Added tnc/tnccs-20-pt-tls scenario
This commit is contained in:
parent
bc1876bc9a
commit
85aa509e84
|
@ -0,0 +1,3 @@
|
|||
The hosts <b>moon</b> and <b>sun</b> do mutual TNC measurements over IKEv2-EAP
|
||||
using the PA-TNC, PB-TNC and PT-EAP protocols. The authentication is based on
|
||||
X.509 certificates.
|
|
@ -1,3 +1,5 @@
|
|||
moon::cat /var/log/daemon.log::activating mutual PB-TNC half duplex protocol::YES
|
||||
sun:: cat /var/log/daemon.log::activating mutual PB-TNC half duplex protocol::YES
|
||||
moon::cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES
|
||||
sun:: cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES
|
||||
moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = openssl pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
|
||||
load = x509 openssl pem pkcs1 random nonce curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
|
||||
|
||||
multiple_authentication = no
|
||||
plugins {
|
|
@ -1,7 +1,7 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = openssl pem pkcs1 random nonce x509 curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
|
||||
load = x509 openssl pem pkcs1 random nonce curl revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-tnccs tnc-imc tnc-imv tnccs-20 updown
|
||||
|
||||
multiple_authentication = no
|
||||
plugins {
|
|
@ -0,0 +1,3 @@
|
|||
The hosts <b>moon</b> and <b>sun</b> do mutual TNC measurements using the
|
||||
PA-TNC, PB-TNC and PT-TLS protocols. The authentication is based on
|
||||
X.509 certificates.
|
|
@ -0,0 +1,6 @@
|
|||
moon::cat /var/log/auth.log::PT-TLS authentication complete::YES
|
||||
sun:: cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
|
||||
moon::cat /var/log/auth.log::activating mutual PB-TNC half duplex protocol::YES
|
||||
sun:: cat /var/log/daemon.log::activating mutual PB-TNC half duplex protocol::YES
|
||||
moon::cat /var/log/auth.log::PB-TNC access recommendation is.*Access Allowed::YES
|
||||
sun:: cat /var/log/daemon.log::PB-TNC access recommendation is.*Access Allowed::YES
|
|
@ -0,0 +1,3 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
/* configuration is read from /etc/pts/options */
|
|
@ -0,0 +1,8 @@
|
|||
--connect sun.strongswan.org
|
||||
--client moon.strongswan.org
|
||||
--key /etc/ipsec.d/private/moonKey.pem
|
||||
--cert /etc/ipsec.d/certs/moonCert.pem
|
||||
--cert /etc/ipsec.d/cacerts/strongswanCert.pem
|
||||
--mutual
|
||||
--quiet
|
||||
--debug 2
|
|
@ -0,0 +1,16 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
pt-tls-client {
|
||||
load = x509 openssl pem pkcs1 random nonce revocation curl tnc-tnccs tnc-imc tnc-imv tnccs-20
|
||||
}
|
||||
|
||||
libimcv {
|
||||
plugins {
|
||||
imc-test {
|
||||
command = allow
|
||||
}
|
||||
imv-test {
|
||||
rounds = 1
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
#IMC/IMV configuration file for strongSwan endpoint
|
||||
|
||||
IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so
|
||||
IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so
|
|
@ -0,0 +1,9 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
charondebug="tnc 2, imc 2, imv 2"
|
||||
|
||||
conn pdp
|
||||
leftcert=sunCert.pem
|
||||
leftid=sun.strongswan.org
|
||||
auto=add
|
|
@ -0,0 +1,28 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = x509 openssl pem pkcs1 random nonce curl revocation stroke kernel-netlink socket-default tnc-pdp tnc-tnccs tnc-imc tnc-imv tnccs-20
|
||||
|
||||
plugins {
|
||||
tnc-pdp {
|
||||
server = sun.strongswan.org
|
||||
radius {
|
||||
enable = no
|
||||
}
|
||||
}
|
||||
tnccs-20 {
|
||||
mutual = yes
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
plugins {
|
||||
imc-test {
|
||||
command = allow
|
||||
}
|
||||
imv-test {
|
||||
rounds = 1
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
#IMC/IMV configuration file for strongSwan endpoint
|
||||
|
||||
IMC "Test" /usr/local/lib/ipsec/imcvs/imc-test.so
|
||||
IMV "Test" /usr/local/lib/ipsec/imcvs/imv-test.so
|
|
@ -0,0 +1 @@
|
|||
sun::ipsec stop
|
|
@ -0,0 +1,4 @@
|
|||
sun::ipsec start
|
||||
moon::cat /etc/pts/options
|
||||
moon::sleep 1
|
||||
moon::ipsec pt-tls-client --optionsfrom /etc/pts/options
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# This configuration file provides information on the
|
||||
# guest instances used for this test
|
||||
|
||||
# All guest instances that are required for this test
|
||||
#
|
||||
VIRTHOSTS="moon winnetou sun"
|
||||
|
||||
# Corresponding block diagram
|
||||
#
|
||||
DIAGRAM="m-w-s.png"
|
||||
|
||||
# Guest instances on which tcpdump is to be started
|
||||
#
|
||||
TCPDUMPHOSTS="sun"
|
||||
|
||||
# Guest instances on which IPsec is started
|
||||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon sun"
|
|
@ -1,3 +0,0 @@
|
|||
The hosts <b>moon</b> and <b>sun</b> do mutual TNC measurements using the
|
||||
PA-TNC, PB-TNC and PT-EAP protocols. The authentication is based on X.509
|
||||
certificates.
|
Loading…
Reference in New Issue