::rm /etc/ipsec.d/certs/*
-sun::rm /etc/ipsec.d/private/*
diff --git a/testing/tests/ikev1/net2net-pgp-v3/pretest.dat b/testing/tests/ikev1/net2net-pgp-v3/pretest.dat
deleted file mode 100644
index 9e40684ab..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/pretest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::rm /etc/ipsec.d/cacerts/*
-sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-sun::ipsec start
-moon::sleep 2
-moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-pgp-v3/test.conf b/testing/tests/ikev1/net2net-pgp-v3/test.conf
deleted file mode 100644
index f74d0f7d6..000000000
--- a/testing/tests/ikev1/net2net-pgp-v3/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/net2net-pgp-v4/description.txt b/testing/tests/ikev1/net2net-pgp-v4/description.txt
deleted file mode 100644
index c82eec9ba..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-The authentication is based on <b>OpenPGP V4 keys</b>. Upon the successful
-establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
-pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/net2net-pgp-v4/evaltest.dat b/testing/tests/ikev1/net2net-pgp-v4/evaltest.dat
deleted file mode 100644
index 7cbf92687..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 094ab3bed..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control parsing"
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	
-conn net-net
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftcert=moonCert.asc
-	leftfirewall=yes
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightcert=sunCert.asc
-	rightid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3
-	auto=add
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc
deleted file mode 100644
index a512f8f52..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/moonCert.asc
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-mQENBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf
-UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A
-nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd
-6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/
-I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f
-JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAG0E21vb24uc3Ryb25nc3dh
-bi5vcmeJATcEEwECACEFAkpg0UQCGwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AA
-CgkQ9djQiWs7dNHHNQf/UiwJPioLef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8K
-N2yl6/L8djIdox0jw3yCYhCWxf94N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K
-1niLPYmJf5sMWXPAmetT6tNEHNhkmE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1Y
-D4HulHK0nfMxf1gVmFhRFtGpzrGS26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk
-/EoRdO7hDOAEk80Gp23bDX6ygnvsAqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv
-1I5GZ96wAo+s+KZAXaHlxFvq7r6OMzxgEWTtyNTtG4kBHAQQAQIABgUCSmDShgAK
-CRCXegSsjRY401hVB/9HlBSdkal26U8HmVSjblOpMhaEKWjAZG1VnhcA5/GstzHc
-ql7CuciAzOfRY9kcUvvonjLLBEb6P8H7mNaosE0XtqBI+Il8w6FIsfqXG+w2lISt
-21/OoS3uXmUD43xdGkJACgoQP3eAqscRnoiNq/Wrg4GFvMmhK3pu3UR0joFrxwoX
-mIbpJ1CZFrYDhLRFWUMV+93rzde7UfIeSuPwuE96yTJFgc4QKKFKT+msELTko9Fb
-G5N0Q//Rfy+mbqQlk7JVd2WqUMfSx6Fw9X8z88uQamdcgx2/6HzFSL1QiBNyF/3D
-spAwu2H5T4gSZH3FywlmRp+JJzNy+aci+M/eTvDz
-=j2hu
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc
deleted file mode 100644
index 5117cbb04..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/certs/sunCert.asc
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-mQENBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB
-QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM
-/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV
-CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP
-B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN
-4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAG0EnN1bi5zdHJvbmdzd2Fu
-Lm9yZ4kBNwQTAQIAIQUCSmDRuAIbAwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK
-CRCXegSsjRY407LCCACqHrnT1xqsQRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g
-0P+Scnu84xj1o5bRWX2WyPYZUgDY6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0
-eNYmehGoIes4JfQm08UM7roywGaaWAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/D
-RLu5rvCB6m5u62RncmppraAYuQWRjZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG
-6XXcCnBr/34g/bQXWRxBhbf91ewVaDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97j
-vnvvZKUwbd/TRFJkorkhkRpA1wSrJ0tAsvODgc8biQEcBBABAgAGBQJKYNK9AAoJ
-EPXY0IlrO3TR8X4H/2eabptQ49q6SX5bwZ+13QoGZdarAvFxVGbbhaRrOrbsYNbg
-Wd8k6R/Uwz1qkH3RJBmANm2wcDYhXsztprUrQ3a5jIgZfc+ZH/0cZiFUWk004m7t
-mXdvWsGkbxye0kUChQOP9/VJBgpOBnK4MngX7d3nwSIO75r4ugey2Aud/eOvrm5m
-t5MJBANTGAnBGwqXtsDm7v0L9VQY6PuLIgPwftB+vwy/Ea8vU5AmFKVkfAR/pVIT
-gELY5mDHaqLxgvfMVJ+PFkvb5HF7QdpIcxUjo3SNgyOyYpN+pfQQbVLkPoOs1xqf
-lIbIyjzMp02KM3iRElcuU/EBEfsp0/voJ/iyd+o=
-=tAh4
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc
deleted file mode 100644
index 59de821d6..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.d/private/moonKey.asc
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN PGP PRIVATE KEY BLOCK-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-lQOYBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf
-UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A
-nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd
-6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/
-I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f
-JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAEAB/42Vsa7NTpAgwe92+gx
-nscTQsjTs9xf5VSQV6gRKWmUAQYNZoNDue2Ot5AeBJFWV8x++fWAZfrrkLJUkwu/
-Z8UcPbSuJhEsrG4F5B3owTy8cBPbNYd9c6JZAKFPBY8W5l9M5OQyUF1amiuk/1jX
-BNPEN6SBK3j0IhZvQ2bIgCJrxUH9igvOig2HmfOYv11UMzOErSA/eGRSA+TrM+QK
-BDCG1ae3dLe/pXtIuh1/jkLo7Byk0ofgv2+Ty/LSwBCj0vtUjtMHHRNZFRYFrNiN
-S6FyrS7+Q9BJolNkuXT83i4dm208+6bKQBPxV3ZaLgf2y19/g5av8f745ercygQI
-MdGBBADaWGKpev55Oom2gNV4jaQFaAc4K4OqW1IbsXk8QSl1iaoHmt9VlGP+A+8O
-GG+h0cfIlUHnAC29Hs5lDnlByqdTnG9zTyOrnzZEY1+jFGGgs+O/ehS3riGI5dB8
-mwReZfY/aqp7naLkkymHuIAizmxkYORPZtTugyi99Zha4m8j4QQA+39fTOthVIYi
-RXMzGknEjh9fMLvCkx33ghapCtc4ftJRACfaatQJVBG2li7LHbPg9fboIyG/x/Ey
-iyGtPxwBLo7MJige6xpzVB4Qk+zLDCKouca29uY1rGQzZ0FTmMMtu3Rm+dKh9lLv
-vg7ZJNTfhxldC+R/L/gOIBWEzy/iXaMD/2A+wQuKDLDRb9/sOiq/6z7Ryl6FPbTC
-AvvNU3hJtRImfmHodob//zzYYgOY7exY/qubC6FsDW4AN+2iHesCdIzCrAG7v9X3
-Rn1WPq96FfY2y5b6qEl8Tx+a71TZi5RJRtoWPe3IolausE0T3IjRbWI4XgMu/T5o
-Rmv/f5gyc5OxPpG0E21vb24uc3Ryb25nc3dhbi5vcmeJATcEEwECACEFAkpg0UQC
-GwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AACgkQ9djQiWs7dNHHNQf/UiwJPioL
-ef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8KN2yl6/L8djIdox0jw3yCYhCWxf94
-N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K1niLPYmJf5sMWXPAmetT6tNEHNhk
-mE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1YD4HulHK0nfMxf1gVmFhRFtGpzrGS
-26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk/EoRdO7hDOAEk80Gp23bDX6ygnvs
-AqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv1I5GZ96wAo+s+KZAXaHlxFvq7r6O
-MzxgEWTtyNTtGw==
-=Vb4y
------END PGP PRIVATE KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index afb1ff927..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.asc
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 71896491e..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index 428b10ce6..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	
-conn net-net
-	left=PH_IP_SUN
-	leftsubnet=10.2.0.0/16
-	leftcert=sunCert.asc
-	leftid=@#b42f31fec80ae3264a101c85977a04ac8d1638d3
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightcert=moonCert.asc
-	auto=add
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc
deleted file mode 100644
index a512f8f52..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/moonCert.asc
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-mQENBEpg0UQBCADWgUvdhUfaNdmWZkvECCcDRE+qlbJnVtIbBNkfsfTL1B20g2Mf
-UhWJORD0ka01pc6Tc5BF/379npNu48lj0g6OdgG5ivvhAAK/6tdGNW/xZQEhTB+A
-nmOu/9HbxtsXjZ5peX6F2k8OlG9hSJgTdGamhmkNaja0FrzSOz5jGhrEc2oCQVnd
-6BXRz4eq7W+VwlC6cxlgi7f5pUFfSqKYVwPLf+VkPVUHo+vSzuidJSL/jaEr9my/
-I0c/fUsVVWa3Z/KyGNY4Ej1DB21PnWYBo9H5SK7YC7auiHGwekdybWoI/6IPOP3f
-JqKbhO3ZbTw9bEZv+Lt52GeN4tNaWsOIbpVDABEBAAG0E21vb24uc3Ryb25nc3dh
-bi5vcmeJATcEEwECACEFAkpg0UQCGwMHCwkIBwMCAQQVAggDBBYCAwECHgECF4AA
-CgkQ9djQiWs7dNHHNQf/UiwJPioLef7dgGG2E+kwVQUK3LK+wXLrCVlRdTpSbw8K
-N2yl6/L8djIdox0jw3yCYhCWxf94N4Yqw4zUjaA4wt+U37ZPqlx/kdfNZwn2383K
-1niLPYmJf5sMWXPAmetT6tNEHNhkmE7CsmDqikX1GUvJ4NmoHp/2DQLKR4/Olb1Y
-D4HulHK0nfMxf1gVmFhRFtGpzrGS26G3HzV0ZDs4fYEkVFfTBkCyGzE667O8W9Gk
-/EoRdO7hDOAEk80Gp23bDX6ygnvsAqUeWNwYYctkiJKb/YMiAR/bOtFHtgN43atv
-1I5GZ96wAo+s+KZAXaHlxFvq7r6OMzxgEWTtyNTtG4kBHAQQAQIABgUCSmDShgAK
-CRCXegSsjRY401hVB/9HlBSdkal26U8HmVSjblOpMhaEKWjAZG1VnhcA5/GstzHc
-ql7CuciAzOfRY9kcUvvonjLLBEb6P8H7mNaosE0XtqBI+Il8w6FIsfqXG+w2lISt
-21/OoS3uXmUD43xdGkJACgoQP3eAqscRnoiNq/Wrg4GFvMmhK3pu3UR0joFrxwoX
-mIbpJ1CZFrYDhLRFWUMV+93rzde7UfIeSuPwuE96yTJFgc4QKKFKT+msELTko9Fb
-G5N0Q//Rfy+mbqQlk7JVd2WqUMfSx6Fw9X8z88uQamdcgx2/6HzFSL1QiBNyF/3D
-spAwu2H5T4gSZH3FywlmRp+JJzNy+aci+M/eTvDz
-=j2hu
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc
deleted file mode 100644
index 5117cbb04..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/certs/sunCert.asc
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-mQENBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB
-QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM
-/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV
-CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP
-B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN
-4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAG0EnN1bi5zdHJvbmdzd2Fu
-Lm9yZ4kBNwQTAQIAIQUCSmDRuAIbAwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAK
-CRCXegSsjRY407LCCACqHrnT1xqsQRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g
-0P+Scnu84xj1o5bRWX2WyPYZUgDY6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0
-eNYmehGoIes4JfQm08UM7roywGaaWAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/D
-RLu5rvCB6m5u62RncmppraAYuQWRjZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG
-6XXcCnBr/34g/bQXWRxBhbf91ewVaDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97j
-vnvvZKUwbd/TRFJkorkhkRpA1wSrJ0tAsvODgc8biQEcBBABAgAGBQJKYNK9AAoJ
-EPXY0IlrO3TR8X4H/2eabptQ49q6SX5bwZ+13QoGZdarAvFxVGbbhaRrOrbsYNbg
-Wd8k6R/Uwz1qkH3RJBmANm2wcDYhXsztprUrQ3a5jIgZfc+ZH/0cZiFUWk004m7t
-mXdvWsGkbxye0kUChQOP9/VJBgpOBnK4MngX7d3nwSIO75r4ugey2Aud/eOvrm5m
-t5MJBANTGAnBGwqXtsDm7v0L9VQY6PuLIgPwftB+vwy/Ea8vU5AmFKVkfAR/pVIT
-gELY5mDHaqLxgvfMVJ+PFkvb5HF7QdpIcxUjo3SNgyOyYpN+pfQQbVLkPoOs1xqf
-lIbIyjzMp02KM3iRElcuU/EBEfsp0/voJ/iyd+o=
-=tAh4
------END PGP PUBLIC KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc
deleted file mode 100644
index 68899ae37..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.d/private/sunKey.asc
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN PGP PRIVATE KEY BLOCK-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-
-lQOYBEpg0bgBCADIozng/tZLr8mEcHvXe4S4zRE31EngymiBFytJ0r2sky43lJXB
-QdW2h/elDDO2drrKVt9iwR/WS25r7Er1ibDn1cje9dERDU/IWyS7UaCewUG7WTZM
-/aWrt1cnq11FhpdckQfdalh+au0rnsJJP+mwZBti6KtX9LFi0kKvVoDt+jlNJMlV
-CLRgQ30BmgApiqEDxbVURmHf8UPDNy6GDcQYnJ1AmliIavzjpDl/l68TadBCf8WP
-B2hBe/AoB9ODgc9GnBRMN6RGSvpXGBugKhleFUtCtUR0h3NZtpcD8479XuqSjbyN
-4mUEAeXJIIkT/hLHmmbQK0DTrHPaTtXGfeOjABEBAAEAB/0XU57hkU9R6mSoALnt
-Qh+aqsDjOEvEllPTGmH+icFipJP9g0lr+B8EQ0egCUyj3Kb36mS7Yw+0Bv4WDxlh
-9bm7Iohhn7vIWz9Y4HvjSWi+vGJLiWI+TkkqLz0zUAGemTjU2snKzNfwDrd3WFRn
-VsZxKxpiBAITzk+nWSHGp+yCfl3NVaA/MYAI+FgiQlq/qTCRreEsexAJ09weDLGN
-P95V4E6LACRy+wiy7X0lRzS1047UUtTcZUF6c5ERfgAGT5NKT/ZA4THZy5pPrSOw
-bRIHbozSlWbnrZNz8DNa4iyHsEw/42IvjU/LflmGWL2hvVxA40ezlxGVi5ea5gFV
-5q9dBADWGXToEaHMqie/HAC4+1/VCTmAvqIKcegNWHCL1PGYBBfRonF/TDcbkawy
-0ATlk+rkyTaRvkapb1LdqE1qThGQWC6iLb3v8E2UEizCM1VFo2EqcKxbCoJdsEtR
-mrK/zIqZ/h/4iEu/ekLPeDwdIWWdBlfYTtTwdMH40eoPOLyo/QQA7+dSOQcAUp8H
-1NuNpyK+9M3/mkpXRF3cqdiY7AnHIf4WWDtgDUHugtO8HlAkq4cL27QYBojVHCqB
-P+NLJo6A35nNbt2IPqAotCgk8NlgtsA+oJ9tvWGarOLMnIt0eBv80blqa5PGeoFt
-EuYxYO2bRAE2cQtMXPMLKpl3VKSRMR8EAKINBJ81zq2twDG1qvRg40XAz2LOKkFd
-B+fNAd0JSC8+qx4MMdn0iL6WaCIN6t1wzI7l1whLUc7f3MPF2dwrsrB9j3MgHppr
-GBLl0A3a1tIkWPAejMcpSgFR63ooQQgoX+XH0woST3wgHTZT6fF+zFn3eaGJ3wqv
-JNcE4vcbJf1COoi0EnN1bi5zdHJvbmdzd2FuLm9yZ4kBNwQTAQIAIQUCSmDRuAIb
-AwcLCQgHAwIBBBUCCAMEFgIDAQIeAQIXgAAKCRCXegSsjRY407LCCACqHrnT1xqs
-QRAIL9GQtI6AkaLJLtJXbALtSKg1Ik1DQA9g0P+Scnu84xj1o5bRWX2WyPYZUgDY
-6fB3bSQuX/Z0lIUtl16xRL53jKroGDzg3JZ0eNYmehGoIes4JfQm08UM7roywGaa
-WAfTK2gDFdjsetU4FkpbziVp8cOeAzUMU5/DRLu5rvCB6m5u62RncmppraAYuQWR
-jZALIxugFW9IBe+hItY3eBa0rnrCPUb2ywSG6XXcCnBr/34g/bQXWRxBhbf91ewV
-aDxgLeoFzQl34h8MxxxBAzG/1023wkN+K97jvnvvZKUwbd/TRFJkorkhkRpA1wSr
-J0tAsvODgc8b
-=QOF4
------END PGP PRIVATE KEY BLOCK-----
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets
deleted file mode 100644
index ee98b1611..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA sunKey.asc
diff --git a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index 71896491e..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/net2net-pgp-v4/posttest.dat b/testing/tests/ikev1/net2net-pgp-v4/posttest.dat
deleted file mode 100644
index fafcde975..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-moon::rm /etc/ipsec.d/certs/*
-moon::rm /etc/ipsec.d/private/*
-sun::rm /etc/ipsec.d/certs/*
-sun::rm /etc/ipsec.d/private/*
diff --git a/testing/tests/ikev1/net2net-pgp-v4/pretest.dat b/testing/tests/ikev1/net2net-pgp-v4/pretest.dat
deleted file mode 100644
index 9e40684ab..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/pretest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::rm /etc/ipsec.d/cacerts/*
-sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-sun::ipsec start
-moon::sleep 2
-moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-pgp-v4/test.conf b/testing/tests/ikev1/net2net-pgp-v4/test.conf
deleted file mode 100644
index f74d0f7d6..000000000
--- a/testing/tests/ikev1/net2net-pgp-v4/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/net2net-psk-fail/description.txt b/testing/tests/ikev1/net2net-psk-fail/description.txt
index 5a794bd17..688182be4 100644
--- a/testing/tests/ikev1/net2net-psk-fail/description.txt
+++ b/testing/tests/ikev1/net2net-psk-fail/description.txt
@@ -1,7 +1,5 @@
-An IPsec tunnel connecting the subnets behind the gateways <b>moon</b> and 
-<b>sun</b> is set up. The authentication is based on <b>Preshared Keys</b>
-(PSK). Unfortunately the secret keys of <b>moon</b> and <b>sun</b> do not
-match, so that the responder cannot decrypt ISAKMP message MI3. The resulting
-encrypted notification message cannot in turn be read by the initiator
-<b>moon</b>. In order to avoid a <b>notify-war</b>, any further generation of
-PAYLOAD_MALFORMED messages is suppressed.
+A connection between the gateways <b>moon</b> and <b>sun</b> is set up.
+The authentication is based on <b>Preshared Keys</b> (PSK), but gateway <b>moon</b>
+uses a wrong PSK. This makes it impossible for gateway <b>sun</b> to decrypt the
+IKEv1 message correctly. Thus <b>sun</b> returns a <b>PAYLOAD-MALFORMED</b> error
+notify which in turn cannot be decrypted by <b>moon</b>.
diff --git a/testing/tests/ikev1/net2net-psk-fail/evaltest.dat b/testing/tests/ikev1/net2net-psk-fail/evaltest.dat
index 7f7cb9726..36ad061ac 100644
--- a/testing/tests/ikev1/net2net-psk-fail/evaltest.dat
+++ b/testing/tests/ikev1/net2net-psk-fail/evaltest.dat
@@ -1,6 +1,8 @@
-moon::cat /var/log/auth.log::malformed payload in packet::YES
-sun::cat /var/log/auth.log::probable authentication failure.*mismatch of preshared secrets.*malformed payload in packet::YES
-sun::cat /var/log/auth.log::sending encrypted notification PAYLOAD_MALFORMED::YES
-moon::ipsec status::net-net.*STATE_MAIN_I4.*ISAKMP SA established::NO
-sun::ipsec status::net-net.*STATE_MAIN_R3.*ISAKMP SA established::NO
-
+sun:: cat /var/log/daemon.log::invalid ID_V1 payload length, decryption failed::YES
+sun:: cat /var/log/daemon.log::generating INFORMATIONAL_V1 request.*HASH N(PLD_MAL)::YES
+moon::cat /var/log/daemon.log::invalid HASH_V1 payload length, decryption failed::YES
+moon::cat /var/log/daemon.log::ignore malformed INFORMATIONAL request::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::NO
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::NO
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::NO
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.conf
index ad0359f01..7b168756e 100755
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.conf
@@ -1,21 +1,21 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
 	authby=secret
-	
+	keyexchange=ikev1
+
 conn net-net
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
 	leftid=@moon.strongswan.org
+	leftfirewall=yes
 	right=PH_IP_SUN
 	rightsubnet=10.2.0.0/16
 	rightid=@sun.strongswan.org
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
index be95c4d99..38ebf966c 100644
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.secrets
@@ -1,7 +1,4 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2dxxxx
 
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
index 453cdc07c..5db4358d6 100644
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  multiple_authentication = no
 }
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.conf
index 9bbff9039..78a2abeb3 100755
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.conf
@@ -1,21 +1,21 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
 	authby=secret
-	
+	keyexchange=ikev1
+
 conn net-net
 	left=PH_IP_SUN
 	leftsubnet=10.2.0.0/16
 	leftid=@sun.strongswan.org
+	leftfirewall=yes
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
index b53577e1d..be95c4d99 100644
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.secrets
@@ -1,6 +1,6 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-@moon.strongswan.org @sun.strongswan.org : PSK 0sZNbttZkdViYmLWprfhiZBtDjJbNAMHil
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
 
 
 
diff --git a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
index 453cdc07c..5db4358d6 100644
--- a/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -1,11 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+  multiple_authentication = no
 }
diff --git a/testing/tests/ikev1/net2net-psk-fail/posttest.dat b/testing/tests/ikev1/net2net-psk-fail/posttest.dat
index dff181797..5a9150bc8 100644
--- a/testing/tests/ikev1/net2net-psk-fail/posttest.dat
+++ b/testing/tests/ikev1/net2net-psk-fail/posttest.dat
@@ -1,2 +1,4 @@
 moon::ipsec stop
 sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/net2net-psk-fail/pretest.dat b/testing/tests/ikev1/net2net-psk-fail/pretest.dat
index aa8e332e0..9e40684ab 100644
--- a/testing/tests/ikev1/net2net-psk-fail/pretest.dat
+++ b/testing/tests/ikev1/net2net-psk-fail/pretest.dat
@@ -1,5 +1,7 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-sun::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::rm /etc/ipsec.d/cacerts/*
+sun::rm /etc/ipsec.d/cacerts/*
 moon::ipsec start
 sun::ipsec start
 moon::sleep 2
diff --git a/testing/tests/ikev1/net2net-psk/evaltest.dat b/testing/tests/ikev1/net2net-psk/evaltest.dat
index 7cbf92687..c98f5d78d 100644
--- a/testing/tests/ikev1/net2net-psk/evaltest.dat
+++ b/testing/tests/ikev1/net2net-psk/evaltest.dat
@@ -1,5 +1,7 @@
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
+moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
 alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
 sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
 sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/ipsec.conf
index c63ec2f30..058fe6a6e 100755
--- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
index 453cdc07c..238ec24b7 100644
--- a/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/ipsec.conf
index e21ee9910..027287ad4 100755
--- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
index 453cdc07c..238ec24b7 100644
--- a/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/net2net-route/description.txt b/testing/tests/ikev1/net2net-route/description.txt
deleted file mode 100644
index 323f09555..000000000
--- a/testing/tests/ikev1/net2net-route/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-A tunnel that will connect the subnets behind the gateways <b>moon</b>
-and <b>sun</b>, respectively, is preconfigured by installing a %trap eroute
-on gateway <b>moon</b> by means of the setting <b>auto=route</b> in ipsec.conf.
-A subsequent ping issued by client <b>alice</b> behind gateway <b>moon</b> to
-<b>bob</b> located behind gateway <b>sun</b> triggers the %trap eroute and
-leads to the automatic establishment of the subnet-to-subnet tunnel.
-<p>
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules
-that let pass the tunneled traffic.
diff --git a/testing/tests/ikev1/net2net-route/evaltest.dat b/testing/tests/ikev1/net2net-route/evaltest.dat
deleted file mode 100644
index 38d589e5a..000000000
--- a/testing/tests/ikev1/net2net-route/evaltest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::cat /var/log/auth.log::initiate on demand from PH_IP_ALICE::YES
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-route/posttest.dat b/testing/tests/ikev1/net2net-route/posttest.dat
deleted file mode 100644
index 5a9150bc8..000000000
--- a/testing/tests/ikev1/net2net-route/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/net2net-route/pretest.dat b/testing/tests/ikev1/net2net-route/pretest.dat
deleted file mode 100644
index 2eef7de19..000000000
--- a/testing/tests/ikev1/net2net-route/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-sun::ipsec start
-moon::sleep 2 
-alice::ping -c 10 PH_IP_BOB
diff --git a/testing/tests/ikev1/net2net-route/test.conf b/testing/tests/ikev1/net2net-route/test.conf
deleted file mode 100644
index d9a61590f..000000000
--- a/testing/tests/ikev1/net2net-route/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
- 
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/net2net-rsa/description.txt b/testing/tests/ikev1/net2net-rsa/description.txt
deleted file mode 100644
index a23fae8c3..000000000
--- a/testing/tests/ikev1/net2net-rsa/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
-The authentication is based on <b>raw RSA keys</b>. Upon the successful
-establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
-pings client <b>bob</b> located behind gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/net2net-rsa/evaltest.dat b/testing/tests/ikev1/net2net-rsa/evaltest.dat
deleted file mode 100644
index 7cbf92687..000000000
--- a/testing/tests/ikev1/net2net-rsa/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 837c1ab56..000000000
--- a/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	
-conn net-net
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftid=@moon.strongswan.org
-	leftrsasigkey=0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj
-	leftfirewall=yes
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	rightrsasigkey=0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT
-	auto=add
diff --git a/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 9859ae8ed..000000000
--- a/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA	{
-	# RSA 2048 bits   moon.strongswan.org   Wed Dec  8 21:41:27 2004
-	# for signatures only, UNSAFE FOR ENCRYPTION
-	#pubkey=0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj
-	Modulus: 0x7e9a4784085e419bb5e70e49247e6827cbf4d99dd4e43755f3159581ee726ba0cddc4e4df332d7523d7f2163d190c551964ac99406aee6180e50c77f49a51369cb3c56ef045c31bc2a0eab86d4f45f6e52f35758b175738648b50d697a27a8323f8797c292a4ee66d2db138ab73dfe0f990030cd6556693650d605d7a94a8a94deb6d7c1e6daf6ef35113f0811ee14c99a0b3d758dc92f68fbdca812d9cd14f1f5bfcc8bea83eb14fb93d4696079ad686089f7979dd5b63a49991aa601d6bbcf3fdcce9bc42cc3d0a380de815bc25907905c9a196141dbe7dcecbe817d8ab4c2bfddf38b5074ec449f70702d3ad52a8efee80c43acc8b423e6e50f69ddf5cc63
-	PublicExponent: 0x03
-	# everything after this point is secret
-	PrivateExponent: 0x1519b69601650aef48fbd7b6db6a66b14ca8ceefa37b5e8e532e4395a7bdbc9accfa0d0cfdddce8db4ea8590a2ed763843b72198abc7d1040262cbea8c462de6f734b927d60f5d9f5c57c741237e0fe7b87de3e41d9393410c1e2ce6e9b146b30a96994b1870d2667879d8971e8a5502998008223b8e66de62ce564e9c37171893a0e8a94749590fef394b9deda1e73937b1c664d2e4764ae49572771130a097024380c258fa25f9083eefc5eabe762d8e856237bdd8ad8217f899688f70ac1f37650dc08bf3748b74a4f30873842fe27bdfbc49d0cb14c3861ff18b1219153ddb69e5bcb09ff691473a856e63e23d2f36389959f804e82b13a547decc7d6df7
-	Prime1: 0xc11b8705063c662ee0a168b904bbd9c514025360c75e43e7c60c3c17846ede31bba328dfaf8abf513175f312a4263645db0f0797ca7f36d04f996680772264a63c1f76a2a2fe250aa0ca8e96122438bdd5b327e925742047f2b7d0fe3fa6ea07a10cd9a40f8994a95af505116131584c5fc247a7d69df08bfac1b5a23b7c157f
-	Prime2: 0xa7d5dcc534e67a60b918109b7b66cfad37de43b7d51025bfda4fbd30ee3a73362c879f1e251c47ed98a442b33bdcb2112e5aa2b160426e5d6a2c1bb22e104e6db75f0575d979e38146d89db8948500fad36b0875570b3f0ac5754440d14d4b47fa55b77b1d2b9033991c4a858256632759d22c80060d52957643aa8ed789231d
-	Exponent1: 0x80bd04ae0428441f406b9b260327e68362ac3795da3ed7efd95d7d6502f4942127c21b3fca5c7f8b764ea20c6d6eced93cb4afba86ff79e03510ef004f6c43197d6a4f17175418b1c08709b9616d7b2939221a9b6e4d6adaa1cfe0a97fc49c05160891180a5bb870e74e0360eb763add952c2fc539bea05d51d67916d252b8ff
-	Exponent2: 0x6fe3e8837899a6eb26100b1252448a737a942d2538b56e7fe6dfd375f426f779730514bec3682ff3bb182c777d3dcc0b743c6c76402c49939c1d67cc1eb5899e7a3f58f93ba697ab84906925b858ab51e2475af8e4b22a072e4e2d808b88dcdaa6e3cfa768c7b577bb6831ae56e4421a3be173000408e1b8f98271b48fb0c213
-	Coefficient: 0x0a9ea0e995d8d635ac37b5d5f1121ecd4d6387262ea65ea969499ec4c7af9d7a79b256654bda5c972b6efaf5aba35d6790ce4db39258930488ddb2443d19c344312380bed3290f29f0ff5b0ce382622c849f3279f653a2b7c4cc8efbfc5098852fe39aee9da947e53ddfe58bb6b7bb02b693a1b1228dc0481b681d51865d0339
-	}
-# do not change the indenting of that "}"
diff --git a/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index c50c4c594..000000000
--- a/testing/tests/ikev1/net2net-rsa/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac dnskey pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index efd9c798a..000000000
--- a/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	
-conn net-net
-	left=PH_IP_SUN
-	leftsubnet=10.2.0.0/16
-	leftid=@sun.strongswan.org
-	leftrsasigkey=0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	rightrsasigkey=0sAQN+mkeECF5Bm7XnDkkkfmgny/TZndTkN1XzFZWB7nJroM3cTk3zMtdSPX8hY9GQxVGWSsmUBq7mGA5Qx39JpRNpyzxW7wRcMbwqDquG1PRfblLzV1ixdXOGSLUNaXonqDI/h5fCkqTuZtLbE4q3Pf4PmQAwzWVWaTZQ1gXXqUqKlN6218Hm2vbvNRE/CBHuFMmaCz11jckvaPvcqBLZzRTx9b/Mi+qD6xT7k9RpYHmtaGCJ95ed1bY6SZkapgHWu88/3M6bxCzD0KOA3oFbwlkHkFyaGWFB2+fc7L6BfYq0wr/d84tQdOxEn3BwLTrVKo7+6AxDrMi0I+blD2nd9cxj
-	auto=add
diff --git a/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.secrets b/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.secrets
deleted file mode 100644
index bf976a8d3..000000000
--- a/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.secrets
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA	{
-	# RSA 2048 bits   sun.strongswan.org   Wed Dec  8 21:44:27 2004
-	# for signatures only, UNSAFE FOR ENCRYPTION
-	#pubkey=0sAQOiSuR9e/WMZFOxK3IdaFBOT2DGoObFDJURejqLcjMpmY2yVbA9Lpc+AEGKxqjb37WG6sVo3fBCDBOAhgmMw9s0b6DTSeXaIQloqW1M8IC+xe1fT+F0BsW1ttaEN0WTF5H+J+a4/arYg4HyiA+sjoqHagnCVPM15Rm5mkmg913XmSCgtkenD4WUq+NfPLuOcggqTjHAAoGD0doswRa3sebyqHQNAb32PXW9ecKi9ExcPrdr5hR5uNXRMYGumBtoxcE6xEvCM/sPRK1hbyynixc5nfMQ5Ymb4mdCUotUGaCyKDa4pF58sYgP6xpd/HXMXGdRP+KxqA4sfes46gp8UuJT
-	Modulus: 0xa24ae47d7bf58c6453b12b721d68504e4f60c6a0e6c50c95117a3a8b723329998db255b03d2e973e00418ac6a8dbdfb586eac568ddf0420c138086098cc3db346fa0d349e5da210968a96d4cf080bec5ed5f4fe17406c5b5b6d6843745931791fe27e6b8fdaad88381f2880fac8e8a876a09c254f335e519b99a49a0f75dd79920a0b647a70f8594abe35f3cbb8e72082a4e31c0028183d1da2cc116b7b1e6f2a8740d01bdf63d75bd79c2a2f44c5c3eb76be61479b8d5d13181ae981b68c5c13ac44bc233fb0f44ad616f2ca78b17399df310e5899be26742528b5419a0b22836b8a45e7cb1880feb1a5dfc75cc5c67513fe2b1a80e2c7deb38ea0a7c52e253
-	PublicExponent: 0x03
-	# everything after this point is secret
-	PrivateExponent: 0x04eaff2a9726789e3114e24946b595d3d3dc250ca22500619bae5edd701110c697b0121c9d01696e7c21043490c0d83bcdc90dbd5c0f09c24e2aaeba78a1162860793cb4a9dfd274a614a638a27081e6f7ad8e0e96e8eeb7ee448fa49580941bb25e4ccf4d814c611373f49ba061690bdc6ce6dbc94f357ce69811bf0f40e780b643cbe7e076031f234e842b41bc10fb2d359617c64b434cb3dd4d9add91dcbcaef9fba1fb6f217a8ad65bde553bd2792c939ea8b5c0591598e7291597609a779a088e36c1ebe15ebb5e9a7774d9d9cd90913030b88e215f9e66fe0daafb198a3bb9d4e6277b625460ede2d84ce7f3334bf641829c826dbc1549625377c517db
-	Prime1: 0xfee3308b1f16875eeb4ca7ba6a9b8f9279eceff06531aae2bb50d2ccbf7f2b0901f2c5e046856c54c338f4b79943f8ad6d20a97fe0a48786cd659aff3f55e3a8c4c09cad526975180d1c2905ba028b58dd05a71d3a268153fae62eb5e9fe9184b20f9fbd626b14054c4acd7e2de69934d91cbf239c7a63c9d2721cd466df26eb
-	Prime2: 0xa3003cd898c297323377adeed7b4b214dc78e8bf0d9c2c0bef54ed53686547971847d7400e1d8055149ef6425e5241f28b43c8d52b48d281ae4fc7d0589ef8ad9ae95a05e2298cf679135cc0dd7378611e363380852313bfdc259cdb2543d5d1d1b492f6035ec72a2025529c5dff6995ad64b1b7dec3a3755a512073a50ba839
-	Exponent1: 0xa9eccb076a0f04e9f2331a7c47125fb6fbf34aa0437671ec7ce08c887faa1cb0abf72e958458f2e32cd0a32510d7fb1e48c070ffeb185a59de43bcaa2a394270832b131e36f0f8bab3681b5926ac5ce5e8ae6f68d16f00e2a7441f23f1546103215fbfd396f20d58dd8733a973ef10cde6132a17bda6ed3136f6bde2ef3f6f47
-	Exponent2: 0x6caad33b1081ba2177a51e9f3a7876b892fb45d4b3bd72b29f8df38cf043850f65853a2ab413aae36314a42c3ee1814c5cd7db38c785e1abc98a85359069fb1e67463c03ec1bb34efb623dd5e8f7a59614242255ae17627fe819133cc3828e8be1230ca4023f2f716ac38c683eaa4663c8edcbcfe9d7c24e3c3615a26e07c57b
-	Coefficient: 0xbf865c3ed94693c7f16e04fd73929d7b4a3a296d6113eb9b01e87d5cf3be71afa2f838a5a82a97b55e8309025214312edefd3b77c989054bf28ec81bf3989d698671cb64eac9f016cc136f6ab78ce4d5d3837198eea5ec8ed057ba8e0e6f240a60202171f65be992d7bcd54ee0f803e5bd6b8385223b55440e095b28f01bbd0a
-	}
-# do not change the indenting of that "}"
diff --git a/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/strongswan.conf b/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/strongswan.conf
deleted file mode 100644
index c50c4c594..000000000
--- a/testing/tests/ikev1/net2net-rsa/hosts/sun/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac dnskey pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/net2net-rsa/posttest.dat b/testing/tests/ikev1/net2net-rsa/posttest.dat
deleted file mode 100644
index 5a9150bc8..000000000
--- a/testing/tests/ikev1/net2net-rsa/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/net2net-rsa/pretest.dat b/testing/tests/ikev1/net2net-rsa/pretest.dat
deleted file mode 100644
index 9e40684ab..000000000
--- a/testing/tests/ikev1/net2net-rsa/pretest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::rm /etc/ipsec.d/cacerts/*
-sun::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
-sun::ipsec start
-moon::sleep 2
-moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-rsa/test.conf b/testing/tests/ikev1/net2net-rsa/test.conf
deleted file mode 100644
index f74d0f7d6..000000000
--- a/testing/tests/ikev1/net2net-rsa/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/net2net-same-nets/description.txt b/testing/tests/ikev1/net2net-same-nets/description.txt
deleted file mode 100644
index d0eb3374f..000000000
--- a/testing/tests/ikev1/net2net-same-nets/description.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-A connection between two identical <b>10.0.0.0/14</b> networks behind the gateways <b>moon</b>
-and <b>sun</b> is set up. In order to make network routing work, the subnet behind <b>moon</b>
-sees the subnet behind <b>sun</b> as <b>10.4.0.0/14</b> whereas the subnet behind <b>sun</b>
-sees the subnet behind <b>moon</b> as <b>10.8.0.0/14</b>. The necessary network mappings are
-done on gateway <b>sun</b> using the iptables <b>MARK</b> and <b>NETMAP</b> targets.
-<p/>
-Upon the successful establishment of the IPsec tunnel, on gateway <b>moon</b> the directive
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic whereas on gateway <b>sun</b> the script indicated by
-<b>leftupdown=/etc/mark_updown</b> inserts iptables rules that set marks defined in the
-connection definition of <b>ipsec.conf</b> both on the inbound and outbound traffic, create
-the necessary NETMAP operations and forward the tunneled traffic.
-<p/>
-In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
-pings client <b>bob</b> located behind gateway <b>sun</b> and vice versa.
diff --git a/testing/tests/ikev1/net2net-same-nets/evaltest.dat b/testing/tests/ikev1/net2net-same-nets/evaltest.dat
deleted file mode 100644
index b5ad0628e..000000000
--- a/testing/tests/ikev1/net2net-same-nets/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-moon::ipsec statusall::net-net.*IPsec SA established::YES
-sun::ipsec statusall::net-net.*IPsec SA established::YES
-alice::ping -c 1 10.6.0.10::64 bytes from 10.6.0.10: icmp_seq=1::YES
-bob::ping -c 1 10.9.0.10::64 bytes from 10.9.0.10: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
-bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo request::YES
-bob::tcpdump::IP bob.strongswan.org > 10.9.0.10: ICMP echo reply::YES
-bob::tcpdump::IP bob.strongswan.org > 10.9.0.10: ICMP echo request::YES
-bob::tcpdump::IP 10.9.0.10 > bob.strongswan.org: ICMP echo reply::YES 
diff --git a/testing/tests/ikev1/net2net-same-nets/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-same-nets/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 30af017ff..000000000
--- a/testing/tests/ikev1/net2net-same-nets/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn net-net 
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.0.0.0/14
-	leftfirewall=yes
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	rightsubnet=10.4.0.0/14
-	auto=add
diff --git a/testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index 5e924cf25..000000000
--- a/testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-        keyingtries=1
-	keyexchange=ikev1
-
-conn net-net 
-	left=PH_IP_SUN
-	leftcert=sunCert.pem
-	leftid=@sun.strongswan.org
-	leftsubnet=10.4.0.0/14
-	leftupdown=/etc/mark_updown
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.0.0.0/14
-	mark_in=8
-	mark_out=4
-	auto=add
diff --git a/testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/mark_updown b/testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/mark_updown
deleted file mode 100755
index 0bfdcad85..000000000
--- a/testing/tests/ikev1/net2net-same-nets/hosts/sun/etc/mark_updown
+++ /dev/null
@@ -1,376 +0,0 @@
-#! /bin/sh
-# updown script setting inbound marks on ESP traffic in the mangle chain
-#
-# Copyright (C) 2003-2004 Nigel Meteringham
-# Copyright (C) 2003-2004 Tuomo Soini
-# Copyright (C) 2002-2004 Michael Richardson
-# Copyright (C) 2005-2010 Andreas Steffen <andreas.steffen@strongswan.org>
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-
-# CAUTION:  Installing a new version of strongSwan will install a new
-# copy of this script, wiping out any custom changes you make.  If
-# you need changes, make a copy of this under another name, and customize
-# that, and use the (left/right)updown parameters in ipsec.conf to make
-# strongSwan use yours instead of this default one.
-
-# things that this script gets (from ipsec_pluto(8) man page)
-#
-#      PLUTO_VERSION
-#              indicates  what  version of this interface is being
-#              used.  This document describes version  1.1.   This
-#              is upwardly compatible with version 1.0.
-#
-#       PLUTO_VERB
-#              specifies the name of the operation to be performed
-#              (prepare-host, prepare-client, up-host, up-client,
-#              down-host, or down-client).  If the address family
-#              for security gateway to security gateway communica-
-#              tions is IPv6, then a suffix of -v6 is added to the
-#              verb.
-#
-#       PLUTO_CONNECTION
-#              is the name of the  connection  for  which  we  are
-#              routing.
-#
-#       PLUTO_NEXT_HOP
-#              is the next hop to which packets bound for the peer
-#              must be sent.
-#
-#       PLUTO_INTERFACE
-#              is the name of the ipsec interface to be used.
-#
-#       PLUTO_REQID
-#              is the requid of the ESP policy
-#
-#       PLUTO_ME
-#              is the IP address of our host.
-#
-#       PLUTO_MY_ID
-#              is the ID of our host.
-#
-#       PLUTO_MY_CLIENT
-#              is the IP address / count of our client subnet.  If
-#              the  client  is  just  the  host,  this will be the
-#              host's own IP address / max (where max  is  32  for
-#              IPv4 and 128 for IPv6).
-#
-#       PLUTO_MY_CLIENT_NET
-#              is the IP address of our client net.  If the client
-#              is just the host, this will be the  host's  own  IP
-#              address.
-#
-#       PLUTO_MY_CLIENT_MASK
-#              is  the  mask for our client net.  If the client is
-#              just the host, this will be 255.255.255.255.
-#
-#       PLUTO_MY_SOURCEIP
-#              if non-empty, then the source address for the route will be
-#              set to this IP address.
-#
-#       PLUTO_MY_PROTOCOL
-#              is the IP protocol that will be transported.
-#
-#       PLUTO_MY_PORT
-#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
-#              restricted on our side.
-#
-#       PLUTO_PEER
-#              is the IP address of our peer.
-#
-#       PLUTO_PEER_ID
-#              is the ID of our peer.
-#
-#       PLUTO_PEER_CA
-#              is the CA which issued the cert of our peer.
-#
-#       PLUTO_PEER_CLIENT
-#              is the IP address / count of the peer's client sub-
-#              net.   If the client is just the peer, this will be
-#              the peer's own IP address / max (where  max  is  32
-#              for IPv4 and 128 for IPv6).
-#
-#       PLUTO_PEER_CLIENT_NET
-#              is the IP address of the peer's client net.  If the
-#              client is just the peer, this will  be  the  peer's
-#              own IP address.
-#
-#       PLUTO_PEER_CLIENT_MASK
-#              is  the  mask  for  the  peer's client net.  If the
-#              client   is   just   the   peer,   this   will   be
-#              255.255.255.255.
-#
-#       PLUTO_PEER_PROTOCOL
-#              is the IP protocol that will be transported.
-#
-#       PLUTO_PEER_PORT
-#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
-#              restricted on the peer side.
-#
-#       PLUTO_XAUTH_ID
-#              is an optional user ID employed by the XAUTH protocol
-#
-#       PLUTO_MARK_IN
-#              is an optional XFRM mark set on the inbound IPsec SA
-#
-#       PLUTO_MARK_OUT
-#              is an optional XFRM mark set on the outbound IPsec SA
-#
-#       PLUTO_UDP_ENC
-#              contains the remote UDP port in the case of ESP_IN_UDP
-#              encapsulation
-#
-
-# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin"
-export PATH
-
-# check parameter(s)
-case "$1:$*" in
-':')			# no parameters
-	;;
-iptables:iptables)	# due to (left/right)firewall; for default script only
-	;;
-custom:*)		# custom parameters (see above CAUTION comment)
-	;;
-*)	echo "$0: unknown parameters \`$*'" >&2
-	exit 2
-	;;
-esac
-
-# utility functions for route manipulation
-# Meddling with this stuff should not be necessary and requires great care.
-uproute() {
-	doroute add
-	ip route flush cache
-}
-downroute() {
-	doroute delete
-	ip route flush cache
-}
-
-addsource() {
-	st=0
-	if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
-	then
-	    it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
-	    oops="`eval $it 2>&1`"
-	    st=$?
-	    if test " $oops" = " " -a " $st" != " 0"
-	    then
-		oops="silent error, exit status $st"
-	    fi
-	    if test " $oops" != " " -o " $st" != " 0"
-	    then
-		echo "$0: addsource \`$it' failed ($oops)" >&2
-	    fi
-	fi
-	return $st
-}
-
-doroute() {
-	st=0
-
-	if [ -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    for dir in /etc/sysconfig /etc/conf.d; do
-		if [ -f "$dir/defaultsource" ]
-		then
-		    . "$dir/defaultsource"
-		fi
-	    done
-
-	    if [ -n "$DEFAULTSOURCE" ]
-	    then
-		PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
-	    fi
-        fi
-
-	if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    # leave because no route entry is required
-	    return $st
-	fi
-
-	parms1="$PLUTO_PEER_CLIENT"
-
-	if [ -n "$PLUTO_NEXT_HOP" ]
-	then
-	    parms2="via $PLUTO_NEXT_HOP"
-	else
-	    parms2="via $PLUTO_PEER"
-	fi
-	parms2="$parms2 dev $PLUTO_INTERFACE"
-
-	parms3=
-	if [ -n "$PLUTO_MY_SOURCEIP" ]
-	then
-	    if test "$1" = "add"
-	    then
-		addsource
-		if ! ip rule list | grep -q "lookup $SOURCEIP_ROUTING_TABLE"
-		then
-		    ip rule add pref $SOURCEIP_ROUTING_TABLE_PRIO table $SOURCEIP_ROUTING_TABLE
-		fi
-	    fi
-	    parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table $SOURCEIP_ROUTING_TABLE"
-	fi
-
-	case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-	"0.0.0.0/0.0.0.0")
-		# opportunistic encryption work around
-		# need to provide route that eclipses default, without
-		# replacing it.
-		it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
-			ip route $1 128.0.0.0/1 $parms2 $parms3"
-		;;
-	*)	it="ip route $1 $parms1 $parms2 $parms3"
-		;;
-	esac
-	oops="`eval $it 2>&1`"
-	st=$?
-	if test " $oops" = " " -a " $st" != " 0"
-	then
-	    oops="silent error, exit status $st"
-	fi
-	if test " $oops" != " " -o " $st" != " 0"
-	then
-	    echo "$0: doroute \`$it' failed ($oops)" >&2
-	fi
-	return $st
-}
-# define NETMAP
-SAME_NET=$PLUTO_PEER_CLIENT
-IN_NET=$PLUTO_MY_CLIENT
-OUT_NET="10.8.0.0/14"
-
-# define internal interface
-INT_INTERFACE="eth1"
-
-# is there an inbound mark to be set?
-if [ -n "$PLUTO_MARK_IN" ]
-then
-	if [ -n "$PLUTO_UDP_ENC" ]
-	then
-	    SET_MARK_IN="-p udp --sport $PLUTO_UDP_ENC"
-	else
-		SET_MARK_IN="-p esp"
-	fi
-	SET_MARK_IN="$SET_MARK_IN -s $PLUTO_PEER -j MARK --set-mark $PLUTO_MARK_IN"
-fi
-
-# is there an outbound mark to be set?
-if [ -n "$PLUTO_MARK_OUT" ]
-then
-	SET_MARK_OUT="-i $INT_INTERFACE -s $SAME_NET -d $OUT_NET -j MARK --set-mark $PLUTO_MARK_OUT"
-fi
-
-# resolve octal escape sequences
-PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
-PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
-
-# the big choice
-case "$PLUTO_VERB:$1" in
-prepare-host:*|prepare-client:*)
-	if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    # exit because no route will be added,
-	    # so that existing routes can stay
-	    exit 0
-	fi
-
-	# delete possibly-existing route (preliminary to adding a route)
-	case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-	"0.0.0.0/0.0.0.0")
-		# need to provide route that eclipses default, without
-		# replacing it.
-		parms1="0.0.0.0/1"
-		parms2="128.0.0.0/1"
-		it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
-		oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
-		;;
-	*)
-		parms="$PLUTO_PEER_CLIENT"
-		it="ip route delete $parms 2>&1"
-		oops="`ip route delete $parms 2>&1`"
-		;;
-	esac
-	status="$?"
-	if test " $oops" = " " -a " $status" != " 0"
-	then
-		oops="silent error, exit status $status"
-	fi
-	case "$oops" in
-	*'RTNETLINK answers: No such process'*)
-		# This is what route (currently -- not documented!) gives
-		# for "could not find such a route".
-		oops=
-		status=0
-		;;
-	esac
-	if test " $oops" != " " -o " $status" != " 0"
-	then
-		echo "$0: \`$it' failed ($oops)" >&2
-	fi
-	exit $status
-	;;
-route-host:*|route-client:*)
-	# connection to me or my client subnet being routed
-	uproute
-	;;
-unroute-host:*|unroute-client:*)
-	# connection to me or my client subnet being unrouted
-	downroute
-	;;
-up-client:)
-	# connection to my client subnet coming up
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -A PREROUTING $SET_MARK_IN
-	    iptables -t nat -A PREROUTING -i $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_IN \
-		     -d $IN_NET -j NETMAP --to $SAME_NET 
-	    iptables -I FORWARD 1 -i $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_IN -j ACCEPT
-	    iptables -t nat -A POSTROUTING -o $INT_INTERFACE -m mark --mark $PLUTO_MARK_IN \
-	             -s $SAME_NET -j NETMAP --to $OUT_NET 
-	fi
-	if [ -n "$PLUTO_MARK_OUT" ]
-	then
-	    iptables -t mangle -A PREROUTING $SET_MARK_OUT 
-	    iptables -t nat -A PREROUTING -i $INT_INTERFACE -m mark --mark $PLUTO_MARK_OUT \
-	             -d $OUT_NET -j NETMAP --to $SAME_NET
-	    iptables -I FORWARD 1 -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT -j ACCEPT
-            iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT \
-                     -s $SAME_NET -j NETMAP --to $IN_NET
-	fi
-	;;
-down-client:)
-	# connection to my client subnet going down
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -D PREROUTING $SET_MARK_IN
-	    iptables -t nat -D PREROUTING -i $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_IN \
-	             -d $IN_NET -j NETMAP --to $SAME_NET 
-	    iptables -D FORWARD -i $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_IN -j ACCEPT
-	    iptables -t nat -D POSTROUTING -o eth1 -m mark --mark $PLUTO_MARK_IN \
-	             -s $SAME_NET -j NETMAP --to $OUT_NET 
-	fi
-	if [ -n "$PLUTO_MARK_OUT" ]
-	then
-	    iptables -t mangle -D PREROUTING $SET_MARK_OUT
-	    iptables -D FORWARD -o $PLUTO_INTERFACE -m mark --mark $PLUTO_MARK_OUT -j ACCEPT
-	fi
-	;;
-*)	echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
-	exit 1
-	;;
-esac
diff --git a/testing/tests/ikev1/net2net-same-nets/posttest.dat b/testing/tests/ikev1/net2net-same-nets/posttest.dat
deleted file mode 100644
index e75e66650..000000000
--- a/testing/tests/ikev1/net2net-same-nets/posttest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-sun::iptables -t mangle -n -v -L PREROUTING
-sun::iptables -t nat -n -v -L
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-sun::conntrack -F
diff --git a/testing/tests/ikev1/net2net-same-nets/pretest.dat b/testing/tests/ikev1/net2net-same-nets/pretest.dat
deleted file mode 100644
index 2d7a78acb..000000000
--- a/testing/tests/ikev1/net2net-same-nets/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-sun::ipsec start
-moon::sleep 1 
-moon::ipsec up net-net
diff --git a/testing/tests/ikev1/net2net-same-nets/test.conf b/testing/tests/ikev1/net2net-same-nets/test.conf
deleted file mode 100644
index 1971a33ab..000000000
--- a/testing/tests/ikev1/net2net-same-nets/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
- 
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun bob"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/net2net-start/description.txt b/testing/tests/ikev1/net2net-start/description.txt
deleted file mode 100644
index f5320685e..000000000
--- a/testing/tests/ikev1/net2net-start/description.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-A tunnel connecting the subnets behind the gateways <b>moon</b> and <b>sun</b>,
-respectively, is automatically established by means of the setting
-<b>auto=start</b> in ipsec.conf. The connection is tested by client <b>alice</b>
-behind gateway <b>moon</b> pinging the client <b>bob</b> located behind
-gateway <b>sun</b>.
-<p>
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules
-that let pass the tunneled traffic.
diff --git a/testing/tests/ikev1/net2net-start/evaltest.dat b/testing/tests/ikev1/net2net-start/evaltest.dat
deleted file mode 100644
index 7cbf92687..000000000
--- a/testing/tests/ikev1/net2net-start/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/net2net-start/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index acb12e7f3..000000000
--- a/testing/tests/ikev1/net2net-start/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn net-net
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=start
diff --git a/testing/tests/ikev1/net2net-start/posttest.dat b/testing/tests/ikev1/net2net-start/posttest.dat
deleted file mode 100644
index 5a9150bc8..000000000
--- a/testing/tests/ikev1/net2net-start/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-sun::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/net2net-start/pretest.dat b/testing/tests/ikev1/net2net-start/pretest.dat
deleted file mode 100644
index f0c5bcec6..000000000
--- a/testing/tests/ikev1/net2net-start/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-sun::ipsec start
-alice::sleep 20 
diff --git a/testing/tests/ikev1/net2net-start/test.conf b/testing/tests/ikev1/net2net-start/test.conf
deleted file mode 100644
index d9a61590f..000000000
--- a/testing/tests/ikev1/net2net-start/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
- 
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/no-priv-key/description.txt b/testing/tests/ikev1/no-priv-key/description.txt
deleted file mode 100644
index 21b8eccb1..000000000
--- a/testing/tests/ikev1/no-priv-key/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-This scenario tests whether the correct encrypted informational messages are
-generated by the initiator <b>carol</b> and subsequently decoded by the
-responder <b>moon</b> when roadwarrior <b>carol</b> finds out that she
-doesn't have a private RSA key to sign her hash with.
diff --git a/testing/tests/ikev1/no-priv-key/evaltest.dat b/testing/tests/ikev1/no-priv-key/evaltest.dat
deleted file mode 100644
index e5a8de0b9..000000000
--- a/testing/tests/ikev1/no-priv-key/evaltest.dat
+++ /dev/null
@@ -1,3 +0,0 @@
-carol::cat /var/log/auth.log::unable to locate my private key::YES
-moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
-carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
diff --git a/testing/tests/ikev1/no-priv-key/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/no-priv-key/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 23b311aa6..000000000
--- a/testing/tests/ikev1/no-priv-key/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-# missing private RSA key
diff --git a/testing/tests/ikev1/no-priv-key/posttest.dat b/testing/tests/ikev1/no-priv-key/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/no-priv-key/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/no-priv-key/pretest.dat b/testing/tests/ikev1/no-priv-key/pretest.dat
deleted file mode 100644
index d92333d86..000000000
--- a/testing/tests/ikev1/no-priv-key/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/no-priv-key/test.conf b/testing/tests/ikev1/no-priv-key/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/no-priv-key/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/ocsp-revoked/description.txt b/testing/tests/ikev1/ocsp-revoked/description.txt
deleted file mode 100644
index cbdd1305a..000000000
--- a/testing/tests/ikev1/ocsp-revoked/description.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
-both roadwarrior <b>carol</b> and gateway <b>moon</b>. Thus when <b>carol</b> initiates
-the connection and no current revocation information is available, the Main Mode
-negotiation fails but an OCSP request issued to the OCSP server <b>winnetou</b>.
-When the second Main Mode trial comes around the OCSP response will be available
-but because the certificate presented by carol has been revoked,
-the IKE negotatiation will fail..
diff --git a/testing/tests/ikev1/ocsp-revoked/evaltest.dat b/testing/tests/ikev1/ocsp-revoked/evaltest.dat
deleted file mode 100644
index f5286cb61..000000000
--- a/testing/tests/ikev1/ocsp-revoked/evaltest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::cat /var/log/auth.log::X.509 certificate rejected::YES
-moon::cat /var/log/auth.log::certificate was revoked::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::ipsec listocsp:: revoked::YES
-moon::ipsec status::rw.*STATE_MAIN_R3.*ISAKMP SA established::NO
-carol::ipsec status::home.*STATE_MAIN_I4.*ISAKMP SA established::NO
diff --git a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index a62964829..000000000
--- a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	ocspuri=http://ocsp.strongswan.org:8880
-	auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolRevokedCert.pem
-	leftid=carol@strongswan.org
-
-conn home
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
deleted file mode 100644
index a92610c4f..000000000
--- a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIBGzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA5MDgyNzEwMzEwNloXDTE0MDgyNjEwMzEwNlowWjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAOHh/BBf9VwUbx3IU2ZvKJylwCUP2Gr40Velcexr
-lR1PoK3nwZrJxxfhhxrxdx7Wnt/PDiF2eyzA9U4cOyS1zPpWuRt69PEOWfzQJZkD
-e5C6bXZMHwJGaCM0h8EugnwI7/XgbEq8U/1PBwIeFh8xSyIwyn8NqyHWm+6haFZG
-Urz7y0ZOAYcX5ZldP8vjm2SyAl0hPlod0ypk2K1igmO8w3cRRFqD27XhztgIJyoi
-+BO3umc+BXcpPGoZ7IFaXvHcMVECrxbkrvRdpKiz/4+u8FakQJtBmYuqP2TLodRJ
-TKSJ4UvIPXZ8DTEYC/Ja/wrm1hNfH4T3YjWGT++lVbYF7qECAwEAAaOCAQYwggEC
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQRnt9aYXsi/fgMXGVh
-ZpTfg8kSYjBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz
-d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQCY2EMqkuhtAls/
-jkjXm+sI5YVglE62itSYgJxKZhxoFn3l4Afc6+XBeftK8Y1IjXdeyQUg8qHhkctl
-nBiEzRCClporCOXl5hOzWi+ft2hyKgcx8mFB8Qw5ZE9z8dvY70jdPCB4cH5EVaiC
-6ElGcI02iO073iCe38b3rmpwfnkIWZ0FVjSFSsTiNPLXWH6m6tt9Gux/PFuLff4a
-cdGfEGs01DEp9t0bHqZd6ESf2rEUljT57i9wSBfT5ULj78VTgudw/WhB0CgiXD+f
-q2dZC/19B8Xmk6XmEpRQjFK6wFmfBiQdelJo17/8M4LdT/RfvTHJOxr2OAtvCm2Z
-0xafBd5x
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
deleted file mode 100644
index 60e7fdfa9..000000000
--- a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA4eH8EF/1XBRvHchTZm8onKXAJQ/YavjRV6Vx7GuVHU+grefB
-msnHF+GHGvF3Htae388OIXZ7LMD1Thw7JLXM+la5G3r08Q5Z/NAlmQN7kLptdkwf
-AkZoIzSHwS6CfAjv9eBsSrxT/U8HAh4WHzFLIjDKfw2rIdab7qFoVkZSvPvLRk4B
-hxflmV0/y+ObZLICXSE+Wh3TKmTYrWKCY7zDdxFEWoPbteHO2AgnKiL4E7e6Zz4F
-dyk8ahnsgVpe8dwxUQKvFuSu9F2kqLP/j67wVqRAm0GZi6o/ZMuh1ElMpInhS8g9
-dnwNMRgL8lr/CubWE18fhPdiNYZP76VVtgXuoQIDAQABAoIBAQCbF5UAkUJgdM9O
-fat128DgvZXOXLDV0f261igAkmWR+Ih0n3n5E64VoY4oW77Ud7wiI4KqSzWLpvlH
-Jm8dZ45UHJOAYM4pbRcwVKJcC14eI0LhRKbN4xXBhmHnrE1/aIuKIQt5zRFGDarc
-M1gxFqFl2mZPEk18MGRkVoLTKfnJMzdHI1m0IAMwg3Rl9cmuVdkhTS+IAoULVNnI
-0iAOsFN8SdDaKBqRcPkypT5s4wjGH4s7zjW4PmEDwDhhfeHkVccCuH8n3un1bPT2
-oc73RSXdCYMgDTD3waXC+4cCQGPZmUCl6Mfq7YCECkUpUg6rHlaCYRSZZoQPf5vH
-VsBUvjABAoGBAPHSnJOL6tcqJCCZ27E3zIsmZ+d6dX4B/YN1Xk3vKHhavN5Ks6Gx
-ZCsaluMuB2qyBRrpKnSAz6lUQ1TOxzuphlVIX1EnLW+JvNgFyem9PARsP2SMsKqm
-VaqnId6pprdbP53NpL9Z7AsbS/i/Ab6WpVPyYHdqVsimCdRGK9/JlOnBAoGBAO8g
-I4a4dJKiwHBHyP6wkYrhWdYwmjTJlskNNjrvtn7bCJ/Lm0SaGFXKIHCExnenZji0
-bBp3XiFNPlPfjTaXG++3IH6fxYdHonsrkxbUHvGAVETmHVLzeFiAKuUBvrWuKecD
-yoywVenugORQIPal3AcLwPsVRfDU89tTQhiFq3zhAoGBAIqmfy/54URM3Tnz/Yq2
-u4htFNYb2JHPAlQFT3TP0xxuqiuqGSR0WUJ9lFXdZlM+jr7HQZha4rXrok9V39XN
-dUAgpsYY+GwjRSt25jYmUesXRaGZKRIvHJ8kBL9t9jDbGLaZ2gP8wuH7XKvamF12
-coSXS8gsKGYTDT+wnCdLpR4BAoGAFwuV4Ont8iPVP/zrFgCWRjgpnEba1bOH4KBx
-VYS8pcUeM6g/soDXT41HSxDAv89WPqjEslhGrhbvps2oolY1zwhrDUkAlGUG96/f
-YRfYU5X2iR1UPiZQttbDS4a7hm7egvEOmDh2TzE5IsfGJX8ekV9Ene4S637acYy4
-lfxr5oECgYEAzRuvh6aG7UmKwNTfatEKav7/gUH3QBGK+Pp3TPSmR5PKh/Pk4py6
-95bT4mHrKCBIfSv/8h+6baYZr9Ha1Oj++J94RXEi8wdjjl1w3LGQrM/X+0AVqn5P
-b5w1nvRK7bMikIXbZmPJmivrfChcjD21gvWeF6Osq8McWF8jW2HzrZw=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 8e31be4cb..000000000
--- a/testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolRevokedKey.pem
diff --git a/testing/tests/ikev1/ocsp-revoked/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ocsp-revoked/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index cd2ab0aca..000000000
--- a/testing/tests/ikev1/ocsp-revoked/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	ocspuri=http://ocsp.strongswan.org:8880
-	auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn net-net
-	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=add
-        
-conn host-host
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	auto=add
-
-conn rw
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/ocsp-revoked/posttest.dat b/testing/tests/ikev1/ocsp-revoked/posttest.dat
deleted file mode 100644
index d742e8410..000000000
--- a/testing/tests/ikev1/ocsp-revoked/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
diff --git a/testing/tests/ikev1/ocsp-revoked/pretest.dat b/testing/tests/ikev1/ocsp-revoked/pretest.dat
deleted file mode 100644
index d92333d86..000000000
--- a/testing/tests/ikev1/ocsp-revoked/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/ocsp-revoked/test.conf b/testing/tests/ikev1/ocsp-revoked/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/ocsp-revoked/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/ocsp-strict/description.txt b/testing/tests/ikev1/ocsp-strict/description.txt
deleted file mode 100644
index 7cb983140..000000000
--- a/testing/tests/ikev1/ocsp-strict/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-By setting <b>strictcrlpolicy=yes</b> a <b>strict CRL policy</b> is enforced on
-both roadwarrior <b>carol</b> and gateway <b>moon</b>. Thus when <b>carol</b> initiates
-the connection and no current revocation information is available, the Main Mode
-negotiation fails but an OCSP request is issued to the OCSP server <b>winnetou</b>.
-When the second Main Mode trial comes around, the OCSP response will be available
-and the IKE negotiation completes.
diff --git a/testing/tests/ikev1/ocsp-strict/evaltest.dat b/testing/tests/ikev1/ocsp-strict/evaltest.dat
deleted file mode 100644
index 66b27aaac..000000000
--- a/testing/tests/ikev1/ocsp-strict/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::cat /var/log/auth.log::X.509 certificate rejected::YES
-carol::cat /var/log/auth.log::X.509 certificate rejected::YES
-moon::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec listocsp:: good::YES
-carol::ipsec listocsp:: good::YES
diff --git a/testing/tests/ikev1/ocsp-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ocsp-strict/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index c79b1c3e2..000000000
--- a/testing/tests/ikev1/ocsp-strict/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	ocspuri=http://ocsp.strongswan.org:8880
-	auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-
-conn home
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/ocsp-strict/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ocsp-strict/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index cd2ab0aca..000000000
--- a/testing/tests/ikev1/ocsp-strict/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
-
-ca strongswan
-	cacert=strongswanCert.pem
-	ocspuri=http://ocsp.strongswan.org:8880
-	auto=add
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn net-net
-	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
-	rightsubnet=10.2.0.0/16
-	rightid=@sun.strongswan.org
-	auto=add
-        
-conn host-host
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	auto=add
-
-conn rw
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/ocsp-strict/posttest.dat b/testing/tests/ikev1/ocsp-strict/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/ocsp-strict/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/ocsp-strict/pretest.dat b/testing/tests/ikev1/ocsp-strict/pretest.dat
deleted file mode 100644
index d92333d86..000000000
--- a/testing/tests/ikev1/ocsp-strict/pretest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/ocsp-strict/test.conf b/testing/tests/ikev1/ocsp-strict/test.conf
deleted file mode 100644
index 2b240d895..000000000
--- a/testing/tests/ikev1/ocsp-strict/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/passthrough/description.txt b/testing/tests/ikev1/passthrough/description.txt
deleted file mode 100644
index 145c5b79c..000000000
--- a/testing/tests/ikev1/passthrough/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-All IP traffic from the subnet behind the gateway <b>moon</b> is tunneled
-to the gateway  <b>sun</b> using the 0.0.0.0/0 network mask. In order
-to prevent local subnet traffic from escaping through the tunnel, a
-passthrough policy for the 10.1.0.0/16 network is inserted on <b>moon</b>.
-A series of internal and external pings verifies the correct
-functioning of the setup.
diff --git a/testing/tests/ikev1/passthrough/evaltest.dat b/testing/tests/ikev1/passthrough/evaltest.dat
deleted file mode 100644
index 942222f08..000000000
--- a/testing/tests/ikev1/passthrough/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::ipsec status::net-net.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::net-net.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
-sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/passthrough/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/passthrough/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 25eec2a3e..000000000
--- a/testing/tests/ikev1/passthrough/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
-
-conn net-net
-	rightsubnet=0.0.0.0/0
-	rightid=@sun.strongswan.org
-	leftid=@moon.strongswan.org
-	leftcert=moonCert.pem
-	leftsourceip=10.1.0.1
-	leftfirewall=yes
-	lefthostaccess=yes
-	auto=add
-        
-conn pass
-	rightsubnet=10.1.0.0/16
-	type=passthrough
-	authby=never
-	auto=route
diff --git a/testing/tests/ikev1/passthrough/posttest.dat b/testing/tests/ikev1/passthrough/posttest.dat
deleted file mode 100644
index db17f4c65..000000000
--- a/testing/tests/ikev1/passthrough/posttest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::ipsec stop
-sun::ipsec stop
-moon::ip route flush table 50 
-moon::ip rule del table 50
-moon::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/passthrough/pretest.dat b/testing/tests/ikev1/passthrough/pretest.dat
deleted file mode 100644
index 6b5295469..000000000
--- a/testing/tests/ikev1/passthrough/pretest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::iptables -I INPUT  -i eth1 -s 10.1.0.0/16 -j ACCEPT
-moon::iptables -I OUTPUT -o eth1 -d 10.1.0.0/16 -j ACCEPT
-moon::ip rule add pref 50 table 50
-moon::ip route add 192.168.0.254 via PH_IP_MOON table 50
-moon::ip route add 10.1.0.0/16 via PH_IP_MOON1 table 50
-moon::ipsec start
-sun::ipsec start
-moon::sleep 2
-moon::ipsec up net-net
diff --git a/testing/tests/ikev1/passthrough/test.conf b/testing/tests/ikev1/passthrough/test.conf
deleted file mode 100644
index d9a61590f..000000000
--- a/testing/tests/ikev1/passthrough/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-w-s-b.png"
- 
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/protoport-dual/evaltest.dat b/testing/tests/ikev1/protoport-dual/evaltest.dat
index 11c34929f..a65460cc8 100644
--- a/testing/tests/ikev1/protoport-dual/evaltest.dat
+++ b/testing/tests/ikev1/protoport-dual/evaltest.dat
@@ -1,5 +1,7 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES
+carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
 carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
diff --git a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/ipsec.conf
index 48df689af..dd7fb0a81 100755
--- a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/ipsec.conf
index c4bfebda1..4e99d2be6 100755
--- a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..dc937641c
--- /dev/null
+++ b/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/protoport-pass/description.txt b/testing/tests/ikev1/protoport-pass/description.txt
deleted file mode 100644
index 63744fa47..000000000
--- a/testing/tests/ikev1/protoport-pass/description.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
-Using the <b>left|rightprotoport</b> selectors, the IPsec tunnel is
-restricted to the ICMP protocol. Upon the successful establishment of the
-IPsec tunnel, <b>firewall=yes</b> automatically inserts iptables-based
-firewall rules that let pass the tunneled ICMP traffic. In order to test
-both tunnel and firewall, <b>carol</b> pings the client <b>alice</b> behind
-the gateway <b>moon</b> as well as the inner interface of the gateway.
-For the latter ping <b>lefthostaccess=yes</b> is required.
-<p>
-By default, the native IPsec stack of the Linux 2.6 kernel transmits
-protocols and ports not covered by any IPsec SA in the clear. Thus by
-selectively opening the firewalls, <b>carol</b> sets up an SSH session to
-<b>alice</b> that is not going through the tunnel.
diff --git a/testing/tests/ikev1/protoport-pass/evaltest.dat b/testing/tests/ikev1/protoport-pass/evaltest.dat
deleted file mode 100644
index 11c34929f..000000000
--- a/testing/tests/ikev1/protoport-pass/evaltest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/protoport-pass/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/protoport-pass/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index aae781b69..000000000
--- a/testing/tests/ikev1/protoport-pass/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home-icmp
-	left=PH_IP_CAROL
-        leftid=carol@strongswan.org
-	leftcert=carolCert.pem
-	leftprotoport=icmp
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightprotoport=icmp
-        rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/protoport-pass/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/protoport-pass/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 7b80a299e..000000000
--- a/testing/tests/ikev1/protoport-pass/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn rw-icmp
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftprotoport=icmp
-	leftid=@moon.strongswan.org
-	leftcert=moonCert.pem
-	leftfirewall=yes
-	lefthostaccess=yes
-	right=%any
-	rightprotoport=icmp
-	auto=add
diff --git a/testing/tests/ikev1/protoport-pass/posttest.dat b/testing/tests/ikev1/protoport-pass/posttest.dat
deleted file mode 100644
index d6f014882..000000000
--- a/testing/tests/ikev1/protoport-pass/posttest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-carol::ip route del 10.1.0.0/16 via PH_IP_MOON
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/protoport-pass/pretest.dat b/testing/tests/ikev1/protoport-pass/pretest.dat
deleted file mode 100644
index 37f545062..000000000
--- a/testing/tests/ikev1/protoport-pass/pretest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-moon::iptables -I FORWARD -i eth0 -p tcp -d 10.1.0.0/16 --dport ssh -jACCEPT
-moon::iptables -I FORWARD -o eth0 -p tcp -s 10.1.0.0/16 --sport ssh -jACCEPT
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::iptables -I INPUT  -i eth0 -p tcp -s 10.1.0.0/16 --sport ssh -d PH_IP_CAROL -jACCEPT
-carol::iptables -I OUTPUT -o eth0 -p tcp -d 10.1.0.0/16 --dport ssh -s PH_IP_CAROL -jACCEPT
-carol::ip route add 10.1.0.0/16 via PH_IP_MOON
-moon::ipsec start
-carol::ipsec start
-carol::sleep 2
-carol::ipsec up home-icmp
diff --git a/testing/tests/ikev1/protoport-pass/test.conf b/testing/tests/ikev1/protoport-pass/test.conf
deleted file mode 100644
index 9cd583b16..000000000
--- a/testing/tests/ikev1/protoport-pass/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/protoport-route/description.txt b/testing/tests/ikev1/protoport-route/description.txt
deleted file mode 100644
index ec7ec69b0..000000000
--- a/testing/tests/ikev1/protoport-route/description.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Using the <b>left|rightprotoport</b> selectors, two IPsec tunnels 
-between the roadwarrior <b>carol</b> and the gateway <b>moon</b> are
-defined. The first IPsec SA is restricted to ICMP packets and the second
-covers TCP-based SSH connections. Using <b>add=route</b> %trap
-eroutes for these IPsec SAs are prepared on <b>carol</b>. By sending
-a ping to the client <b>alice</b> behind <b>moon</b>, the ICMP eroute
-is triggered and the corresponding IPsec tunnel is set up. In the same
-way an ssh session to <b>alice</b> over the second IPsec SA is established.
diff --git a/testing/tests/ikev1/protoport-route/evaltest.dat b/testing/tests/ikev1/protoport-route/evaltest.dat
deleted file mode 100644
index b266d86d8..000000000
--- a/testing/tests/ikev1/protoport-route/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
-carol::ssh PH_IP_ALICE hostname::alice::YES
-carol::cat /var/log/auth.log::initiate on demand::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/protoport-route/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/protoport-route/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 2bb557410..000000000
--- a/testing/tests/ikev1/protoport-route/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=route
-	
-conn home-icmp
-	leftprotoport=icmp
-	rightprotoport=icmp
-
-conn home-ssh
-	leftprotoport=tcp
-	rightprotoport=tcp/ssh
diff --git a/testing/tests/ikev1/protoport-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/protoport-route/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index c4bfebda1..000000000
--- a/testing/tests/ikev1/protoport-route/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	leftsubnet=10.1.0.0/16
-	right=%any
-	auto=add
-
-conn rw-icmp
-	lefthostaccess=yes
-	leftprotoport=icmp
-	rightprotoport=icmp
-
-conn rw-ssh
-	leftprotoport=tcp/ssh
-	rightprotoport=tcp
diff --git a/testing/tests/ikev1/protoport-route/posttest.dat b/testing/tests/ikev1/protoport-route/posttest.dat
deleted file mode 100644
index 94a400606..000000000
--- a/testing/tests/ikev1/protoport-route/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/protoport-route/pretest.dat b/testing/tests/ikev1/protoport-route/pretest.dat
deleted file mode 100644
index d52aeaeb8..000000000
--- a/testing/tests/ikev1/protoport-route/pretest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-carol::sleep 3 
-carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname
-carol::ping -c 1 PH_IP_MOON1 > /dev/null
-carol::sleep 2 
diff --git a/testing/tests/ikev1/protoport-route/test.conf b/testing/tests/ikev1/protoport-route/test.conf
deleted file mode 100644
index 9cd583b16..000000000
--- a/testing/tests/ikev1/protoport-route/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/req-pkcs10/description.txt b/testing/tests/ikev1/req-pkcs10/description.txt
deleted file mode 100644
index a958cb8e8..000000000
--- a/testing/tests/ikev1/req-pkcs10/description.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Both the roadwarrior <b>carol</b> and the gateway <b>moon</b> generate a
-PKCS#1 RSA private key and a PKCS#10 certificate request using the 
-<b>ipsec scepclient</b> function. Because the UML testing environment
-does not offer enough entropy, the non-blocking /dev/urandom device is
-used in place of /dev/random for generating the random primes.
-<p>
-The certificate requests are copied to <b>winnetou</b> where a certification
-authority based on OpenSSL issues X.509 certificates by verifying and
-signing the PCKS#10 requests. The certificates are then copied back to
-the corresponding hosts and used to set up a road warrior connection
-initiated by <b>carol</b> 
diff --git a/testing/tests/ikev1/req-pkcs10/evaltest.dat b/testing/tests/ikev1/req-pkcs10/evaltest.dat
deleted file mode 100644
index c7657801e..000000000
--- a/testing/tests/ikev1/req-pkcs10/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 7c2bb3a98..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=myCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 167d743df..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA myKey.der
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/scepclient.conf b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/scepclient.conf
deleted file mode 100644
index 6afd3fa11..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/scepclient.conf
+++ /dev/null
@@ -1,3 +0,0 @@
---debug-control
---out pkcs1
---out pkcs10
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index e589a9425..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-scepclient {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index b9ec17dbc..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.der
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/scepclient.conf b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/scepclient.conf
deleted file mode 100644
index da8177348..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/scepclient.conf
+++ /dev/null
@@ -1,4 +0,0 @@
---debug-control
---keylength 2064
---out pkcs1=moonKey.der
---out pkcs10=moonReq.der
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index e589a9425..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-scepclient {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/req-pkcs10/hosts/winnetou/etc/openssl/yy.txt b/testing/tests/ikev1/req-pkcs10/hosts/winnetou/etc/openssl/yy.txt
deleted file mode 100644
index 9b48ee4cf..000000000
--- a/testing/tests/ikev1/req-pkcs10/hosts/winnetou/etc/openssl/yy.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-y
-y
diff --git a/testing/tests/ikev1/req-pkcs10/posttest.dat b/testing/tests/ikev1/req-pkcs10/posttest.dat
deleted file mode 100644
index 933b4b6c4..000000000
--- a/testing/tests/ikev1/req-pkcs10/posttest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
-carol::rm /etc/ipsec.d/reqs/*
-moon::rm /etc/ipsec.d/private/*
-moon::rm /etc/ipsec.d/reqs/*
-winnetou::rm /etc/openssl/carol*
-winnetou::rm /etc/openssl/moon*
diff --git a/testing/tests/ikev1/req-pkcs10/pretest.dat b/testing/tests/ikev1/req-pkcs10/pretest.dat
deleted file mode 100644
index cb4355efa..000000000
--- a/testing/tests/ikev1/req-pkcs10/pretest.dat
+++ /dev/null
@@ -1,23 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
-carol::cat /etc/scepclient.conf
-carol::ipsec scepclient --dn \"C=CH, O=Linux strongSwan, CN=carol@strongswan.org\" --optionsfrom /etc/scepclient.conf
-winnetou::scp carol:/etc/ipsec.d/reqs/myReq.der /etc/openssl/carolReq.der
-winnetou::openssl req -inform der -in /etc/openssl/carolReq.der -out /etc/openssl/carolReq.pem
-winnetou::cd /etc/openssl; COMMON_NAME="carol@strongswan.org" openssl ca -in carolReq.pem -out carolCert.pem -notext -config openssl.cnf -extensions user_ext < yy.txt
-winnetou::scp /etc/openssl/carolCert.pem carol:/etc/ipsec.d/certs/myCert.pem
-moon::rm /etc/ipsec.d/private/*
-moon::rm /etc/ipsec.d/certs/*
-moon::cat /etc/scepclient.conf
-moon::ipsec scepclient --dn \"C=CH, O=Linux strongSwan, SN=01, CN=moon.strongswan.org\" --optionsfrom /etc/scepclient.conf
-winnetou::scp moon:/etc/ipsec.d/reqs/moonReq.der /etc/openssl/
-winnetou::openssl req -inform der -in /etc/openssl/moonReq.der -out /etc/openssl/moonReq.pem
-winnetou::cd /etc/openssl; COMMON_NAME="moon.strongswan.org" openssl ca -in moonReq.pem -out moonCert.pem -notext -config openssl.cnf -extensions host_ext < yy.txt
-winnetou::scp /etc/openssl/moonCert.pem moon:/etc/ipsec.d/certs/
-carol::sleep 2
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/req-pkcs10/test.conf b/testing/tests/ikev1/req-pkcs10/test.conf
deleted file mode 100644
index 9cd583b16..000000000
--- a/testing/tests/ikev1/req-pkcs10/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/rw-cert-aggressive/description.txt b/testing/tests/ikev1/rw-cert-aggressive/description.txt
new file mode 100644
index 000000000..1c4535c23
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert-aggressive/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>IKEv1 Aggressive Mode</b>. The authentication is
+based on <b>X.509 certificates</b>. Upon the successful establishment of the IPsec
+tunnels, <b>leftfirewall=yes</b> automatically inserts iptables-based firewall
+rules that let pass the tunneled traffic. In order to test both tunnel and
+firewall, both <b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind
+the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat
new file mode 100644
index 000000000..f8cfb111b
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert-aggressive/evaltest.dat
@@ -0,0 +1,15 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
similarity index 81%
rename from testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
index 528e3f1b3..ee5b64730 100755
--- a/testing/tests/ikev1/after-2038-certs/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,8 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
+	charondebug="job 2"
 
 conn %default
 	ikelifetime=60m
@@ -12,6 +10,7 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	aggressive=yes
 
 conn home
 	left=PH_IP_CAROL
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..c032d8291
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/starter-includes/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
similarity index 76%
rename from testing/tests/ikev1/starter-includes/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
index 726998e19..01eaf1694 100755
--- a/testing/tests/ikev1/starter-includes/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,8 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
+	charondebug="job 2"
 
 conn %default
 	ikelifetime=60m
@@ -12,18 +10,14 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	aggressive=yes
 
 conn home
 	left=PH_IP_DAVE
-	leftsourceip=%modeconfig
 	leftcert=daveCert.pem
 	leftid=dave@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
 	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..c032d8291
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/ipsec.conf
similarity index 89%
rename from testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/ipsec.conf
index f0dbeb323..ca61fc3d7 100755
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -10,6 +9,7 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	aggressive=yes
 
 conn rw
 	left=PH_IP_MOON
diff --git a/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..c032d8291
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/posttest.dat b/testing/tests/ikev1/rw-cert-aggressive/posttest.dat
similarity index 70%
rename from testing/tests/ikev1/ip-pool/posttest.dat
rename to testing/tests/ikev1/rw-cert-aggressive/posttest.dat
index a68e84cbd..7cebd7f25 100644
--- a/testing/tests/ikev1/ip-pool/posttest.dat
+++ b/testing/tests/ikev1/rw-cert-aggressive/posttest.dat
@@ -4,5 +4,3 @@ dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del 10.3.0.1/32 dev eth0
-dave::ip addr del 10.3.0.2/32 dev eth0
diff --git a/testing/tests/ikev1/mode-config/pretest.dat b/testing/tests/ikev1/rw-cert-aggressive/pretest.dat
similarity index 94%
rename from testing/tests/ikev1/mode-config/pretest.dat
rename to testing/tests/ikev1/rw-cert-aggressive/pretest.dat
index bb222992e..42e9d7c24 100644
--- a/testing/tests/ikev1/mode-config/pretest.dat
+++ b/testing/tests/ikev1/rw-cert-aggressive/pretest.dat
@@ -1,10 +1,9 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
 carol::ipsec start
 dave::ipsec start
-moon::ipsec start
-carol::sleep 2
+carol::sleep 1
 carol::ipsec up home
 dave::ipsec up home
-carol::sleep 1
diff --git a/testing/tests/ikev1/strong-certs/test.conf b/testing/tests/ikev1/rw-cert-aggressive/test.conf
similarity index 100%
rename from testing/tests/ikev1/strong-certs/test.conf
rename to testing/tests/ikev1/rw-cert-aggressive/test.conf
diff --git a/testing/tests/ikev1/rw-cert/description.txt b/testing/tests/ikev1/rw-cert/description.txt
index 8df6b1c0d..15b3822b5 100644
--- a/testing/tests/ikev1/rw-cert/description.txt
+++ b/testing/tests/ikev1/rw-cert/description.txt
@@ -1,6 +1,6 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
-The authentication is based on <b>X.509 certificates</b>. Upon the successful
-establishment of the IPsec tunnel, <b>leftfirewall=yes</b> automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, <b>carol</b> pings the client
-<b>alice</b> behind the gateway <b>moon</b>.
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/rw-cert/evaltest.dat b/testing/tests/ikev1/rw-cert/evaltest.dat
index c7657801e..f8cfb111b 100644
--- a/testing/tests/ikev1/rw-cert/evaltest.dat
+++ b/testing/tests/ikev1/rw-cert/evaltest.dat
@@ -1,5 +1,15 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1/crl-strict/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/ipsec.conf
similarity index 80%
rename from testing/tests/ikev1/crl-strict/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/rw-cert/hosts/carol/etc/ipsec.conf
index b4bc2101c..e463e22ef 100755
--- a/testing/tests/ikev1/crl-strict/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,12 +9,13 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+
+conn home
 	left=PH_IP_CAROL
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
-
-conn home
+	leftfirewall=yes
 	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
index 7403971e9..8822cae64 100644
--- a/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
   integrity_test = yes
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/ipsec.conf
similarity index 74%
rename from testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/rw-cert/hosts/dave/etc/ipsec.conf
index e10e9d45c..c3fd646ae 100755
--- a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	strictcrlpolicy=no
-	crlcheckinterval=180
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -15,7 +12,7 @@ conn %default
 
 conn home
 	left=PH_IP_DAVE
-	leftcert=daveCert-sha512.pem
+	leftcert=daveCert.pem
 	leftid=dave@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
diff --git a/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..8822cae64
--- /dev/null
+++ b/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+  integrity_test = yes
+  crypto_test {
+    on_add = yes
+  }
+}
diff --git a/testing/tests/ikev1/crl-to-cache/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/ipsec.conf
similarity index 79%
rename from testing/tests/ikev1/crl-to-cache/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/rw-cert/hosts/moon/etc/ipsec.conf
index 0b9f891bd..9931d8711 100755
--- a/testing/tests/ikev1/crl-to-cache/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	cachecrls=yes
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,11 +9,12 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+
+conn rw
 	left=PH_IP_MOON
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
-
-conn rw
 	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
 	right=%any
 	auto=add
diff --git a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
index 7403971e9..8822cae64 100644
--- a/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
   integrity_test = yes
diff --git a/testing/tests/ikev1/rw-cert/posttest.dat b/testing/tests/ikev1/rw-cert/posttest.dat
index 94a400606..7cebd7f25 100644
--- a/testing/tests/ikev1/rw-cert/posttest.dat
+++ b/testing/tests/ikev1/rw-cert/posttest.dat
@@ -1,4 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
+dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/rw-cert/pretest.dat b/testing/tests/ikev1/rw-cert/pretest.dat
index 4fe0ee90b..42e9d7c24 100644
--- a/testing/tests/ikev1/rw-cert/pretest.dat
+++ b/testing/tests/ikev1/rw-cert/pretest.dat
@@ -1,6 +1,9 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
+dave::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
-carol::sleep 2
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
 carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/rw-cert/test.conf b/testing/tests/ikev1/rw-cert/test.conf
index 9cd583b16..70416826e 100644
--- a/testing/tests/ikev1/rw-cert/test.conf
+++ b/testing/tests/ikev1/rw-cert/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice moon carol winnetou"
+UMLHOSTS="alice moon carol winnetou dave"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-m-c-w-d.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,4 +18,4 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol"
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/rw-mark-in-out/description.txt b/testing/tests/ikev1/rw-mark-in-out/description.txt
deleted file mode 100644
index 4c35081b1..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/description.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-The roadwarriors <b>alice</b> and <b>venus</b> sitting behind the router <b>moon</b> set up
-tunnels to gateway <b>sun</b>. Since both roadwarriors possess the same 10.1.0.0/25 subnet,
-gateway <b>sun</b> uses Source NAT after ESP decryption to map these subnets to 10.3.0.10
-and 10.3.0.20, respectively.
-<p/>
-In order to differentiate between the tunnels to <b>alice</b> and <b>venus</b>, respectively,
-<b>XFRM marks</b> are defined for both the inbound and outbound IPsec SAs and policies using
-the <b>mark_in</b> and <b>mark_out</b> parameters in ipsec.conf.
-<p/>
-<b>iptables -t mangle</b> rules are then used in the PREROUTING chain to mark the traffic to
-and from <b>alice</b> and <b>venus</b>, respectively.
-<p/>
-The script designated by <b>leftupdown=/etc/mark_updown</b> automatically inserts
-iptables mangle rules that mark the inbound ESP packets as well as iptables IPsec-policy rules
-that let pass the tunneled traffic. In order to test the tunnel, the hosts <b>alice</b>
-and <b>venus</b> ping the client <b>bob</b> behind the gateway <b>sun</b>.
diff --git a/testing/tests/ikev1/rw-mark-in-out/evaltest.dat b/testing/tests/ikev1/rw-mark-in-out/evaltest.dat
deleted file mode 100644
index 168b3dfb9..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/evaltest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-alice::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-venus::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-sun::ipsec status::alice.*STATE_QUICK_R2.*IPsec SA established::YES
-sun::ipsec status::alice.*alice@strongswan.org::YES
-sun::ipsec status::venus.*STATE_QUICK_R2.*IPsec SA established::YES
-sun::ipsec status::venus.*venus.strongswan.org::YES
-sun::ipsec statusall::alice.*10.2.0.0/16===.*===10.1.0.0/25::YES
-sun::ipsec statusall::venus.*10.2.0.0/16===.*===10.1.0.0/25::YES
-alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
-moon::tcpdump::IP alice.strongswan.org > sun.strongswan.org: ESP::YES
-moon::tcpdump::IP venus.strongswan.org > sun.strongswan.org: ESP::YES
-moon::tcpdump::IP sun.strongswan.org > alice.strongswan.org: ESP::YES
-moon::tcpdump::IP sun.strongswan.org > venus.strongswan.org: ESP::YES
-bob::tcpdump::10.3.0.10 > bob.strongswan.org: ICMP echo request::YES
-bob::tcpdump::10.3.0.20 > bob.strongswan.org: ICMP echo request::YES
-bob::tcpdump::bob.strongswan.org > 10.3.0.10: ICMP echo reply::YES
-bob::tcpdump::bob.strongswan.org > 10.3.0.20: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/init.d/iptables
deleted file mode 100755
index 5594bbf52..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/init.d/iptables
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-        # allow ESP 
-        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow MOBIKE 
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/ipsec.conf
deleted file mode 100755
index 4256006c0..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=%defaultroute
-	leftsubnet=10.1.0.0/25
-	leftcert=aliceCert.pem
-	leftid=alice@strongswan.org
-	leftfirewall=yes
-	lefthostaccess=yes
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	rightsubnet=10.2.0.0/16
-	auto=add
diff --git a/testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/ipsec.conf b/testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/ipsec.conf
deleted file mode 100755
index 83fe9eed2..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/ipsec.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn alice
-	rightid=alice@strongswan.org
-	mark_in=10/0xffffffff
-	mark_out=11/0xffffffff
-	also=sun
-	auto=add
-
-conn venus
-	rightid=@venus.strongswan.org
-	mark_in=20  #0xffffffff is used by default
-	mark_out=21 #0xffffffff is used by default
-	also=sun
-	auto=add
-
-conn sun
-	left=PH_IP_SUN
-	leftcert=sunCert.pem
-	leftid=@sun.strongswan.org
-	leftsubnet=10.2.0.0/16
-	leftupdown=/etc/mark_updown
-	right=%any
-	rightsubnet=10.1.0.0/25
diff --git a/testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/mark_updown b/testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/mark_updown
deleted file mode 100755
index 0d22e684d..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/hosts/sun/etc/mark_updown
+++ /dev/null
@@ -1,527 +0,0 @@
-#! /bin/sh
-# updown script setting inbound marks on ESP traffic in the mangle chain
-#
-# Copyright (C) 2003-2004 Nigel Meteringham
-# Copyright (C) 2003-2004 Tuomo Soini
-# Copyright (C) 2002-2004 Michael Richardson
-# Copyright (C) 2005-2010 Andreas Steffen <andreas.steffen@strongswan.org>
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-
-# CAUTION:  Installing a new version of strongSwan will install a new
-# copy of this script, wiping out any custom changes you make.  If
-# you need changes, make a copy of this under another name, and customize
-# that, and use the (left/right)updown parameters in ipsec.conf to make
-# strongSwan use yours instead of this default one.
-
-# things that this script gets (from ipsec_pluto(8) man page)
-#
-#      PLUTO_VERSION
-#              indicates  what  version of this interface is being
-#              used.  This document describes version  1.1.   This
-#              is upwardly compatible with version 1.0.
-#
-#       PLUTO_VERB
-#              specifies the name of the operation to be performed
-#              (prepare-host, prepare-client, up-host, up-client,
-#              down-host, or down-client).  If the address family
-#              for security gateway to security gateway communica-
-#              tions is IPv6, then a suffix of -v6 is added to the
-#              verb.
-#
-#       PLUTO_CONNECTION
-#              is the name of the  connection  for  which  we  are
-#              routing.
-#
-#       PLUTO_NEXT_HOP
-#              is the next hop to which packets bound for the peer
-#              must be sent.
-#
-#       PLUTO_INTERFACE
-#              is the name of the ipsec interface to be used.
-#
-#       PLUTO_REQID
-#              is the requid of the ESP policy
-#
-#       PLUTO_ME
-#              is the IP address of our host.
-#
-#       PLUTO_MY_ID
-#              is the ID of our host.
-#
-#       PLUTO_MY_CLIENT
-#              is the IP address / count of our client subnet.  If
-#              the  client  is  just  the  host,  this will be the
-#              host's own IP address / max (where max  is  32  for
-#              IPv4 and 128 for IPv6).
-#
-#       PLUTO_MY_CLIENT_NET
-#              is the IP address of our client net.  If the client
-#              is just the host, this will be the  host's  own  IP
-#              address.
-#
-#       PLUTO_MY_CLIENT_MASK
-#              is  the  mask for our client net.  If the client is
-#              just the host, this will be 255.255.255.255.
-#
-#       PLUTO_MY_SOURCEIP
-#              if non-empty, then the source address for the route will be
-#              set to this IP address.
-#
-#       PLUTO_MY_PROTOCOL
-#              is the IP protocol that will be transported.
-#
-#       PLUTO_MY_PORT
-#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
-#              restricted on our side.
-#
-#       PLUTO_PEER
-#              is the IP address of our peer.
-#
-#       PLUTO_PEER_ID
-#              is the ID of our peer.
-#
-#       PLUTO_PEER_CA
-#              is the CA which issued the cert of our peer.
-#
-#       PLUTO_PEER_CLIENT
-#              is the IP address / count of the peer's client sub-
-#              net.   If the client is just the peer, this will be
-#              the peer's own IP address / max (where  max  is  32
-#              for IPv4 and 128 for IPv6).
-#
-#       PLUTO_PEER_CLIENT_NET
-#              is the IP address of the peer's client net.  If the
-#              client is just the peer, this will  be  the  peer's
-#              own IP address.
-#
-#       PLUTO_PEER_CLIENT_MASK
-#              is  the  mask  for  the  peer's client net.  If the
-#              client   is   just   the   peer,   this   will   be
-#              255.255.255.255.
-#
-#       PLUTO_PEER_PROTOCOL
-#              is the IP protocol that will be transported.
-#
-#       PLUTO_PEER_PORT
-#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
-#              restricted on the peer side.
-#
-#       PLUTO_XAUTH_ID
-#              is an optional user ID employed by the XAUTH protocol
-#
-#       PLUTO_MARK_IN
-#              is an optional XFRM mark set on the inbound IPsec SA
-#
-#       PLUTO_MARK_OUT
-#              is an optional XFRM mark set on the outbound IPsec SA
-#
-#       PLUTO_UDP_ENC
-#              contains the remote UDP port in the case of ESP_IN_UDP
-#              encapsulation
-#
-
-# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin"
-export PATH
-
-# uncomment to log VPN connections
-VPN_LOGGING=1
-#
-# tag put in front of each log entry:
-TAG=vpn
-#
-# syslog facility and priority used:
-FAC_PRIO=local0.notice
-#
-# to create a special vpn logging file, put the following line into
-# the syslog configuration file /etc/syslog.conf:
-#
-# local0.notice                   -/var/log/vpn
-
-# in order to use source IP routing the Linux kernel options
-# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES
-# must be enabled
-#
-# special routing table for sourceip routes
-SOURCEIP_ROUTING_TABLE=220
-#
-# priority of the sourceip routing table
-SOURCEIP_ROUTING_TABLE_PRIO=220
-
-# check interface version
-case "$PLUTO_VERSION" in
-1.[0|1])	# Older Pluto?!?  Play it safe, script may be using new features.
-	echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
-	echo "$0: 	called by obsolete Pluto?" >&2
-	exit 2
-	;;
-1.*)	;;
-*)	echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
-	exit 2
-	;;
-esac
-
-# check parameter(s)
-case "$1:$*" in
-':')			# no parameters
-	;;
-iptables:iptables)	# due to (left/right)firewall; for default script only
-	;;
-custom:*)		# custom parameters (see above CAUTION comment)
-	;;
-*)	echo "$0: unknown parameters \`$*'" >&2
-	exit 2
-	;;
-esac
-
-# utility functions for route manipulation
-# Meddling with this stuff should not be necessary and requires great care.
-uproute() {
-	doroute add
-	ip route flush cache
-}
-downroute() {
-	doroute delete
-	ip route flush cache
-}
-
-addsource() {
-	st=0
-	if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local
-	then
-	    it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE"
-	    oops="`eval $it 2>&1`"
-	    st=$?
-	    if test " $oops" = " " -a " $st" != " 0"
-	    then
-		oops="silent error, exit status $st"
-	    fi
-	    if test " $oops" != " " -o " $st" != " 0"
-	    then
-		echo "$0: addsource \`$it' failed ($oops)" >&2
-	    fi
-	fi
-	return $st
-}
-
-doroute() {
-	st=0
-
-	if [ -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    for dir in /etc/sysconfig /etc/conf.d; do
-		if [ -f "$dir/defaultsource" ]
-		then
-		    . "$dir/defaultsource"
-		fi
-	    done
-
-	    if [ -n "$DEFAULTSOURCE" ]
-	    then
-		PLUTO_MY_SOURCEIP=$DEFAULTSOURCE
-	    fi
-        fi
-
-	if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    # leave because no route entry is required
-	    return $st
-	fi
-
-	parms1="$PLUTO_PEER_CLIENT"
-
-	if [ -n "$PLUTO_NEXT_HOP" ]
-	then
-	    parms2="via $PLUTO_NEXT_HOP"
-	else
-	    parms2="via $PLUTO_PEER"
-	fi
-	parms2="$parms2 dev $PLUTO_INTERFACE"
-
-	parms3=
-	if [ -n "$PLUTO_MY_SOURCEIP" ]
-	then
-	    if test "$1" = "add"
-	    then
-		addsource
-		if ! ip rule list | grep -q "lookup $SOURCEIP_ROUTING_TABLE"
-		then
-		    ip rule add pref $SOURCEIP_ROUTING_TABLE_PRIO table $SOURCEIP_ROUTING_TABLE
-		fi
-	    fi
-	    parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table $SOURCEIP_ROUTING_TABLE"
-	fi
-
-	case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-	"0.0.0.0/0.0.0.0")
-		# opportunistic encryption work around
-		# need to provide route that eclipses default, without
-		# replacing it.
-		it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
-			ip route $1 128.0.0.0/1 $parms2 $parms3"
-		;;
-	*)	it="ip route $1 $parms1 $parms2 $parms3"
-		;;
-	esac
-	oops="`eval $it 2>&1`"
-	st=$?
-	if test " $oops" = " " -a " $st" != " 0"
-	then
-	    oops="silent error, exit status $st"
-	fi
-	if test " $oops" != " " -o " $st" != " 0"
-	then
-	    echo "$0: doroute \`$it' failed ($oops)" >&2
-	fi
-	return $st
-}
-
-# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY
-if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
-then
-	KLIPS=1
-	IPSEC_POLICY_IN=""
-	IPSEC_POLICY_OUT=""
-else
-	KLIPS=
-	IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID"
-	IPSEC_POLICY_IN="$IPSEC_POLICY --dir in"
-	IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out"
-fi
-
-# is there an inbound mark to be set?
-if [ -n "$PLUTO_MARK_IN" ]
-then
-	if [ -n "$PLUTO_UDP_ENC" ]
-	then
-	    SET_MARK="-p udp --sport $PLUTO_UDP_ENC"
-	else
-		SET_MARK="-p esp"
-	fi
-	SET_MARK="$SET_MARK -s $PLUTO_PEER -j MARK --set-mark $PLUTO_MARK_IN"
-fi
-
-# are there port numbers?
-if [ "$PLUTO_MY_PORT" != 0 ]
-then
-	S_MY_PORT="--sport $PLUTO_MY_PORT"
-	D_MY_PORT="--dport $PLUTO_MY_PORT"
-fi
-if [ "$PLUTO_PEER_PORT" != 0 ]
-then
-	S_PEER_PORT="--sport $PLUTO_PEER_PORT"
-	D_PEER_PORT="--dport $PLUTO_PEER_PORT"
-fi
-
-# resolve octal escape sequences
-PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
-PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
-
-# the big choice
-case "$PLUTO_VERB:$1" in
-prepare-host:*|prepare-client:*)
-	if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ]
-	then
-	    # exit because no route will be added,
-	    # so that existing routes can stay
-	    exit 0
-	fi
-
-	# delete possibly-existing route (preliminary to adding a route)
-	case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
-	"0.0.0.0/0.0.0.0")
-		# need to provide route that eclipses default, without
-		# replacing it.
-		parms1="0.0.0.0/1"
-		parms2="128.0.0.0/1"
-		it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1"
-		oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`"
-		;;
-	*)
-		parms="$PLUTO_PEER_CLIENT"
-		it="ip route delete $parms 2>&1"
-		oops="`ip route delete $parms 2>&1`"
-		;;
-	esac
-	status="$?"
-	if test " $oops" = " " -a " $status" != " 0"
-	then
-		oops="silent error, exit status $status"
-	fi
-	case "$oops" in
-	*'RTNETLINK answers: No such process'*)
-		# This is what route (currently -- not documented!) gives
-		# for "could not find such a route".
-		oops=
-		status=0
-		;;
-	esac
-	if test " $oops" != " " -o " $status" != " 0"
-	then
-		echo "$0: \`$it' failed ($oops)" >&2
-	fi
-	exit $status
-	;;
-route-host:*|route-client:*)
-	# connection to me or my client subnet being routed
-	uproute
-	;;
-unroute-host:*|unroute-client:*)
-	# connection to me or my client subnet being unrouted
-	downroute
-	;;
-up-host:)
-	# connection to me coming up
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -A PREROUTING $SET_MARK
-	fi
-	iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
-	#
-	# log IPsec host connection setup
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
-	  else
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-	  fi
-	fi
-	;;
-down-host:)
-	# connection to me going down
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -D PREROUTING $SET_MARK
-	fi
-	iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
-	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
-	#
-	# log IPsec host connection teardown
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO -- \
-	      "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
-	  else
-	    logger -t $TAG -p $FAC_PRIO -- \
-	    "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
-	  fi
-	fi
-	;;
-up-client:)
-	# connection to my client subnet coming up
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -A PREROUTING $SET_MARK
-	fi
-	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-	then
-	  iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
-	  iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	fi
-	#
-	# a virtual IP requires an INPUT and OUTPUT rule on the host
-	# or sometimes host access via the internal IP is needed
-	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-	then
-	  iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
-	  iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
-	fi
-	#
-	# log IPsec client connection setup
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  else
-	    logger -t $TAG -p $FAC_PRIO \
-	      "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  fi
-	fi
-	;;
-down-client:)
-	# connection to my client subnet going down
-	# If you are doing a custom version, firewall commands go here.
-	if [ -n "$PLUTO_MARK_IN" ]
-	then
-	    iptables -t mangle -D PREROUTING $SET_MARK
-	fi
-	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
-	then
-	  iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-	         $IPSEC_POLICY_OUT -j ACCEPT
-	  iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
-	         $IPSEC_POLICY_IN -j ACCEPT
-	fi
-	#
-	# a virtual IP requires an INPUT and OUTPUT rule on the host
-	# or sometimes host access via the internal IP is needed
-	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
-	then
-	  iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
-	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
-	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
-	         $IPSEC_POLICY_IN -j ACCEPT
-	  iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
-	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
-	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
-	         $IPSEC_POLICY_OUT -j ACCEPT
-	fi
-	#
-	# log IPsec client connection teardown
-	if [ $VPN_LOGGING ]
-	then
-	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
-	  then
-	    logger -t $TAG -p $FAC_PRIO -- \
-	      "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  else
-	    logger -t $TAG -p $FAC_PRIO -- \
-	      "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
-	  fi
-	fi
-	;;
-*)	echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
-	exit 1
-	;;
-esac
diff --git a/testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/init.d/iptables b/testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/init.d/iptables
deleted file mode 100755
index 5594bbf52..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/init.d/iptables
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-        # allow ESP 
-        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow MOBIKE 
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/ipsec.conf
deleted file mode 100755
index e7561ebbe..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/hosts/venus/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-        crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=%defaultroute
-	leftsubnet=10.1.0.0/25
-	leftcert=venusCert.pem
-	leftid=@venus.strongswan.org
-	leftfirewall=yes
-	lefthostaccess=yes
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-	rightsubnet=10.2.0.0/16
-	auto=add
diff --git a/testing/tests/ikev1/rw-mark-in-out/posttest.dat b/testing/tests/ikev1/rw-mark-in-out/posttest.dat
deleted file mode 100644
index fae79271b..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/posttest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-sun::iptables -t mangle -v -n -L PREROUTING
-sun::ipsec stop
-alice::ipsec stop
-venus::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-venus::/etc/init.d/iptables stop 2> /dev/null
-sun::/etc/init.d/iptables stop 2> /dev/null
-sun::ip route del 10.1.0.0/16 via PH_IP_MOON
-sun::conntrack -F
-sun::rm /etc/mark_updown
-moon::iptables -t nat -F
-moon::conntrack -F
diff --git a/testing/tests/ikev1/rw-mark-in-out/pretest.dat b/testing/tests/ikev1/rw-mark-in-out/pretest.dat
deleted file mode 100644
index 427e5c67f..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/pretest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-alice::/etc/init.d/iptables start 2> /dev/null
-venus::/etc/init.d/iptables start 2> /dev/null
-sun::/etc/init.d/iptables start 2> /dev/null
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-moon::iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp -j SNAT --to PH_IP_MOON
-sun::ip route add 10.1.0.0/16 via PH_IP_MOON
-sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 10 -j SNAT --to 10.3.0.10
-sun::iptables -t nat -A POSTROUTING -o eth1 -m mark --mark 20 -j SNAT --to 10.3.0.20
-sun::iptables -t mangle -A PREROUTING -d 10.3.0.10 -j MARK --set-mark 11
-sun::iptables -t mangle -A PREROUTING -d 10.3.0.20 -j MARK --set-mark 21
-alice::ipsec start
-venus::ipsec start
-sun::ipsec start
-alice::sleep 2
-alice::ipsec up home
-venus::sleep 2
-venus::ipsec up home
-venus::sleep 2
diff --git a/testing/tests/ikev1/rw-mark-in-out/test.conf b/testing/tests/ikev1/rw-mark-in-out/test.conf
deleted file mode 100644
index ae3c190b8..000000000
--- a/testing/tests/ikev1/rw-mark-in-out/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon winnetou sun bob"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon bob"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice venus sun"
diff --git a/testing/tests/ikev1/rw-psk-aggressive/description.txt b/testing/tests/ikev1/rw-psk-aggressive/description.txt
new file mode 100644
index 000000000..32a476ee8
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-aggressive/description.txt
@@ -0,0 +1,7 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using <b>IKEv1 Aggressive Mode</b>. The authentication
+is based on distinct <b>pre-shared keys</b> and <b>Fully Qualified Domain Names</b>.
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping the
+client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat
new file mode 100644
index 000000000..b545c2289
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-aggressive/evaltest.dat
@@ -0,0 +1,14 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/ipsec.conf
similarity index 90%
rename from testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/ipsec.conf
index c040fe88f..006c72b66 100755
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -10,13 +9,14 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
+	authby=secret
+	aggressive=yes
 	
 conn home
-	authby=secret
 	left=PH_IP_CAROL
 	leftid=carol@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/ipsec.secrets
similarity index 50%
rename from testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.secrets
rename to testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/ipsec.secrets
index 6a2aea811..47e31ca21 100644
--- a/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/ipsec.conf
similarity index 77%
rename from testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/ipsec.conf
index ffa211299..76f405862 100755
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -11,10 +10,11 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	authby=secret
+	aggressive=yes
 	
 conn home
-	left=PH_IP_CAROL
-	leftid=@carol.strongswan.org
+	left=PH_IP_DAVE
+	leftid=dave@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
diff --git a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/ipsec.secrets
similarity index 50%
rename from testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.secrets
rename to testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/ipsec.secrets
index 6a2aea811..f6c1a22ef 100644
--- a/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
+dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/ipsec.conf
similarity index 88%
rename from testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/ipsec.conf
index dbd3adb4c..3efb3e116 100755
--- a/testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/ipsec.conf
@@ -1,7 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -9,12 +9,13 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-
-conn rw-psk
 	authby=secret
+	aggressive=yes
+
+conn rw
 	left=PH_IP_MOON
-	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
+	leftid=@moon.strongswan.org
 	leftfirewall=yes
 	right=%any
 	auto=add
diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..e3dd0fba3
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,5 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+@moon.strongswan.org dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/mode-config-push/posttest.dat b/testing/tests/ikev1/rw-psk-aggressive/posttest.dat
similarity index 68%
rename from testing/tests/ikev1/mode-config-push/posttest.dat
rename to testing/tests/ikev1/rw-psk-aggressive/posttest.dat
index 42fa8359b..7cebd7f25 100644
--- a/testing/tests/ikev1/mode-config-push/posttest.dat
+++ b/testing/tests/ikev1/rw-psk-aggressive/posttest.dat
@@ -4,5 +4,3 @@ dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1/xauth-id-psk/pretest.dat b/testing/tests/ikev1/rw-psk-aggressive/pretest.dat
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk/pretest.dat
rename to testing/tests/ikev1/rw-psk-aggressive/pretest.dat
index 95a6be131..761abe274 100644
--- a/testing/tests/ikev1/xauth-id-psk/pretest.dat
+++ b/testing/tests/ikev1/rw-psk-aggressive/pretest.dat
@@ -4,9 +4,9 @@ dave::/etc/init.d/iptables start 2> /dev/null
 moon::rm /etc/ipsec.d/cacerts/*
 carol::rm /etc/ipsec.d/cacerts/*
 dave::rm /etc/ipsec.d/cacerts/*
-moon::ipsec start
 carol::ipsec start
 dave::ipsec start
+moon::ipsec start
 carol::sleep 2
 carol::ipsec up home
 dave::ipsec up home
diff --git a/testing/tests/ikev1/xauth-id-psk/test.conf b/testing/tests/ikev1/rw-psk-aggressive/test.conf
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk/test.conf
rename to testing/tests/ikev1/rw-psk-aggressive/test.conf
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/description.txt b/testing/tests/ikev1/rw-psk-fqdn-named/description.txt
deleted file mode 100644
index adfab2f4d..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/description.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. The authentication is
-based on <b>Preshared Keys</b> (PSK) and <b>Fully Qualified Domain Names</b> (ID_FQDN). 
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the
-tunneled traffic. In order to test the tunnel <b>carol</b> pings the client <b>alice</b> behind
-the gateway <b>moon</b>.
-<p>
-The significant difference between this scenario and the test
-<a href="../rw-psk-fqdn"><b>rw-psk-fqdn</b></a>
-is the additional line <b>rightid=@carol.strongswan.org</b> by which gateway
-<b>moon</b> restricts the roadwarrior connection to host <b>carol</b>.
-</p>
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/evaltest.dat b/testing/tests/ikev1/rw-psk-fqdn-named/evaltest.dat
deleted file mode 100644
index c7657801e..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index db3884e57..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-@carol.strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
-
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 453cdc07c..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 5f7cdedd2..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=secret
-	
-conn rw-carol 
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	right=%any
-	rightid=@carol.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 6281340ae..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
-
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 453cdc07c..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/posttest.dat b/testing/tests/ikev1/rw-psk-fqdn-named/posttest.dat
deleted file mode 100644
index 94a400606..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/pretest.dat b/testing/tests/ikev1/rw-psk-fqdn-named/pretest.dat
deleted file mode 100644
index dbf03f552..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/pretest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-moon::rm /etc/ipsec.d/cacerts/*
-carol::rm /etc/ipsec.d/cacerts/*
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/rw-psk-fqdn-named/test.conf b/testing/tests/ikev1/rw-psk-fqdn-named/test.conf
deleted file mode 100644
index 9cd583b16..000000000
--- a/testing/tests/ikev1/rw-psk-fqdn-named/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/rw-psk-fqdn/description.txt b/testing/tests/ikev1/rw-psk-fqdn/description.txt
index d6c79afb2..47f6968ae 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/description.txt
+++ b/testing/tests/ikev1/rw-psk-fqdn/description.txt
@@ -1,5 +1,6 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. The authentication is
-based on <b>Preshared Keys</b> (PSK) and <b>Fully Qualified Domain Names</b> (ID_FQDN). 
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the
-tunneled traffic. In order to test the tunnel <b>carol</b> pings the client <b>alice</b> behind
-the gateway <b>moon</b>.
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>Fully Qualified Domain Names</b>. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat
index c7657801e..ef964a234 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat
+++ b/testing/tests/ikev1/rw-psk-fqdn/evaltest.dat
@@ -1,5 +1,14 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
index ffa211299..021d4dcc8 100755
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -14,7 +13,7 @@ conn %default
 	
 conn home
 	left=PH_IP_CAROL
-	leftid=@carol.strongswan.org
+	leftid=carol@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
 	rightsubnet=10.1.0.0/16
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
index db3884e57..47e31ca21 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets
@@ -1,7 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-@carol.strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
-
+carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index 453cdc07c..d84cba2b0 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..13816c764
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,21 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_DAVE
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
similarity index 50%
rename from testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets
rename to testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
index fac55d63b..f6c1a22ef 100644
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolKey.pem
+dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
index efec3b33d..52ed9490a 100755
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -11,11 +10,21 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	authby=secret
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	rightid=carol@strongswan.org
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	rightid=dave@strongswan.org
+	auto=add
 	
 conn rw
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
 	leftid=@moon.strongswan.org
 	leftfirewall=yes
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
index 661168fb5..e3dd0fba3 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets
@@ -1,3 +1,5 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+@moon.strongswan.org carol@strongswan.org : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+
+@moon.strongswan.org dave@strongswan.org  : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index 453cdc07c..d84cba2b0 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev1/rw-psk-fqdn/posttest.dat b/testing/tests/ikev1/rw-psk-fqdn/posttest.dat
index 94a400606..7cebd7f25 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/posttest.dat
+++ b/testing/tests/ikev1/rw-psk-fqdn/posttest.dat
@@ -1,4 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
+dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/rw-psk-fqdn/pretest.dat b/testing/tests/ikev1/rw-psk-fqdn/pretest.dat
index dbf03f552..761abe274 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/pretest.dat
+++ b/testing/tests/ikev1/rw-psk-fqdn/pretest.dat
@@ -1,8 +1,12 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
 moon::rm /etc/ipsec.d/cacerts/*
 carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
 carol::ipsec start
+dave::ipsec start
 moon::ipsec start
 carol::sleep 2
 carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/rw-psk-fqdn/test.conf b/testing/tests/ikev1/rw-psk-fqdn/test.conf
index 9cd583b16..70416826e 100644
--- a/testing/tests/ikev1/rw-psk-fqdn/test.conf
+++ b/testing/tests/ikev1/rw-psk-fqdn/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice moon carol winnetou"
+UMLHOSTS="alice moon carol winnetou dave"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-m-c-w-d.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,4 +18,4 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol"
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/rw-psk-ipv4/description.txt b/testing/tests/ikev1/rw-psk-ipv4/description.txt
index b3a0bc192..b4aaa6a6a 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/description.txt
+++ b/testing/tests/ikev1/rw-psk-ipv4/description.txt
@@ -1,5 +1,6 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. The authentication is
-based on <b>Preshared Keys</b> (PSK) and <b>IPv4 addresses</b> (ID_IPV4_ADDR).
-<b>firewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnel <b>carol</b> pings the client <b>alice</b>
-behind the gateway <b>moon</b>.
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>IPv4</b> addresses. Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat
index c7657801e..d56c5220f 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat
+++ b/testing/tests/ikev1/rw-psk-ipv4/evaltest.dat
@@ -1,5 +1,14 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*\[192.168.0.1]::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*\[192.168.0.1]::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*\[192.168.0.1].*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
index 0d2a5d2c4..cb6ca3d0f 100755
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
index 69313b289..18a074472 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets
@@ -1,7 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-PH_IP_CAROL PH_IP_MOON : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
-
+192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 453cdc07c..d84cba2b0 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..0a293c8f1
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,19 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	authby=secret
+	
+conn home
+	left=PH_IP_DAVE
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
similarity index 53%
rename from testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.secrets
rename to testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
index 8e31be4cb..a048cb5f2 100644
--- a/testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets
@@ -1,3 +1,3 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-: RSA carolRevokedKey.pem
+192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d84cba2b0
--- /dev/null
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
index 41582eaef..20bbef0b2 100755
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
@@ -1,8 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -11,10 +10,18 @@ conn %default
 	keyingtries=1
 	keyexchange=ikev1
 	authby=secret
+
+conn rw-carol
+	also=rw
+	right=PH_IP_CAROL
+	auto=add
+
+conn rw-dave
+	also=rw
+	right=PH_IP_DAVE
+	auto=add
 	
 conn rw
 	left=PH_IP_MOON
 	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
index a8e367950..55c639704 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets
@@ -1,7 +1,5 @@
 # /etc/ipsec.secrets - strongSwan IPsec secrets file
 
-PH_IP_MOON %any : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
+192.168.0.1 192.168.0.100 : PSK 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
 
+192.168.0.1 192.168.0.200 : PSK 0sjVzONCF02ncsgiSlmIXeqhGN
diff --git a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 453cdc07c..d84cba2b0 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
+charon {
+  load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev1/rw-psk-ipv4/posttest.dat b/testing/tests/ikev1/rw-psk-ipv4/posttest.dat
index 94a400606..7cebd7f25 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/posttest.dat
+++ b/testing/tests/ikev1/rw-psk-ipv4/posttest.dat
@@ -1,4 +1,6 @@
 moon::ipsec stop
 carol::ipsec stop
+dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/rw-psk-ipv4/pretest.dat b/testing/tests/ikev1/rw-psk-ipv4/pretest.dat
index dbf03f552..761abe274 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/pretest.dat
+++ b/testing/tests/ikev1/rw-psk-ipv4/pretest.dat
@@ -1,8 +1,12 @@
 moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
 moon::rm /etc/ipsec.d/cacerts/*
 carol::rm /etc/ipsec.d/cacerts/*
+dave::rm /etc/ipsec.d/cacerts/*
 carol::ipsec start
+dave::ipsec start
 moon::ipsec start
 carol::sleep 2
 carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/rw-psk-ipv4/test.conf b/testing/tests/ikev1/rw-psk-ipv4/test.conf
index 9cd583b16..70416826e 100644
--- a/testing/tests/ikev1/rw-psk-ipv4/test.conf
+++ b/testing/tests/ikev1/rw-psk-ipv4/test.conf
@@ -5,11 +5,11 @@
 
 # All UML instances that are required for this test
 #
-UMLHOSTS="alice moon carol winnetou"
+UMLHOSTS="alice moon carol winnetou dave"
 
 # Corresponding block diagram
 #
-DIAGRAM="a-m-c-w.png"
+DIAGRAM="a-m-c-w-d.png"
 
 # UML instances on which tcpdump is to be started
 #
@@ -18,4 +18,4 @@ TCPDUMPHOSTS="moon"
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
 #
-IPSECHOSTS="moon carol"
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/rw-psk-no-policy/description.txt b/testing/tests/ikev1/rw-psk-no-policy/description.txt
deleted file mode 100644
index 0e359414f..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-The roadwarrior <b>carol</b> wants to set up a connection to gateway <b>moon</b> using
-<b>PSK</b>-based authentication. Since <b>moon</b> supports <b>RSASIG</b>-based
-authentication only, the connection setup fails.
diff --git a/testing/tests/ikev1/rw-psk-no-policy/evaltest.dat b/testing/tests/ikev1/rw-psk-no-policy/evaltest.dat
deleted file mode 100644
index a28377dbd..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::cat /var/log/auth.log::peer requests PSK authentication::YES
-moon::cat /var/log/auth.log::but no connection has been authorized with policy=PSK::YES
-moon::ipsec status::*PH_IP_CAROL STATE_QUICK_R2.*IPsec SA established::NO
-
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 1b721dc58..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
-
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 453cdc07c..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 453cdc07c..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/rw-psk-no-policy/posttest.dat b/testing/tests/ikev1/rw-psk-no-policy/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/rw-psk-no-policy/pretest.dat b/testing/tests/ikev1/rw-psk-no-policy/pretest.dat
deleted file mode 100644
index 3a7804ddd..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::rm /etc/ipsec.d/cacerts/*
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/rw-psk-no-policy/test.conf b/testing/tests/ikev1/rw-psk-no-policy/test.conf
deleted file mode 100644
index f622c18b7..000000000
--- a/testing/tests/ikev1/rw-psk-no-policy/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/description.txt b/testing/tests/ikev1/rw-psk-rsa-mixed/description.txt
deleted file mode 100644
index b99a8e5b3..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> each set up a connection to gateway <b>moon</b>.
-<b>carol</b>'s authentication is based on a Pre-Shared Key (<b>PSK</b>) whereas <b>dave</b>'s
-is based on an RSA signature (<b>RSASIG</b>). Gateway <b>moon</b> supports both authentication modes
-and automatically selects the correct roadwarrior connection definition based on policy
-information gained from pre-parsing the peers' ISAKMP proposal payload. 
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat b/testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat
deleted file mode 100644
index 5ab6632cc..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::peer requests PSK authentication::YES
-moon::ipsec status::rw-psk.*PH_IP_CAROL STATE_QUICK_R2.*IPsec SA established::YES
-moon::cat /var/log/auth.log::peer requests PUBKEY authentication::YES
-moon::ipsec status::rw-rsasig.*PH_IP_DAVE STATE_QUICK_R2.*IPsec SA established::YES
-
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index f2a15af0a..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	ike=aes128,serpent128,twofish128,3des
-	
-conn home
-	authby=secret
-	left=PH_IP_CAROL
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	auto=add
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 1b721dc58..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-
-
-
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 02270e004..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	right=%any
-	
-conn rw-rsasig
-	authby=rsasig
-	leftcert=moonCert.pem
-	auto=add
-
-conn rw-psk
-	authby=secret
-	auto=add
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index fd33507a7..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-: RSA moonKey.pem
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/posttest.dat b/testing/tests/ikev1/rw-psk-rsa-mixed/posttest.dat
deleted file mode 100644
index ed530f6d9..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/posttest.dat
+++ /dev/null
@@ -1,3 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/pretest.dat b/testing/tests/ikev1/rw-psk-rsa-mixed/pretest.dat
deleted file mode 100644
index 35797b589..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/pretest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-carol::rm /etc/ipsec.d/cacerts/*
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
-dave::ipsec up home
diff --git a/testing/tests/ikev1/rw-psk-rsa-mixed/test.conf b/testing/tests/ikev1/rw-psk-rsa-mixed/test.conf
deleted file mode 100644
index 699b88e88..000000000
--- a/testing/tests/ikev1/rw-psk-rsa-mixed/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol dave winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/description.txt b/testing/tests/ikev1/rw-rsa-no-policy/description.txt
deleted file mode 100644
index c3336b769..000000000
--- a/testing/tests/ikev1/rw-rsa-no-policy/description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-The roadwarrior <b>carol</b> wants to set up a connection to gateway <b>moon</b> using
-<b>RSASIG</b>-based authentication. Since <b>moon</b> supports <b>PSK</b>-based
-authentication only, the connection setup fails.
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat b/testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat
deleted file mode 100644
index 849ae5d66..000000000
--- a/testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::cat /var/log/auth.log::peer requests PUBKEY authentication::YES
-moon::cat /var/log/auth.log::but no connection has been authorized with policy=PUBKEY::YES
-moon::ipsec status::*PH_IP_CAROL STATE_QUICK_R2.*IPsec SA established::NO
-
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index e8c151f05..000000000
--- a/testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/posttest.dat b/testing/tests/ikev1/rw-rsa-no-policy/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/rw-rsa-no-policy/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/pretest.dat b/testing/tests/ikev1/rw-rsa-no-policy/pretest.dat
deleted file mode 100644
index 0d2a0dd1f..000000000
--- a/testing/tests/ikev1/rw-rsa-no-policy/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::rm /etc/ipsec.d/cacerts/*
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/rw-rsa-no-policy/test.conf b/testing/tests/ikev1/rw-rsa-no-policy/test.conf
deleted file mode 100644
index f622c18b7..000000000
--- a/testing/tests/ikev1/rw-rsa-no-policy/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/self-signed/description.txt b/testing/tests/ikev1/self-signed/description.txt
deleted file mode 100644
index 2d7bfc2bf..000000000
--- a/testing/tests/ikev1/self-signed/description.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-Roadwarrior <b>carol</b> and gateway <b>moon</b> each generate a
-PKCS#1 RSA private key and a self-signed X.509 certificate
-using the <b>ipsec scepclient</b> function. Because the UML testing
-environment does not offer enough entropy, the non-blocking /dev/urandom
-device is used in place of /dev/random for generating the random primes.
-<p>
-The self-signed certificates are then distributed to the peers via scp
-and are used to set up a road warrior connection initiated by <b>carol</b> 
diff --git a/testing/tests/ikev1/self-signed/evaltest.dat b/testing/tests/ikev1/self-signed/evaltest.dat
deleted file mode 100644
index f190d7066..000000000
--- a/testing/tests/ikev1/self-signed/evaltest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-carol::cat /var/log/auth.log::we have a cert but are not sending it::YES
-moon::cat /var/log/auth.log::we have a cert but are not sending it::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index f6859b8a4..000000000
--- a/testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=0
-	strictcrlpolicy=no
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=selfCert.der
-	leftsendcert=never
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightcert=peerCert.der
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 167d743df..000000000
--- a/testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA myKey.der
diff --git a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index e589a9425..000000000
--- a/testing/tests/ikev1/self-signed/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-scepclient {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/self-signed/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 13ad3063f..000000000
--- a/testing/tests/ikev1/self-signed/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A INPUT  -p tcp --sport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index f14352bf8..000000000
--- a/testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=0
-	strictcrlpolicy=no
-	nocrsend=yes
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn carol
-	left=PH_IP_MOON
-	leftcert=moonCert.der
-	leftid=@moon.strongswan.org
-	leftsendcert=never
-	leftfirewall=yes
-	leftsubnet=10.1.0.0/16
-	right=%any
-	rightcert=carolCert.der
-	auto=add
-
diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index b9ec17dbc..000000000
--- a/testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.der
diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/scepclient.conf b/testing/tests/ikev1/self-signed/hosts/moon/etc/scepclient.conf
deleted file mode 100644
index b84f3e131..000000000
--- a/testing/tests/ikev1/self-signed/hosts/moon/etc/scepclient.conf
+++ /dev/null
@@ -1,6 +0,0 @@
---debug-control
---keylength 2032
---days 1460
---subjectAltName dns=moon.strongswan.org
---out pkcs1=moonKey.der
---out cert-self=moonCert.der 
diff --git a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index e589a9425..000000000
--- a/testing/tests/ikev1/self-signed/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-scepclient {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/self-signed/posttest.dat b/testing/tests/ikev1/self-signed/posttest.dat
deleted file mode 100644
index 8cada5e7e..000000000
--- a/testing/tests/ikev1/self-signed/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
-moon::rm /etc/ipsec.d/private/*
-moon::rm /etc/ipsec.d/certs/*
diff --git a/testing/tests/ikev1/self-signed/pretest.dat b/testing/tests/ikev1/self-signed/pretest.dat
deleted file mode 100644
index a7cddf677..000000000
--- a/testing/tests/ikev1/self-signed/pretest.dat
+++ /dev/null
@@ -1,17 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/certs/*
-carol::rm /etc/ipsec.d/cacerts/*
-carol::ipsec scepclient --out pkcs1 --out cert-self
-moon::rm /etc/ipsec.d/private/*
-moon::rm /etc/ipsec.d/certs/*
-moon::rm /etc/ipsec.d/cacerts/*
-moon::cat /etc/scepclient.conf
-moon::ipsec scepclient --dn \"C=CH, O=Linux strongSwan, CN=moon.strongswan.org\" --optionsfrom /etc/scepclient.conf
-moon::scp carol:/etc/ipsec.d/certs/selfCert.der /etc/ipsec.d/certs/carolCert.der
-moon::scp /etc/ipsec.d/certs/moonCert.der carol:/etc/ipsec.d/certs/peerCert.der
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/self-signed/test.conf b/testing/tests/ikev1/self-signed/test.conf
deleted file mode 100644
index 0baa48d90..000000000
--- a/testing/tests/ikev1/self-signed/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/starter-also-loop/description.txt b/testing/tests/ikev1/starter-also-loop/description.txt
deleted file mode 100644
index 7451f4e12..000000000
--- a/testing/tests/ikev1/starter-also-loop/description.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-This scenario is the same as test <b><a href="../rw-cert">rw-cert</a></b> but
-uses the <b>also</b> parameter in <b>moon</b>'s ipsec.conf in order to define
-the connections in a modular form. A closed also loop created by including
-<b>conn host-host</b> in <b>conn moon</b> is successfully detected.
diff --git a/testing/tests/ikev1/starter-also-loop/evaltest.dat b/testing/tests/ikev1/starter-also-loop/evaltest.dat
deleted file mode 100644
index 161772f8e..000000000
--- a/testing/tests/ikev1/starter-also-loop/evaltest.dat
+++ /dev/null
@@ -1,3 +0,0 @@
-moon::cat /var/log/auth.log::detected also loop::YES
-moon::cat /var/log/auth.log::errors in config::YES
-
diff --git a/testing/tests/ikev1/starter-also-loop/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/starter-also-loop/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index af2fcc5dc..000000000
--- a/testing/tests/ikev1/starter-also-loop/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,47 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn net-net
-	also=host-host
-	also=moon-net
-	also=sun-net
-        
-conn host-host
-	also=moon
-	also=sun
-	auto=add
-
-conn rw
-	right=%any
-	also=moon
-	also=moon-net
-	auto=add
-
-conn moon
-	left=PH_IP_MOON
-        leftcert=moonCert.pem
-        leftid=@moon.strongswan.org
-        leftfirewall=yes
-	also=host-host
-
-conn moon-net
-	leftsubnet=10.1.0.0/16
-
-conn sun
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-
-conn sun-net
-	rightsubnet=10.2.0.0/16
diff --git a/testing/tests/ikev1/starter-also-loop/posttest.dat b/testing/tests/ikev1/starter-also-loop/posttest.dat
deleted file mode 100644
index e69de29bb..000000000
diff --git a/testing/tests/ikev1/starter-also-loop/pretest.dat b/testing/tests/ikev1/starter-also-loop/pretest.dat
deleted file mode 100644
index b135b12c3..000000000
--- a/testing/tests/ikev1/starter-also-loop/pretest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec start --debug-all
-moon::sleep 1
diff --git a/testing/tests/ikev1/starter-also-loop/test.conf b/testing/tests/ikev1/starter-also-loop/test.conf
deleted file mode 100644
index e7735308f..000000000
--- a/testing/tests/ikev1/starter-also-loop/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon"
diff --git a/testing/tests/ikev1/starter-also/description.txt b/testing/tests/ikev1/starter-also/description.txt
deleted file mode 100644
index 3d4ff7dbf..000000000
--- a/testing/tests/ikev1/starter-also/description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-This scenario is the same as test <b><a href="../rw-cert">rw-cert</a></b> but
-uses the <b>also</b> parameter in <b>moon</b>'s ipsec.conf in order to define
-the connections in a modular form.
diff --git a/testing/tests/ikev1/starter-also/evaltest.dat b/testing/tests/ikev1/starter-also/evaltest.dat
deleted file mode 100644
index c7657801e..000000000
--- a/testing/tests/ikev1/starter-also/evaltest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/starter-also/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/starter-also/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 2bd4985ca..000000000
--- a/testing/tests/ikev1/starter-also/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,46 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn net-net
-	also=host-host
-	also=moon-net
-	also=sun-net
-        
-conn host-host
-	also=moon
-	also=sun
-	auto=add
-
-conn rw
-	right=%any
-	also=moon
-	also=moon-net
-	auto=add
-
-conn moon
-	left=PH_IP_MOON
-        leftcert=moonCert.pem
-        leftid=@moon.strongswan.org
-        leftfirewall=yes
-
-conn moon-net
-	leftsubnet=10.1.0.0/16
-
-conn sun
-	right=PH_IP_SUN
-	rightid=@sun.strongswan.org
-
-conn sun-net
-	rightsubnet=10.2.0.0/16
diff --git a/testing/tests/ikev1/starter-also/posttest.dat b/testing/tests/ikev1/starter-also/posttest.dat
deleted file mode 100644
index 94a400606..000000000
--- a/testing/tests/ikev1/starter-also/posttest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/starter-also/pretest.dat b/testing/tests/ikev1/starter-also/pretest.dat
deleted file mode 100644
index c7b4f43be..000000000
--- a/testing/tests/ikev1/starter-also/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-moon::ipsec start --debug-all
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/starter-also/test.conf b/testing/tests/ikev1/starter-also/test.conf
deleted file mode 100644
index 9cd583b16..000000000
--- a/testing/tests/ikev1/starter-also/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/starter-includes/description.txt b/testing/tests/ikev1/starter-includes/description.txt
deleted file mode 100644
index 6a05c0cca..000000000
--- a/testing/tests/ikev1/starter-includes/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-This test is based on the <a href="../mode-config">mode-config</a>
-scenario and demonstrates the multiple use of the <b>include</b>
-parameter in IPsec configuration files. At the top level <b>/etc/ipsec.conf</b>
-defines the config setup section and includes <b>/etc/ipsec.connections</b>
-which in turn includes <b>/etc/ipsec.host</b> and <b>/etc/ipsec.peers/*</b>
-thereby showing the use of wildcards in path definitions.
diff --git a/testing/tests/ikev1/starter-includes/evaltest.dat b/testing/tests/ikev1/starter-includes/evaltest.dat
deleted file mode 100644
index 7de32d681..000000000
--- a/testing/tests/ikev1/starter-includes/evaltest.dat
+++ /dev/null
@@ -1,16 +0,0 @@
-carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.2::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec status::rw-carol.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::rw-dave.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/starter-includes/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/starter-includes/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 9c75434c2..000000000
--- a/testing/tests/ikev1/starter-includes/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=%modeconfig
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 4e7bfc1b4..000000000
--- a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-include /etc/ipsec.connections
diff --git a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.connections b/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.connections
deleted file mode 100644
index bd47f9e09..000000000
--- a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.connections
+++ /dev/null
@@ -1,13 +0,0 @@
-# /etc/ipsec.connections - connection definitions 
-
-conn %default
-        ikelifetime=60m
-        keylife=20m
-        rekeymargin=3m
-        keyingtries=1
-	keyexchange=ikev1
-
-include /etc/ipsec.host
-
-include /etc/ipsec.peers/*
-
diff --git a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.host b/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.host
deleted file mode 100755
index acf753cc0..000000000
--- a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.host
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/ipsec.host - my host configuration
-
-conn %default
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftsourceip=PH_IP_MOON1
-	leftnexthop=%direct
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-
diff --git a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.carol b/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.carol
deleted file mode 100644
index 84bedfef6..000000000
--- a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.carol
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/ipsec.peers/ipsec.carol - connection from carol 
-
-conn rw-carol
-	right=%any
-	rightid=carol@strongswan.org
-	rightsourceip=PH_IP_CAROL1
-	auto=add
-
diff --git a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.dave b/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.dave
deleted file mode 100644
index ee021c9be..000000000
--- a/testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.dave
+++ /dev/null
@@ -1,8 +0,0 @@
-# /etc/ipsec.peers/ipsec.dave - connection from dave
-
-conn rw-dave
-	right=%any
-	rightid=dave@strongswan.org
-	rightsourceip=PH_IP_DAVE1
-	auto=add
-
diff --git a/testing/tests/ikev1/starter-includes/posttest.dat b/testing/tests/ikev1/starter-includes/posttest.dat
deleted file mode 100644
index ebf7525ef..000000000
--- a/testing/tests/ikev1/starter-includes/posttest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
-moon::rm /etc/ipsec.connections /etc/ipsec.host
-moon::rm -r /etc/ipsec.peers
diff --git a/testing/tests/ikev1/starter-includes/pretest.dat b/testing/tests/ikev1/starter-includes/pretest.dat
deleted file mode 100644
index b034a0c03..000000000
--- a/testing/tests/ikev1/starter-includes/pretest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-moon::cat /etc/ipsec.connections /etc/ipsec.host /etc/ipsec.peers/*
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start --debug-all
-carol::sleep 2
-carol::ipsec up home
-dave::ipsec up home
-carol::sleep 1
diff --git a/testing/tests/ikev1/starter-includes/test.conf b/testing/tests/ikev1/starter-includes/test.conf
deleted file mode 100644
index 1a8f2a4e0..000000000
--- a/testing/tests/ikev1/starter-includes/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/strong-certs/description.txt b/testing/tests/ikev1/strong-certs/description.txt
deleted file mode 100644
index 8e6e8b4f9..000000000
--- a/testing/tests/ikev1/strong-certs/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-This is a remote-access scenario with two roadwarriors <b>carol</b> and <b>dave</b>
-setting up a connection each to the VPN gateway <b>moon</b>. Authentication is
-based on strong X.509 certificates with SHA-2 signatures.
-The X.509 certificate of the gateway <b>moon</b> uses a <b>SHA-224</b> hash in
-its signature whereas the certificates of the roadwarriors <b>carol</b>
-and <b>dave</b> use <b>SHA-384</b> and <b>SHA-512</b>, respectively.
diff --git a/testing/tests/ikev1/strong-certs/evaltest.dat b/testing/tests/ikev1/strong-certs/evaltest.dat
deleted file mode 100644
index 2fe4de76f..000000000
--- a/testing/tests/ikev1/strong-certs/evaltest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 2a1dad5c6..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	strictcrlpolicy=no
-	crlcheckinterval=180
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert-sha384.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	auto=add
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem
deleted file mode 100644
index 929f737c8..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEITCCAwmgAwIBAgIBJTANBgkqhkiG9w0BAQwFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTExMTAxNzEyNDc1OVoXDTE2MTAxNTEyNDc1OVowWTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0z
-ODQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAuByYUPGv67XSQHjpfFjhuH/l/sMIQGhsFcO4ebYv
-7otSsjbH4gasmAOvEFxoIxkOG9IWFAHP1WyiqG3sOsyyfUg6wHl1FTe4Y3kHWZp0
-DvtT6CWnnxQwKibIhXfB3IPHRTcRG1zGN4J3Vl6IofIRlrl0K3NYUUofn0xMKAoS
-hLjwuqq2eviX5NIQDOTnoga2C5Ed58hIc6/YWXzfg9EpB194tcCWmSj7yfq6ruD9
-xAh32ywd10fsi4tt3F/BWzXjySxBlBhvvh6kL/Nqa6OSWaXsvZqXmrYm+hm4LKkO
-ZLZYzBqJRpRm1rEhYqMg2u0SSSTXsNFuw+027n7Vt8+DzwIDAQABo4IBBjCCAQIw
-CQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFPk6ATSleHErWFAYkCZD
-BhDo8X1qMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQsw
-CQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMS
-c3Ryb25nU3dhbiBSb290IENBggEAMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3
-YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEMBQADggEBAHiE/MMyXJXuMuhw
-/lu/UwjCHbbJMA9QrBJe++34OwAV0siM98loVLs23vHXk/52QHRIwZgMLO2FF9Pk
-4JkFOvTXCgNPZKrUL28UhHsnJe8EZVOuir5o6yTSti+J/tR4M2YoY67JjW/KeTwU
-BVBtBVH88gf/xm2mSlIrkHxG3/GWqyEdeY7BOaft1sFTTZ1gKKXQlARtWidho1mf
-5Y1lZ//kOuvMjnk+hEWPWESq8lBzLOmQGBk65vaEH3LVZxSQVJbfG2E0dHgPZNgc
-hFOS8Oc6L6AfKlWHAT0ZCR5+1YsxxnlsftHzxiA0ayGCgpn2qcN+OPjfzPCtC80N
-6oXDLZM=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index 1c59bcfe5..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAuByYUPGv67XSQHjpfFjhuH/l/sMIQGhsFcO4ebYv7otSsjbH
-4gasmAOvEFxoIxkOG9IWFAHP1WyiqG3sOsyyfUg6wHl1FTe4Y3kHWZp0DvtT6CWn
-nxQwKibIhXfB3IPHRTcRG1zGN4J3Vl6IofIRlrl0K3NYUUofn0xMKAoShLjwuqq2
-eviX5NIQDOTnoga2C5Ed58hIc6/YWXzfg9EpB194tcCWmSj7yfq6ruD9xAh32ywd
-10fsi4tt3F/BWzXjySxBlBhvvh6kL/Nqa6OSWaXsvZqXmrYm+hm4LKkOZLZYzBqJ
-RpRm1rEhYqMg2u0SSSTXsNFuw+027n7Vt8+DzwIDAQABAoIBAQCMhpbjwXWLLd5r
-A18DYDv5PPXpvCdCMfG9swPNMnfnVUQrbpCmPn3iEX2/uShrEaapKXNclf1yY1bL
-xAr43mCmK0lcu9fX+A2vLyOjCrbm8IIcwRDt5NTWd3+6D6xSierBM8TE480PdW9s
-5v7WzRMLvkWjHIkekrsMNYozTWzRC6MgO99hzalWzKSeHHxlieoG7sN8KQ0hmwO+
-lMR6XDwrEnENbDbX//rbPjD4gdkqwAzCyf2IMNAHefAJUrjll2t1aQNknGwpDaAS
-g8Il7iAwIxoP2SrJ89K4Wq4Ifq+tLeX1sjwF0IESi41xNZZ/CrLiJbIPZSyBVRvx
-wwzObUPBAoGBAO6Gu2QaUoIZWpIL5TcAbQIGUx4FPKy2FbKWnU6VL9fmw8DGqKC0
-WX/CCSBmYHQyvlozutX4g8PI6YfgbbuPpgt/yJeLO+33PZK2Cps0//0EmEIvZ7ZM
-kOV+PRNuDIlKQNCaD8LdAcp0KSUc8vo3BAYArrjd1WZze85tqgAHmKR/AoGBAMWZ
-YkyQwBE0+W9P5gmGwuc+q2T3SjpGXjtzyo63K6ra892u49xIklfvNZ3PlgNbTSCo
-tTZLfwRu2uRhh2C8ZsjwfdpMAdT0BNCqEXtdp8JBJiNmrvY17NrSJnMginvu26qM
-QbsaF2Q1BV7OMZHvjgYrCqgokUGcJY6A0OlftjixAoGBALa3mPbOvyOP/nRgDl86
-wUZKyAL4Kgl3llluzOP0nmi6Cnwy8dvhK6oVXl5mbj603GJGvDnKnE0vK819WzHR
-kXW/lk6YRvk8avtm3esVB3+vtF8G52CbeGeEc47dv1av/cSOL8KrAAMxRo96hJqt
-6DQc87sDm8RWdKGmGhLZvtFLAoGAA+bJaBWblTtkiWwccKe2hXZZT/8J+iiVh7r7
-juHS/Oah1giz+w97xDy25EzK+3n8Bd8O5OmMsnu12riKQcC2jtUgxwSlLJ080xno
-inUI8O70X9KRNc9Ow+tOUwubcGMA91cZnSYgvBvH5V1Q4T7HoRuMdFGIvLDmlO+6
-MEFxiaECgYEAw7GqJYl2q6be56WANWA9ecNenr4+ekHZImpK0vb1bYD2LinfFNNK
-9jOHK2tK2jV3DgfUEieItz/uWV3iCJkIfErwu3ZS9qnDBu70OHGpsM1nXRUzZ0Ct
-5vOlBr5h6DMrP+ou/95yeraoibqs2kTUrAdkC80Yk5nbEHFDiD6cJcw=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index fac55d63b..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem b/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem
deleted file mode 100644
index fc769c1c9..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHzCCAwegAwIBAgIBJjANBgkqhkiG9w0BAQ0FADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTExMTAxNzEyNTAzMFoXDTE2MTAxNTEyNTAzMFowWDELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS01
-MTIxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCs5SBCzV3Is/w7CIzfBXRGv6uXwyDivRXXYsczeSRf
-5mw/slRVAEtNbX8rQ8BWLIqiJPCLDek5ODkqKI+hArZVpJqMzZyql2Teosrtnokb
-h/yA8EWtEr0jII2RxQ0xb8r25h+DwBosAM15B1rCAMmJOjbEMMBGmAb7y7N0K8nr
-Z8RctwrRdCGVcg+f+LFrklF1tBLs0zGIrJsk1eB0XbrB+fEPar9Lmn+/q2QHGPCt
-aOlR2ZxRsjqsYJW9yI8r33PVVm2aGmS/19UguEG8FC3owud0boHfP91/NvSIWfhP
-iIuDPjJOBPEJ/I6OYjYXXQuOZYwFGau2WrpNDQioPgedAgMBAAGjggEFMIIBATAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQU5re6olyWAt1HfN2l92Rb
-7DDCnxMwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
-BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
-dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdzd2Fu
-Lm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3Jn
-L3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBDQUAA4IBAQAtRPFMSuEnPmqeC2mF
-OE5N26r2p8HfB4FAPwarlg66IIvKvkk1zqn5YfZIXfMU/x5q+85aO31iQmjlAPpo
-KXqRq7V0a0ldjXEr+Tz7xG3jno989dBrD3kQZnwXR57xGt1qTVGY7uQdbgXWzVHM
-GYS6gjUw7Df9vAQcTfUxUpZc5wlDoiRrFkyPc1raFCZF3//Ig9agjO4r1SzPHYw7
-LrHJR1xkd0IWVTW8Z6xB14j452IiimhyK1zAR3zmh1vH9VuHDLHMhyjSl1R+gk5U
-KzDPaqXd4NA7eIQNiAhysYTXfmUYytbFNZw9bamxTxlCmca1snuTIcFM5OYOfxRT
-iKMh
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
deleted file mode 100644
index 900f73bac..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEArOUgQs1dyLP8OwiM3wV0Rr+rl8Mg4r0V12LHM3kkX+ZsP7JU
-VQBLTW1/K0PAViyKoiTwiw3pOTg5KiiPoQK2VaSajM2cqpdk3qLK7Z6JG4f8gPBF
-rRK9IyCNkcUNMW/K9uYfg8AaLADNeQdawgDJiTo2xDDARpgG+8uzdCvJ62fEXLcK
-0XQhlXIPn/ixa5JRdbQS7NMxiKybJNXgdF26wfnxD2q/S5p/v6tkBxjwrWjpUdmc
-UbI6rGCVvciPK99z1VZtmhpkv9fVILhBvBQt6MLndG6B3z/dfzb0iFn4T4iLgz4y
-TgTxCfyOjmI2F10LjmWMBRmrtlq6TQ0IqD4HnQIDAQABAoIBAG0+sa3EGdgxcdTT
-SD+7MIdroL7Z+rOKCnz32yp5BzTZYdi1k3fKIcqgv1PVEXjh2A8wDBWxCoavMd+j
-lW2FSzS+NzF00eMwmfnbHyIZpESTHkdSipQbXQsPDKTov7dXDgYHzi3vehoHv80T
-ipM+8BkXgXdh3nw8n10GjzN+X62v73pQxXooC2JrsxKPubB9NkX8UtcYddrmMQpr
-xOixBsk3VwkIh+3CatBPKJH/Ryk/U9rMU7F7KlAi+xHj3UF3iAvUwYVaJWAeWfci
-KP07cFxsar8Vgf2IK+sbZP6LPky1oiYq+VkIrgX6UPtyyrS60Bf7OFIy5I0Hmm8K
-b0rChbkCgYEA2B1IVtBmNBt/rCwqWgRLf4vW86JGgKAOx15hucPdA1NAHygNLdZC
-bcM6OkP1PEp1mpA0mDgYQQdggzsWKYuJjtf8MN9sZwi6SrRI2Y3OCy7SFLsyDNkz
-xkWo6b5/WGH+cEzVRVkD0RU97xjXudXzcwm1PA5goRcGNg1zdvOi0XsCgYEAzM3d
-tbq3txVh5EK3IeCsvtQGY4IFADdjaC2wgTeOlHo/nGoCB8TuFMN32MHqlmAdspJQ
-PojDKVZhhOknJQpBI1iYVYTJTIwtJM5CeY5gwhnrPVru4LJaa8zXTJdIeZ++nJFR
-Dawt5rsJ+f2yTzQWPm2Ywbril8KBVwqD4V9uQ8cCgYBk/foqJ6U7QIZ/TPxVqKAn
-cI/4tqK/xQxi+qYsi20i+qqCZNMT0oakiJETXWKi1CD1I+KQJ9advPbLHLeUnpKf
-4CsII8CivZ9g/bL1h6D79NtTuM8A1het1ivDX7Re9xxSGnWnvJtd/9E7hJ57R5JG
-9ghtkkJxxTKv28VTlzNFNQKBgDuQ4Jv7a3V3ZZpTARp8UyHJXvZQGY4/jcz+BOkA
-NJrgl2Gxv1dtImWtmEzV0Znc6KZIQch+VGzQb9qNSVJPkjRqjxvIXBfEaVjcGJ9s
-Fp49lZqpuPJnTT8vO6tOEMk2+eRlq3JTkqIZ4kPwUo0QtCuCCrzF0yOaca3UJBlH
-fTV/AoGAElXK1jYXzxJLTik9TW3Jl9w45GP572HAYVBc+gpCtvxVvr9V8qsiDST2
-hovbkEcG6o+rCAgHnzdCxpK0Avnb8yyu4yvBGTWowoBqF9Nyv2aZts83gRxEapZC
-Mc8u9QuIB0QCea13jgWWkkMLr9lt7kmVjR+Nch4lcF4RVqagEEE=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index 9031f323a..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA daveKey.pem
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 98d9a8749..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	strictcrlpolicy=no
-	crlcheckinterval=180
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert-sha224.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem
deleted file mode 100644
index bda4f528e..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha224.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIENDCCAxygAwIBAgIBJDANBgkqhkiG9w0BAQ4FADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTExMTAxNzEyNDUwN1oXDTE2MTAxNTEyNDUwN1owWDELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1NIQS0y
-MjQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDEPYW1tmcbkgNMcnOHXAKHlgL2k7r1+rVWJ/8NF9vI
-7MpQ8qomHPV3G00CYSQsCDgBVvK71pasiz+dsYdHAY28ihb2m/lsaSquwsb0Fexj
-hJiqaohcLJk0MjTDUdArh6iddvDAYMDkfApM49TaXNxdz0sffV5KOIH0hrQe0wsw
-P2p/SHTATNh3ebTLr8Y7dMKecxFrKQswZc+d7gvIftZXRvjsUprc77dDURGByPw3
-N+/23chuDXNNaxMylWQhmiTUne8tIyg0vtur3do5Dq1IqQKqvxSfBjRL6ZJU0/6l
-KuhChV0cSVd2H2zzovuke5XzHzUsoESWXWYK9qIEj2HRAgMBAAGjggEaMIIBFjAJ
-BgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNVHQ4EFgQUT4FJonJgeZBpFHc8iosc
-WWM+mPswbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJ
-BgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJz
-dHJvbmdTd2FuIFJvb3QgQ0GCAQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2Fu
-Lm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRw
-Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEB
-DgUAA4IBAQA60WN0QwQuFVYg/C156POjKENZP9CGF8NyiC/NUYqgbIrGGTTpwTxs
-pW/+YDG1tVtCkqtLGsO0uZRe8Ihs3afNsPMNlCiTCPgrs5erc4ZTv5MB7Ap2lyL5
-NSQ9SggICbQhkHQHP6TINtas9+FrAw10jWIa107DYLLC7Ea77Y5vryL6/ymrpwdL
-Vwm9kAkGYvm0lmzw6YfzPskKc3MpWnjBTraPG42Z8oWTEDJnBtS761k60lNwndKC
-JdRUxoOOegzsKIIzorRz9xCN2zA2CAeChqHMbBpNCRwl0dQ00ztXReONl97iNgw6
-NrdHsqCiH8Q+I2JCxU230Zl6UFKARLo+
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
deleted file mode 100644
index 51a33597e..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAxD2FtbZnG5IDTHJzh1wCh5YC9pO69fq1Vif/DRfbyOzKUPKq
-Jhz1dxtNAmEkLAg4AVbyu9aWrIs/nbGHRwGNvIoW9pv5bGkqrsLG9BXsY4SYqmqI
-XCyZNDI0w1HQK4eonXbwwGDA5HwKTOPU2lzcXc9LH31eSjiB9Ia0HtMLMD9qf0h0
-wEzYd3m0y6/GO3TCnnMRaykLMGXPne4LyH7WV0b47FKa3O+3Q1ERgcj8Nzfv9t3I
-bg1zTWsTMpVkIZok1J3vLSMoNL7bq93aOQ6tSKkCqr8UnwY0S+mSVNP+pSroQoVd
-HElXdh9s86L7pHuV8x81LKBEll1mCvaiBI9h0QIDAQABAoIBAEnZeTMb9ItslG81
-dwKOfqk1q+HNUIN3GLzWimYL/3sKmUyDNcLoDPwIux9VHT6wzRq79Nb5d3RxZrxa
-bbUsAYHdWazun5vLq/Nee26pvW7qHGWtd6lwYytAZZjHdhabk7nGY+2Ru6WAhIPR
-DW4rmgZ3lya/kDdQMp+p/ajH9SLvYdo8rc3e2a5pJJitR3iU9rFO8PRSD6is7ldr
-FxYDMWv+Latkscpku4fww8X6XlHo3u7usogs5FHjNePeJjNkzdj5X958OmzxN4JJ
-jKheFALXJuMYY/9MLWaygkZgWuD1yr8chBtH+kxJLqbv9/pBaQqehEDfGOgfPnQi
-OxccUS0CgYEA4VL/hsJvhziqd+MHryrYvPQgHZJf+ksMpRelD/zEJRjAGnyT2hDQ
-R1H9jKP689E6lhCire9ag79rkF4lOvVWpM4f1XOPwX9Oap93dRn5PZLCMKfmnuo7
-RSC3qsGRdzIB0j0e9XQXW3tzoSVJtASd0X7qMTujaWQef7hNPW/To9MCgYEA3vTk
-YQGARsJIjvF1xu7ut1NC1GyQbvDShylmrOBPTBRgzIEjWnifDH79BAXr9yTigqR/
-qHZhWC0bPPY2x6iFi4dTa30vNGqP61GU4HouQDZ/Lf7TXL7pTHRSihL3x9f2nIu+
-nyEhfrYomt0M960OHS5izXP/27vXItLTazshMUsCgYEAn3lOwOH8bYf9nrxgQ+nf
-XFysHkHrDArx+Caz/Iy5hkfuLtDdFAmyX8f33AJzKv16qZs8iD5Poc9pIdSAJSpf
-GGWKwlf39stThMM4mPi5HoswRZ+P6gl9yX9OftxhSCtsfpAjyTVREr5dKEBr2a0q
-xYs91XqQPZdOvraCdGkhMWECgYEAiQFTlYimmtSoYa5fAW+xoVW4q3BLEOFLfWMj
-hPgRwl6DXSe94cpdcgBW2jIJXkV8K2uKRqr4BocxRbTG1MnpxmPSDytN5pfU+HWZ
-Vpe99BeI72q31zY5hpG0ZsRhHpzHHkuBR6fEPWkSapeLcGcXVTc736R4hT5YZT3I
-TQx4ySECgYEArIxFy2zEbQH8znJoRwshSSanGovSCRxpoP+j5WHlccMQAjDhoFMg
-KLCXbbnNyM4qlvwHG4Z27Fgexvk5dPHYnQlW9A4YP4o6SFf6RnxW1ZdR/Kc4aY/6
-rXxt+Q0rf4qRKbTh90yDnc2YQj11g9BgvFliIM2GOTq8NUtjQVRgNm4=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index e86d6aa5c..000000000
--- a/testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
diff --git a/testing/tests/ikev1/strong-certs/posttest.dat b/testing/tests/ikev1/strong-certs/posttest.dat
deleted file mode 100644
index fc0fbeb38..000000000
--- a/testing/tests/ikev1/strong-certs/posttest.dat
+++ /dev/null
@@ -1,12 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-moon::rm /etc/ipsec.d/private/*
-carol::rm /etc/ipsec.d/private/*
-dave::rm /etc/ipsec.d/private/*
-moon::rm /etc/ipsec.d/certs/*
-carol::rm /etc/ipsec.d/certs/*
-dave::rm /etc/ipsec.d/certs/*
diff --git a/testing/tests/ikev1/strong-certs/pretest.dat b/testing/tests/ikev1/strong-certs/pretest.dat
deleted file mode 100644
index de51ccdfa..000000000
--- a/testing/tests/ikev1/strong-certs/pretest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-dave::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-carol::ipsec start
-dave::ipsec start
-carol::sleep 1
-carol::ipsec up home
-dave::ipsec up home
-carol::sleep 1 
diff --git a/testing/tests/ikev1/virtual-ip-swapped/description.txt b/testing/tests/ikev1/virtual-ip-swapped/description.txt
deleted file mode 100644
index 230906c5d..000000000
--- a/testing/tests/ikev1/virtual-ip-swapped/description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Same scenario as test <a href="../virtual-ip/"><b>virtual-ip</b></a> but with
-swapped end definitions:  <b>right</b> denotes the <b>local</b> side whereas
-<b>left</b> stands for the <b>remote</b> peer.
diff --git a/testing/tests/ikev1/virtual-ip-swapped/evaltest.dat b/testing/tests/ikev1/virtual-ip-swapped/evaltest.dat
deleted file mode 100644
index 23e109838..000000000
--- a/testing/tests/ikev1/virtual-ip-swapped/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/virtual-ip-swapped/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/virtual-ip-swapped/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index 4dfa345f4..000000000
--- a/testing/tests/ikev1/virtual-ip-swapped/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	right=PH_IP_CAROL
-	rightsourceip=PH_IP_CAROL1
-	rightcert=carolCert.pem
-	rightid=carol@strongswan.org
-	rightfirewall=yes
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/virtual-ip-swapped/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/virtual-ip-swapped/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index b65d7a690..000000000
--- a/testing/tests/ikev1/virtual-ip-swapped/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn rw
-	right=PH_IP_MOON
-	rightsourceip=PH_IP_MOON1
-	rightcert=moonCert.pem
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	rightfirewall=yes
-	leftsubnetwithin=10.3.0.0/16
-	left=%any
-	auto=add
diff --git a/testing/tests/ikev1/virtual-ip-swapped/posttest.dat b/testing/tests/ikev1/virtual-ip-swapped/posttest.dat
deleted file mode 100644
index 2116e86e0..000000000
--- a/testing/tests/ikev1/virtual-ip-swapped/posttest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
diff --git a/testing/tests/ikev1/virtual-ip-swapped/pretest.dat b/testing/tests/ikev1/virtual-ip-swapped/pretest.dat
deleted file mode 100644
index 4fe0ee90b..000000000
--- a/testing/tests/ikev1/virtual-ip-swapped/pretest.dat
+++ /dev/null
@@ -1,6 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
diff --git a/testing/tests/ikev1/virtual-ip-swapped/test.conf b/testing/tests/ikev1/virtual-ip-swapped/test.conf
deleted file mode 100644
index f106524e2..000000000
--- a/testing/tests/ikev1/virtual-ip-swapped/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/virtual-ip/description.txt b/testing/tests/ikev1/virtual-ip/description.txt
deleted file mode 100644
index 4ec6021ea..000000000
--- a/testing/tests/ikev1/virtual-ip/description.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. Both <b>carol</b>
-and <b>moon</b> define a static virtual IP using the <b>leftsourceip</b> parameter.
-<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
-the tunneled traffic. In order to test the tunnel, <b>carol</b> pings the client <b>alice</b>
-behind the gateway <b>moon</b> as well as the inner interface of the gateway. The source IP
-of the two pings will be the virtual IP <b>carol1</b>. Also thanks to its virtual IP <b>moon1</b>
-the gateway <b>moon</b> is able to ping <b>carol1</b> by using the existing subnet-subnet IPsec
-tunnel.
diff --git a/testing/tests/ikev1/virtual-ip/evaltest.dat b/testing/tests/ikev1/virtual-ip/evaltest.dat
deleted file mode 100644
index 23e109838..000000000
--- a/testing/tests/ikev1/virtual-ip/evaltest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/virtual-ip/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index e0ef16930..000000000
--- a/testing/tests/ikev1/virtual-ip/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=PH_IP_CAROL1
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
-
-
-
-
diff --git a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/virtual-ip/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 63a8c92b5..000000000
--- a/testing/tests/ikev1/virtual-ip/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn rw
-	left=PH_IP_MOON
-	leftsourceip=PH_IP_MOON1
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	rightsubnetwithin=10.3.0.0/16
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/virtual-ip/posttest.dat b/testing/tests/ikev1/virtual-ip/posttest.dat
deleted file mode 100644
index 2116e86e0..000000000
--- a/testing/tests/ikev1/virtual-ip/posttest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
diff --git a/testing/tests/ikev1/virtual-ip/pretest.dat b/testing/tests/ikev1/virtual-ip/pretest.dat
deleted file mode 100644
index 0b2ae8d2b..000000000
--- a/testing/tests/ikev1/virtual-ip/pretest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
-carol::sleep 1
diff --git a/testing/tests/ikev1/virtual-ip/test.conf b/testing/tests/ikev1/virtual-ip/test.conf
deleted file mode 100644
index f106524e2..000000000
--- a/testing/tests/ikev1/virtual-ip/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon alice"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/wildcards/description.txt b/testing/tests/ikev1/wildcards/description.txt
deleted file mode 100644
index e485f7066..000000000
--- a/testing/tests/ikev1/wildcards/description.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
-<b>venus</b> by means of wildcard parameters that must match the subject
-<b>Distinguished Name</b> contained in the peer's X.509 certificate. Access to
-<b>alice</b> is granted for DNs containing a OU=Research field whereas <b>venus</b>
-can only be reached with a DN containing OU=Accounting. The roadwarriors
-<b>carol</b> and <b>dave</b> belong to the departments 'Research' and 'Accounting',
-respectively. Therefore <b>carol</b> can access <b>alice</b> and <b>dave</b>
-can reach <b>venus</b>.
diff --git a/testing/tests/ikev1/wildcards/evaltest.dat b/testing/tests/ikev1/wildcards/evaltest.dat
deleted file mode 100644
index cbc94b75a..000000000
--- a/testing/tests/ikev1/wildcards/evaltest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/wildcards/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/wildcards/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index cf93bb231..000000000
--- a/testing/tests/ikev1/wildcards/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
-conn venus
-	rightsubnet=PH_IP_VENUS/32
-	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/wildcards/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/wildcards/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index 5f04445d2..000000000
--- a/testing/tests/ikev1/wildcards/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_DAVE
-	leftcert=daveCert.pem
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-
-conn alice
-	rightsubnet=PH_IP_ALICE/32
-	auto=add
-	
-conn venus
-	rightsubnet=PH_IP_VENUS/32
-	auto=add
-
-
-
-
-
diff --git a/testing/tests/ikev1/wildcards/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/wildcards/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 39b031551..000000000
--- a/testing/tests/ikev1/wildcards/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-
-conn alice
-	leftsubnet=PH_IP_ALICE/32
-	right=%any
-	rightid="C=CH, O=Linux strongSwan, OU=Research, CN=*"
-	auto=add
-
-conn venus
-	leftsubnet=PH_IP_VENUS/32
-	right=%any
-	rightid="C=CH, O=Linux strongSwan, OU=Accounting, CN=*"
-	auto=add
diff --git a/testing/tests/ikev1/wildcards/posttest.dat b/testing/tests/ikev1/wildcards/posttest.dat
deleted file mode 100644
index ed530f6d9..000000000
--- a/testing/tests/ikev1/wildcards/posttest.dat
+++ /dev/null
@@ -1,3 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
diff --git a/testing/tests/ikev1/wildcards/pretest.dat b/testing/tests/ikev1/wildcards/pretest.dat
deleted file mode 100644
index 67c50c2ef..000000000
--- a/testing/tests/ikev1/wildcards/pretest.dat
+++ /dev/null
@@ -1,9 +0,0 @@
-moon::echo 1 > /proc/sys/net/ipv4/ip_forward
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up alice
-carol::ipsec up venus
-dave::ipsec up venus
-dave::ipsec up alice
diff --git a/testing/tests/ikev1/wildcards/test.conf b/testing/tests/ikev1/wildcards/test.conf
deleted file mode 100644
index 08e5cc145..000000000
--- a/testing/tests/ikev1/wildcards/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/wlan/description.txt b/testing/tests/ikev1/wlan/description.txt
deleted file mode 100644
index e018148bd..000000000
--- a/testing/tests/ikev1/wlan/description.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-The WLAN clients <b>alice</b> and <b>venus</b> secure all their wireless traffic
-by setting up an IPsec tunnel to gateway <b>moon</b>. The VPN network mask is
-<b>0.0.0.0/0</b>. Traffic with destination outside the protected 10.1.0.0/10 network
-is NAT-ed by router <b>moon</b>. The IPsec connections are tested by pings from
-<b>alice</b> to <b>venus</b> tunneled  via <b>moon</b> and to both the internal
-and external interface of gateway <b>moon</b>. Access to the gateway is
-set up by <b>lefthostaccess=yes</b> in conjunction with <b>leftfirewall=yes</b>.
-At last <b>alice</b> and <b>venus</b> ping the external host <b>sun</b> via the NAT router.
-<p>
-The host system controls the UML instances <b>alice</b> and <b>carol</b> via
-ssh commands sent over the virtual <b>tap1</b> interface. In order to keep up 
-the control flow in the presence of the all-encompassing 0.0.0.0/0 tunnel
-to the gateway <b>moon</b> an auxiliary <b>passthrough</b> eroute restricted
-to the ssh port is statically set up by <b>conn system</b>.
-
diff --git a/testing/tests/ikev1/wlan/evaltest.dat b/testing/tests/ikev1/wlan/evaltest.dat
deleted file mode 100644
index 079ac4429..000000000
--- a/testing/tests/ikev1/wlan/evaltest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-alice::ipsec status::wlan.*STATE_QUICK_I2.*IPsec SA established::YES
-venus::ipsec status::wlan.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::alice.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::venus.*STATE_QUICK_R2.*IPsec SA established::YES
-alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
-alice::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
-venus::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
-moon::tcpdump::ESP::YES
-sun::tcpdump::ICMP::YES
diff --git a/testing/tests/ikev1/wlan/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/wlan/hosts/alice/etc/init.d/iptables
deleted file mode 100755
index 86a76e2db..000000000
--- a/testing/tests/ikev1/wlan/hosts/alice/etc/init.d/iptables
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-        # allow esp
-        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/wlan/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/wlan/hosts/alice/etc/ipsec.conf
deleted file mode 100755
index e3cf9b15d..000000000
--- a/testing/tests/ikev1/wlan/hosts/alice/etc/ipsec.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn system
-	left=PH_IP_ALICE
-	leftprotoport=tcp/ssh
-	authby=never
-	type=passthrough
-	right=10.1.0.254
-	rightprotoport=tcp
-	auto=route
-
-conn wlan 
-	left=PH_IP_ALICE
-	leftcert=aliceCert.pem
-	leftid=alice@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON1
-	rightid=@moon.strongswan.org
-	rightsubnet=0.0.0.0/0
-	auto=add
-
diff --git a/testing/tests/ikev1/wlan/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/wlan/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index e95ef44c6..000000000
--- a/testing/tests/ikev1/wlan/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth1 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
-
-        # allow crl fetch from winnetou
-	iptables -A INPUT   -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A FORWARD -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A FORWARD -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT  -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-	
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	# enable SNAT
-	iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p icmp -j SNAT --to-source PH_IP_MOON
-	iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -p tcp  -j SNAT --to-source PH_IP_MOON:2000-2100
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/wlan/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/wlan/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 61ce28e6b..000000000
--- a/testing/tests/ikev1/wlan/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn alice
-	right=PH_IP_ALICE
-	rightid=alice@strongswan.org
-	also=wlan
-	auto=add
-
-conn venus
-	right=PH_IP_VENUS
-	rightid=@venus.strongswan.org
-	also=wlan
-	auto=add
-
-conn wlan
-        left=PH_IP_MOON1
-	leftsubnet=0.0.0.0/0
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftfirewall=yes
-	lefthostaccess=yes
-
diff --git a/testing/tests/ikev1/wlan/hosts/venus/etc/init.d/iptables b/testing/tests/ikev1/wlan/hosts/venus/etc/init.d/iptables
deleted file mode 100755
index 6f95e7576..000000000
--- a/testing/tests/ikev1/wlan/hosts/venus/etc/init.d/iptables
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-				
-				# allow IKE
-        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/tests/ikev1/wlan/hosts/venus/etc/ipsec.conf b/testing/tests/ikev1/wlan/hosts/venus/etc/ipsec.conf
deleted file mode 100755
index fa2dc953e..000000000
--- a/testing/tests/ikev1/wlan/hosts/venus/etc/ipsec.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-
-conn system
-	left=PH_IP_VENUS
-	leftprotoport=tcp/ssh
-	authby=never
-	type=passthrough
-	right=10.1.0.254
-	rightprotoport=tcp
-	auto=route
-
-conn wlan 
-	left=PH_IP_VENUS
-	leftcert=venusCert.pem
-	leftid=@venus.strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON1
-	rightid=@moon.strongswan.org
-	rightsubnet=0.0.0.0/0
-	auto=add
-
diff --git a/testing/tests/ikev1/wlan/posttest.dat b/testing/tests/ikev1/wlan/posttest.dat
deleted file mode 100644
index 6bd2379d8..000000000
--- a/testing/tests/ikev1/wlan/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-moon::iptables -t nat -v -n -L POSTROUTING
-moon::ipsec stop
-alice::ipsec stop
-venus::ipsec stop
-alice::/etc/init.d/iptables stop 2> /dev/null
-venus::/etc/init.d/iptables stop 2> /dev/null
-moon::/etc/init.d/iptables stop 2> /dev/null
-moon::conntrack -F
diff --git a/testing/tests/ikev1/wlan/pretest.dat b/testing/tests/ikev1/wlan/pretest.dat
deleted file mode 100644
index de4a6ad31..000000000
--- a/testing/tests/ikev1/wlan/pretest.dat
+++ /dev/null
@@ -1,11 +0,0 @@
-moon::/etc/init.d/iptables start 2> /dev/null
-alice::/etc/init.d/iptables start 2> /dev/null
-venus::/etc/init.d/iptables start 2> /dev/null
-moon::ipsec start
-alice::ipsec start
-venus::ipsec start
-alice::sleep 2 
-alice::ipsec up wlan 
-venus::sleep 2 
-venus::ipsec up wlan
-venus::sleep 2
diff --git a/testing/tests/ikev1/wlan/test.conf b/testing/tests/ikev1/wlan/test.conf
deleted file mode 100644
index b141c4f1b..000000000
--- a/testing/tests/ikev1/wlan/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon winnetou sun"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-w-s-b.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="moon:eth1 sun"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="alice venus moon"
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt b/testing/tests/ikev1/xauth-id-psk-config/description.txt
similarity index 95%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/description.txt
rename to testing/tests/ikev1/xauth-id-psk-config/description.txt
index 191011747..fc417e416 100644
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt
+++ b/testing/tests/ikev1/xauth-id-psk-config/description.txt
@@ -2,7 +2,7 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>
 The authentication is based on Pre-Shared Keys (<b>PSK</b>)
 followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
 based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a
-<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%modeconfig</b>
+<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%config</b>
 parameter. The virtual IP addresses are registered under the users' XAUTH identity. 
 <p>
 Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
diff --git a/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat
new file mode 100644
index 000000000..02ed911ba
--- /dev/null
+++ b/testing/tests/ikev1/xauth-id-psk-config/evaltest.dat
@@ -0,0 +1,24 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.100].*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*\[192.168.0.200].*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*\[192.168.0.100]::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*\[192.168.0.200]::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
similarity index 77%
rename from testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
index da1a10513..dfeaab80d 100644
--- a/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -16,8 +13,11 @@ conn %default
 
 conn home
 	left=PH_IP_CAROL
+	leftid=PH_IP_CAROL
+	leftsourceip=%config
 	leftfirewall=yes
 	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
 	xauth_identity=carol
 	auto=add
diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
new file mode 100644
index 000000000..e2cea4e3d
--- /dev/null
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/ipsec.secrets
@@ -0,0 +1,9 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq
+
+@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
+
+@sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5
+
+carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..1fb5d14b1
--- /dev/null
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
similarity index 77%
rename from testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
index 3a4b75af6..8f92870a0 100644
--- a/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -16,8 +13,11 @@ conn %default
 
 conn home
 	left=PH_IP_DAVE
+	leftid=PH_IP_DAVE
+	leftsourceip=%config
 	leftfirewall=yes
 	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
 	xauth_identity=dave
 	auto=add
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets
rename to testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..1fb5d14b1
--- /dev/null
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic resolve kernel-netlink socket-default stroke updown
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
similarity index 81%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
index 452187f11..cdafdb76e 100644
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets
rename to testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
similarity index 52%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf
rename to testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
index 089467da4..422538cec 100644
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
@@ -1,13 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth attr kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic attr kernel-netlink socket-default stroke updown
   dns1 = 192.168.0.150
   dns2 = 10.1.0.20
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/posttest.dat b/testing/tests/ikev1/xauth-id-psk-config/posttest.dat
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/posttest.dat
rename to testing/tests/ikev1/xauth-id-psk-config/posttest.dat
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/pretest.dat b/testing/tests/ikev1/xauth-id-psk-config/pretest.dat
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/pretest.dat
rename to testing/tests/ikev1/xauth-id-psk-config/pretest.dat
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/test.conf b/testing/tests/ikev1/xauth-id-psk-config/test.conf
similarity index 100%
rename from testing/tests/ikev1/xauth-id-psk-mode-config/test.conf
rename to testing/tests/ikev1/xauth-id-psk-config/test.conf
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat b/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat
deleted file mode 100644
index 4552cfe61..000000000
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat
+++ /dev/null
@@ -1,16 +0,0 @@
-carol::cat /var/log/auth.log::extended authentication was successful::YES
-dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::ipsec leases rw 10.3.0.1::carol::YES
-moon::ipsec leases rw 10.3.0.2::dave::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index b7402d24b..000000000
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthpsk
-
-conn home
-	left=PH_IP_CAROL
-	leftid=carol@strongswan.org
-	leftsourceip=%modeconfig
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	xauth_identity=carol
-	auto=add
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index e5adf3e8e..000000000
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,9 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-carol@strongswan.org @dave.strongswan.org : PSK 0sqc1FhzwoUSbpjYUSp8I6qUdxDacxLCTq
-
-carol@strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-carol@strongswan.org @sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5
-
-carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index e3f377d18..000000000
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 8f9226dd1..000000000
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthpsk
-
-conn home
-	left=PH_IP_DAVE
-	leftid=dave@strongswan.org
-	leftsourceip=%modeconfig
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightid=@moon.strongswan.org
-	rightsubnet=10.1.0.0/16
-	xauth_identity=dave
-	auto=add
diff --git a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index e3f377d18..000000000
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth resolve kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-psk/description.txt b/testing/tests/ikev1/xauth-id-psk/description.txt
deleted file mode 100644
index 0ac2043c2..000000000
--- a/testing/tests/ikev1/xauth-id-psk/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
-The authentication is based on Pre-Shared Keys (<b>PSK</b>)
-followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
-based on user names and passwords.
-<p>
-Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
-inserts iptables-based firewall rules that let pass the tunneled traffic.
-In order to test both tunnel and firewall, <b>carol</b> and <b>dave</b> ping the client
-<b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/xauth-id-psk/evaltest.dat b/testing/tests/ikev1/xauth-id-psk/evaltest.dat
deleted file mode 100644
index b019f8d76..000000000
--- a/testing/tests/ikev1/xauth-id-psk/evaltest.dat
+++ /dev/null
@@ -1,14 +0,0 @@
-carol::cat /var/log/auth.log::extended authentication was successful::YES
-dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::cat /var/log/auth.log::xauth user name is .*carol::YES
-moon::cat /var/log/auth.log::xauth user name is .*dave::YES
-moon::cat /var/log/auth.log::extended authentication was successful::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 7a272a371..000000000
--- a/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-carol : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index c9eb0bc97..000000000
--- a/testing/tests/ikev1/xauth-id-psk/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/ipsec.secrets
deleted file mode 100644
index 25e8c2796..000000000
--- a/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/ipsec.secrets
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-dave : XAUTH "ryftzG4A" 
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index c9eb0bc97..000000000
--- a/testing/tests/ikev1/xauth-id-psk/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/ipsec.conf
deleted file mode 100644
index 850ea561b..000000000
--- a/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthpsk
-	xauth=server
-
-conn rw
-	left=PH_IP_MOON
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 3f86fa594..000000000
--- a/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,7 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-PH_IP_MOON %any : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
-
-carol : XAUTH "4iChxLT3"
-
-dave  : XAUTH "ryftzG4A"
diff --git a/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index c9eb0bc97..000000000
--- a/testing/tests/ikev1/xauth-id-psk/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-id-rsa/evaltest.dat b/testing/tests/ikev1/xauth-id-rsa/evaltest.dat
index b019f8d76..5b021a09a 100644
--- a/testing/tests/ikev1/xauth-id-rsa/evaltest.dat
+++ b/testing/tests/ikev1/xauth-id-rsa/evaltest.dat
@@ -1,13 +1,15 @@
-carol::cat /var/log/auth.log::extended authentication was successful::YES
-dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::cat /var/log/auth.log::xauth user name is .*carol::YES
-moon::cat /var/log/auth.log::xauth user name is .*dave::YES
-moon::cat /var/log/auth.log::extended authentication was successful::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave.*successful::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf
index be62c2b8f..aa861be93 100644
--- a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf
index c09fb3c2c..e1f02f6f8 100644
--- a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf
index 251041443..a981739b8 100644
--- a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-psk/evaltest.dat b/testing/tests/ikev1/xauth-psk/evaltest.dat
index 786043065..988a6c541 100644
--- a/testing/tests/ikev1/xauth-psk/evaltest.dat
+++ b/testing/tests/ikev1/xauth-psk/evaltest.dat
@@ -1,13 +1,15 @@
-carol::cat /var/log/auth.log::extended authentication was successful::YES
-dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
-moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
-moon::cat /var/log/auth.log::extended authentication was successful::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/ipsec.conf
index 1c7d7002e..9befe747b 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -19,6 +16,6 @@ conn home
 	leftid=carol@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
-	rightid=moon.strongswan.org
 	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
index c9eb0bc97..61260f891 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/ipsec.conf
index 782c160c9..fbd777755 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -19,6 +16,6 @@ conn home
 	leftid=dave@strongswan.org
 	leftfirewall=yes
 	right=PH_IP_MOON
-	rightid=moon.strongswan.org
 	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
 	auto=add
diff --git a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
index c9eb0bc97..61260f891 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/ipsec.conf
index 595e6588c..2b9a83719 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -17,7 +14,7 @@ conn %default
 
 conn rw
 	left=PH_IP_MOON
-	leftid=moon.strongswan.org
+	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
 	right=%any
diff --git a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
index c9eb0bc97..61260f891 100644
--- a/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac gmp random nonce xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/description.txt b/testing/tests/ikev1/xauth-rsa-config/description.txt
similarity index 94%
rename from testing/tests/ikev1/xauth-rsa-mode-config/description.txt
rename to testing/tests/ikev1/xauth-rsa-config/description.txt
index aa2b31542..1ada58fbe 100644
--- a/testing/tests/ikev1/xauth-rsa-mode-config/description.txt
+++ b/testing/tests/ikev1/xauth-rsa-config/description.txt
@@ -3,7 +3,7 @@ The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509 certif
 followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
 based on user names and passwords. Next both <b>carol</b> and <b>dave</b> request a
 <b>virtual IP</b> via the IKE Mode Config protocol by using the
-<b>leftsourceip=%modeconfig</b> parameter.
+<b>leftsourceip=%config</b> parameter.
 <p>
 Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
 inserts iptables-based firewall rules that let pass the tunneled traffic.
diff --git a/testing/tests/ikev1/xauth-rsa-config/evaltest.dat b/testing/tests/ikev1/xauth-rsa-config/evaltest.dat
new file mode 100644
index 000000000..e3b4edeeb
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa-config/evaltest.dat
@@ -0,0 +1,20 @@
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-carol.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw-dave.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.1 to peer.*carol@strongswan.org::YES
+moon:: cat /var/log/daemon.log::assigning virtual IP 10.3.0.2 to peer.*dave@strongswan.org::YES
+carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
+dave:: cat /var/log/daemon.log::installing new virtual IP 10.3.0.2::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf
old mode 100755
new mode 100644
similarity index 82%
rename from testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.conf
rename to testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf
index 186d8e121..b27b3bc01
--- a/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -16,6 +13,7 @@ conn %default
 
 conn home
 	left=PH_IP_CAROL
+	leftsourceip=%config
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	leftfirewall=yes
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
similarity index 100%
rename from testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/ipsec.secrets
rename to testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/ipsec.secrets
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa-config/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf
old mode 100755
new mode 100644
similarity index 79%
rename from testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/ipsec.conf
rename to testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf
index e1c864e58..ec5842e3a
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-	plutodebug=control
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -12,7 +9,7 @@ conn %default
 	rekeymargin=3m
 	keyingtries=1
 	keyexchange=ikev1
-	modeconfig=push
+	authby=xauthrsasig
 
 conn home
 	left=PH_IP_DAVE
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
similarity index 100%
rename from testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/ipsec.secrets
rename to testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/ipsec.secrets
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa-config/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf
similarity index 75%
rename from testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/ipsec.conf
rename to testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf
index 0a65acb5d..2dff01480 100644
--- a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug="control"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
@@ -27,5 +24,6 @@ conn rw-carol
 	rightsourceip=PH_IP_CAROL1
 
 conn rw-dave
-	rightid=dave@strongswan.org
-	rightsourceip=PH_IP_DAVE1
+ 	rightid=dave@strongswan.org
+ 	rightsourceip=PH_IP_DAVE1
+
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
similarity index 100%
rename from testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/ipsec.secrets
rename to testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/ipsec.secrets
diff --git a/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..5cd9bf11e
--- /dev/null
+++ b/testing/tests/ikev1/xauth-rsa-config/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
+}
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/mode-config-multiple/posttest.dat b/testing/tests/ikev1/xauth-rsa-config/posttest.dat
similarity index 68%
rename from testing/tests/ikev1/mode-config-multiple/posttest.dat
rename to testing/tests/ikev1/xauth-rsa-config/posttest.dat
index 42fa8359b..7cebd7f25 100644
--- a/testing/tests/ikev1/mode-config-multiple/posttest.dat
+++ b/testing/tests/ikev1/xauth-rsa-config/posttest.dat
@@ -4,5 +4,3 @@ dave::ipsec stop
 moon::/etc/init.d/iptables stop 2> /dev/null
 carol::/etc/init.d/iptables stop 2> /dev/null
 dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/pretest.dat b/testing/tests/ikev1/xauth-rsa-config/pretest.dat
similarity index 100%
rename from testing/tests/ikev1/xauth-rsa-mode-config/pretest.dat
rename to testing/tests/ikev1/xauth-rsa-config/pretest.dat
diff --git a/testing/tests/ikev1/ip-pool-db-push/test.conf b/testing/tests/ikev1/xauth-rsa-config/test.conf
similarity index 94%
rename from testing/tests/ikev1/ip-pool-db-push/test.conf
rename to testing/tests/ikev1/xauth-rsa-config/test.conf
index 1a8f2a4e0..70416826e 100644
--- a/testing/tests/ikev1/ip-pool-db-push/test.conf
+++ b/testing/tests/ikev1/xauth-rsa-config/test.conf
@@ -13,7 +13,7 @@ DIAGRAM="a-m-c-w-d.png"
 
 # UML instances on which tcpdump is to be started
 #
-TCPDUMPHOSTS="moon alice"
+TCPDUMPHOSTS="moon"
 
 # UML instances on which IPsec is started
 # Used for IPsec logging purposes
diff --git a/testing/tests/ikev1/xauth-rsa-fail/description.txt b/testing/tests/ikev1/xauth-rsa-fail/description.txt
deleted file mode 100644
index 98d85f30b..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/description.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
-The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509
-certificates followed by extended authentication (<b>XAUTH</b>) based
-on user name and password. Because user <b>carol</b> presents a wrong
-XAUTH password the IKE negotiation is aborted and the ISAKMP SA is deleted.
diff --git a/testing/tests/ikev1/xauth-rsa-fail/evaltest.dat b/testing/tests/ikev1/xauth-rsa-fail/evaltest.dat
deleted file mode 100644
index 0bcef388d..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/evaltest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-carol::cat /var/log/auth.log::extended authentication failed::YES
-moon::cat /var/log/auth.log::extended authentication failed::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 13e6e0656..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
-
-carol@strongswan.org : XAUTH "4iChxLT8" 
diff --git a/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index de1cbb134..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 251041443..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthrsasig
-	xauth=server
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2586f5f39..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index de1cbb134..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-fail/posttest.dat b/testing/tests/ikev1/xauth-rsa-fail/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/xauth-rsa-fail/pretest.dat b/testing/tests/ikev1/xauth-rsa-fail/pretest.dat
deleted file mode 100644
index 4ac57ab16..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2 
-carol::ipsec up home
-carol::sleep 1
diff --git a/testing/tests/ikev1/xauth-rsa-fail/test.conf b/testing/tests/ikev1/xauth-rsa-fail/test.conf
deleted file mode 100644
index 5442565f8..000000000
--- a/testing/tests/ikev1/xauth-rsa-fail/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/evaltest.dat b/testing/tests/ikev1/xauth-rsa-mode-config/evaltest.dat
deleted file mode 100644
index 15dd054a0..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/evaltest.dat
+++ /dev/null
@@ -1,18 +0,0 @@
-carol::cat /var/log/auth.log::extended authentication was successful::YES
-dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::cat /var/log/auth.log::carol.*extended authentication was successful::YES
-moon::cat /var/log/auth.log::dave.*extended authentication was successful::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::dave.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
-alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
-alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
-alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/ipsec.conf
deleted file mode 100644
index ca2df4b28..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthrsasig
-
-conn home
-	left=PH_IP_CAROL
-	leftsourceip=%modeconfig
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index de1cbb134..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/ipsec.conf
deleted file mode 100644
index 079c6b0d5..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthrsasig
-
-conn home
-	left=PH_IP_DAVE
-	leftsourceip=%modeconfig
-	leftcert=daveCert.pem
-	leftid=dave@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index de1cbb134..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index de1cbb134..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/posttest.dat b/testing/tests/ikev1/xauth-rsa-mode-config/posttest.dat
deleted file mode 100644
index f90d222b5..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/posttest.dat
+++ /dev/null
@@ -1,8 +0,0 @@
-carol::ipsec stop
-dave::ipsec stop
-moon::ipsec stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-carol::/etc/init.d/iptables stop 2> /dev/null
-dave::/etc/init.d/iptables stop 2> /dev/null
-carol::ip addr del PH_IP_CAROL1/32 dev eth0
-dave::ip addr del PH_IP_DAVE1/32 dev eth0
diff --git a/testing/tests/ikev1/xauth-rsa-mode-config/test.conf b/testing/tests/ikev1/xauth-rsa-mode-config/test.conf
deleted file mode 100644
index 75510b295..000000000
--- a/testing/tests/ikev1/xauth-rsa-mode-config/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS="alice moon"
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/description.txt b/testing/tests/ikev1/xauth-rsa-nosecret/description.txt
deleted file mode 100644
index a6fe82330..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/description.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
-The authentication is based on RSA signatures (<b>RSASIG</b>) using X.509
-certificates followed by extended authentication (<b>XAUTH</b>) based
-on user name and password. Because user <b>carol</b> cannot find her 
-XAUTH credentials in ipsec.secrets, the IKE negotiation is aborted and the
-ISAKMP SA is deleted.
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/evaltest.dat b/testing/tests/ikev1/xauth-rsa-nosecret/evaltest.dat
deleted file mode 100644
index ddbb3ae2d..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/evaltest.dat
+++ /dev/null
@@ -1,4 +0,0 @@
-carol::cat /var/log/auth.log::xauth user credentials not found::YES
-moon::cat /var/log/auth.log::received FAIL status in XAUTH reply::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index fc86bab41..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control controlmore"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthrsasig
-
-conn home
-	left=PH_IP_CAROL
-	leftcert=carolCert.pem
-	leftid=carol@strongswan.org
-	leftfirewall=yes
-	right=PH_IP_MOON
-	rightsubnet=10.1.0.0/16
-	rightid=@moon.strongswan.org
-	auto=add
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index 6a2aea811..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index de1cbb134..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index e2709cdf1..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
-	plutodebug="control controlmore"
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
-
-conn %default
-	ikelifetime=60m
-	keylife=20m
-	rekeymargin=3m
-	keyingtries=1
-	keyexchange=ikev1
-	authby=xauthrsasig
-	xauth=server
-
-conn rw
-	left=PH_IP_MOON
-	leftcert=moonCert.pem
-	leftid=@moon.strongswan.org
-	leftsubnet=10.1.0.0/16
-	leftfirewall=yes
-	right=%any
-	auto=add
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.secrets
deleted file mode 100644
index 2586f5f39..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.secrets
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA moonKey.pem
-
-carol@strongswan.org : XAUTH "4iChxLT3" 
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index de1cbb134..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
-  dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/posttest.dat b/testing/tests/ikev1/xauth-rsa-nosecret/posttest.dat
deleted file mode 100644
index c6d6235f9..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/posttest.dat
+++ /dev/null
@@ -1,2 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat b/testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat
deleted file mode 100644
index 89e487ad3..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat
+++ /dev/null
@@ -1,5 +0,0 @@
-carol::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up home
-carol::sleep 1
diff --git a/testing/tests/ikev1/xauth-rsa-nosecret/test.conf b/testing/tests/ikev1/xauth-rsa-nosecret/test.conf
deleted file mode 100644
index 5442565f8..000000000
--- a/testing/tests/ikev1/xauth-rsa-nosecret/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice moon carol winnetou"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-m-c-w.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/xauth-rsa/evaltest.dat b/testing/tests/ikev1/xauth-rsa/evaltest.dat
index 786043065..988a6c541 100644
--- a/testing/tests/ikev1/xauth-rsa/evaltest.dat
+++ b/testing/tests/ikev1/xauth-rsa/evaltest.dat
@@ -1,13 +1,15 @@
-carol::cat /var/log/auth.log::extended authentication was successful::YES
-dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::cat /var/log/auth.log::xauth user name is .*carol@strongswan.org::YES
-moon::cat /var/log/auth.log::xauth user name is .*dave@strongswan.org::YES
-moon::cat /var/log/auth.log::extended authentication was successful::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave.strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*carol@strongswan.org.*successful::YES
+moon:: cat /var/log/daemon.log::XAuth authentication of.*dave@strongswan.org.*successful::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
 moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
 moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf
index 186d8e121..8cf84711e 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf
index 478e732ae..bb11eb989 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
index 251041443..a981739b8 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf
@@ -1,10 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
+	plutostart=no
 
 conn %default
 	ikelifetime=60m
diff --git a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
index de1cbb134..5cd9bf11e 100644
--- a/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl xauth kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation gmp random nonce curl xauth-generic kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }