From 8f834c16ae91f98258af3cfde51dd19eb6eb4114 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Sat, 5 May 2012 11:55:48 +0200 Subject: [PATCH] upgraded pfkey scenarios to 5.0.0 --- testing/tests/pfkey/alg-aes-xcbc/evaltest.dat | 17 ++++++++-------- .../alg-aes-xcbc/hosts/carol/etc/ipsec.conf | 2 -- .../alg-aes-xcbc/hosts/moon/etc/ipsec.conf | 2 -- testing/tests/pfkey/alg-sha384/evaltest.dat | 16 ++++++++------- .../alg-sha384/hosts/carol/etc/ipsec.conf | 2 -- .../alg-sha384/hosts/moon/etc/ipsec.conf | 2 -- testing/tests/pfkey/alg-sha512/evaltest.dat | 16 ++++++++------- .../alg-sha512/hosts/carol/etc/ipsec.conf | 2 -- .../alg-sha512/hosts/moon/etc/ipsec.conf | 2 -- testing/tests/pfkey/esp-alg-null/evaltest.dat | 12 ++++++----- .../esp-alg-null/hosts/carol/etc/ipsec.conf | 2 -- .../esp-alg-null/hosts/moon/etc/ipsec.conf | 2 -- .../pfkey/host2host-transport/evaltest.dat | 8 +++++--- .../hosts/moon/etc/ipsec.conf | 2 -- .../hosts/sun/etc/ipsec.conf | 2 -- .../{nat-two-rw => nat-rw}/description.txt | 0 testing/tests/pfkey/nat-rw/evaltest.dat | 12 +++++++++++ .../hosts/alice/etc/ipsec.conf | 2 -- .../hosts/alice/etc/strongswan.conf | 0 .../hosts/sun/etc/ipsec.conf | 2 -- .../hosts/sun/etc/strongswan.conf | 0 .../hosts/venus/etc/ipsec.conf | 2 -- .../hosts/venus/etc/strongswan.conf | 0 .../pfkey/{nat-two-rw => nat-rw}/posttest.dat | 0 .../pfkey/{nat-two-rw => nat-rw}/pretest.dat | 0 .../pfkey/{nat-two-rw => nat-rw}/test.conf | 0 testing/tests/pfkey/nat-two-rw/evaltest.dat | 9 --------- .../tests/pfkey/net2net-route/evaltest.dat | 9 ++++++--- .../net2net-route/hosts/moon/etc/ipsec.conf | 2 -- .../net2net-route/hosts/sun/etc/ipsec.conf | 2 -- .../tests/pfkey/protoport-dual/evaltest.dat | 10 ++++++---- .../protoport-dual/hosts/carol/etc/ipsec.conf | 2 -- .../protoport-dual/hosts/moon/etc/ipsec.conf | 2 -- .../tests/pfkey/protoport-route/evaltest.dat | 10 ++++++---- .../hosts/carol/etc/ipsec.conf | 2 -- .../protoport-route/hosts/moon/etc/ipsec.conf | 2 -- testing/tests/pfkey/rw-cert/evaltest.dat | 14 ++++++++----- .../pfkey/rw-cert/hosts/carol/etc/ipsec.conf | 2 -- .../pfkey/rw-cert/hosts/dave/etc/ipsec.conf | 2 -- .../pfkey/rw-cert/hosts/moon/etc/ipsec.conf | 2 -- .../tests/pfkey/shunt-policies/evaltest.dat | 20 +++++++++++-------- .../shunt-policies/hosts/moon/etc/ipsec.conf | 2 -- .../shunt-policies/hosts/sun/etc/ipsec.conf | 2 -- 43 files changed, 90 insertions(+), 111 deletions(-) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/description.txt (100%) create mode 100644 testing/tests/pfkey/nat-rw/evaltest.dat rename testing/tests/pfkey/{nat-two-rw => nat-rw}/hosts/alice/etc/ipsec.conf (88%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/hosts/alice/etc/strongswan.conf (100%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/hosts/sun/etc/ipsec.conf (92%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/hosts/sun/etc/strongswan.conf (100%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/hosts/venus/etc/ipsec.conf (88%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/hosts/venus/etc/strongswan.conf (100%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/posttest.dat (100%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/pretest.dat (100%) rename testing/tests/pfkey/{nat-two-rw => nat-rw}/test.conf (100%) delete mode 100644 testing/tests/pfkey/nat-two-rw/evaltest.dat diff --git a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat index 24e36eb77..9ca168e82 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat +++ b/testing/tests/pfkey/alg-aes-xcbc/evaltest.dat @@ -1,12 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_128/AES_XCBC_96/PRF_AES128_XCBC/MODP_2048::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_128/AES_XCBC_96,::YES -carol::ipsec statusall::home.*AES_CBC_128/AES_XCBC_96,::YES -moon::ip xfrm state::auth xcbc(aes)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_128/AES_XCBC_96,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_128/AES_XCBC_96,::YES +moon:: ip xfrm state::auth xcbc(aes)::YES carol::ip xfrm state::auth xcbc(aes)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES - diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf index 33e6a842b..806923e30 100755 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf index 208477deb..5f55bb7e7 100755 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/alg-sha384/evaltest.dat b/testing/tests/pfkey/alg-sha384/evaltest.dat index 31bb64c5e..21b3d5a4f 100644 --- a/testing/tests/pfkey/alg-sha384/evaltest.dat +++ b/testing/tests/pfkey/alg-sha384/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_3072::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES -carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES -moon::ip xfrm state::auth hmac(sha384)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_192/HMAC_SHA2_384_192,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192,::YES +moon:: ip xfrm state::auth hmac(sha384)::YES carol::ip xfrm state::auth hmac(sha384)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 208::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 208::YES diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf index d38b7dfcf..14fce0317 100755 --- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf index ea84cd8a4..06a887f5c 100755 --- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/alg-sha512/evaltest.dat b/testing/tests/pfkey/alg-sha512/evaltest.dat index e0f5fb7a3..7b94d2182 100644 --- a/testing/tests/pfkey/alg-sha512/evaltest.dat +++ b/testing/tests/pfkey/alg-sha512/evaltest.dat @@ -1,11 +1,13 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES -moon::ipsec statusall::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES -carol::ipsec statusall::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec statusall 2> /dev/null::rw.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES +carol::ipsec statusall 2> /dev/null::home.*IKE proposal.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096::YES carol::ping -c 1 -s 120 -p deadbeef 10.1.0.10::128 bytes from 10.1.0.10: icmp_seq=1::YES -moon::ipsec statusall::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES -carol::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES -moon::ip xfrm state::auth hmac(sha512)::YES +moon:: ipsec statusall 2> /dev/null::rw.*AES_CBC_256/HMAC_SHA2_512_256,::YES +carol::ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256,::YES +moon:: ip xfrm state::auth hmac(sha512)::YES carol::ip xfrm state::auth hmac(sha512)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 216::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 216::YES diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf index 583522d1b..33f619eab 100755 --- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf index 40fec93c0..f76a4264b 100755 --- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/esp-alg-null/evaltest.dat b/testing/tests/pfkey/esp-alg-null/evaltest.dat index d5c0a64c4..271e274c8 100644 --- a/testing/tests/pfkey/esp-alg-null/evaltest.dat +++ b/testing/tests/pfkey/esp-alg-null/evaltest.dat @@ -1,9 +1,11 @@ -moon::ipsec statusall::rw.*INSTALLED::YES -carol::ipsec statusall::home.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ipsec statusall::NULL/HMAC_SHA1_96::YES -carol::ipsec statusall::NULL/HMAC_SHA1_96::YES -moon::ip xfrm state::enc ecb(cipher_null)::YES +moon:: ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +carol::ipsec statusall 2> /dev/null::NULL/HMAC_SHA1_96::YES +moon:: ip xfrm state::enc ecb(cipher_null)::YES carol::ip xfrm state::enc ecb(cipher_null)::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length::YES diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf index 5640d74fc..dbf53b56a 100755 --- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf index 91f4a7c7f..deb022fed 100755 --- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=yes plutostart=no conn %default diff --git a/testing/tests/pfkey/host2host-transport/evaltest.dat b/testing/tests/pfkey/host2host-transport/evaltest.dat index b3cade48c..5ef5bed9c 100644 --- a/testing/tests/pfkey/host2host-transport/evaltest.dat +++ b/testing/tests/pfkey/host2host-transport/evaltest.dat @@ -1,8 +1,10 @@ +moon::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::host-host.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES +sun:: ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES moon::cat /var/log/daemon.log::parsed IKE_AUTH response.*N(USE_TRANSP)::YES -moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES -sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES moon::ip xfrm state::mode transport::YES -sun::ip xfrm state::mode transport::YES +sun:: ip xfrm state::mode transport::YES moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf index 7f6c5a58a..7b4ab6415 100755 --- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf index af52fb22b..c2d251a12 100755 --- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/nat-two-rw/description.txt b/testing/tests/pfkey/nat-rw/description.txt similarity index 100% rename from testing/tests/pfkey/nat-two-rw/description.txt rename to testing/tests/pfkey/nat-rw/description.txt diff --git a/testing/tests/pfkey/nat-rw/evaltest.dat b/testing/tests/pfkey/nat-rw/evaltest.dat new file mode 100644 index 000000000..a0b9c678f --- /dev/null +++ b/testing/tests/pfkey/nat-rw/evaltest.dat @@ -0,0 +1,12 @@ +alice::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*alice@strongswan.org.*sun.strongswan.org::YES +venus::ipsec status 2> /dev/null::nat-t.*ESTABLISHED.*venus.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat-t\[1]: ESTABLISHED.*sun.strongswan.org.*alice@strongswan.org::YES +sun:: ipsec status 2> /dev/null::nat-t\[2]: ESTABLISHED.*sun.strongswan.org.*venus.strongswan.org::YES +alice::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +venus::ipsec status 2> /dev/null::nat-t.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::nat-t[{]1}.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::nat-t[{]2}.*INSTALLED, TUNNEL::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES +moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf similarity index 88% rename from testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf rename to testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf index 3da2fcf86..28f7330f9 100755 --- a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/ipsec.conf +++ b/testing/tests/pfkey/nat-rw/hosts/alice/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf similarity index 100% rename from testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf rename to testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf similarity index 92% rename from testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf rename to testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf index d8b426318..fdd3b6192 100755 --- a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/ipsec.conf +++ b/testing/tests/pfkey/nat-rw/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf similarity index 100% rename from testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf rename to testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf similarity index 88% rename from testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf rename to testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf index 3a70b3434..9f7369db5 100755 --- a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/ipsec.conf +++ b/testing/tests/pfkey/nat-rw/hosts/venus/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf similarity index 100% rename from testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf rename to testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf diff --git a/testing/tests/pfkey/nat-two-rw/posttest.dat b/testing/tests/pfkey/nat-rw/posttest.dat similarity index 100% rename from testing/tests/pfkey/nat-two-rw/posttest.dat rename to testing/tests/pfkey/nat-rw/posttest.dat diff --git a/testing/tests/pfkey/nat-two-rw/pretest.dat b/testing/tests/pfkey/nat-rw/pretest.dat similarity index 100% rename from testing/tests/pfkey/nat-two-rw/pretest.dat rename to testing/tests/pfkey/nat-rw/pretest.dat diff --git a/testing/tests/pfkey/nat-two-rw/test.conf b/testing/tests/pfkey/nat-rw/test.conf similarity index 100% rename from testing/tests/pfkey/nat-two-rw/test.conf rename to testing/tests/pfkey/nat-rw/test.conf diff --git a/testing/tests/pfkey/nat-two-rw/evaltest.dat b/testing/tests/pfkey/nat-two-rw/evaltest.dat deleted file mode 100644 index bd0a4b52b..000000000 --- a/testing/tests/pfkey/nat-two-rw/evaltest.dat +++ /dev/null @@ -1,9 +0,0 @@ -alice::ipsec statusall::nat-t.*INSTALLED::YES -venus::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec statusall::nat-t.*INSTALLED::YES -sun::ipsec status::alice@strongswan.org::YES -sun::ipsec status::venus.strongswan.org::YES -alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES -moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES diff --git a/testing/tests/pfkey/net2net-route/evaltest.dat b/testing/tests/pfkey/net2net-route/evaltest.dat index a89e5a298..9adb31e97 100644 --- a/testing/tests/pfkey/net2net-route/evaltest.dat +++ b/testing/tests/pfkey/net2net-route/evaltest.dat @@ -1,6 +1,9 @@ -moon::cat /var/log/daemon.log::creating acquire job::YES -moon::ipsec statusall::net-net.*INSTALLED::YES -sun::ipsec statusall::net-net.*INSTALLED::YES +moon:: ipsec status 2> /dev/null::net-net.*ROUTED, TUNNEL::YES +moon:: cat /var/log/daemon.log::creating acquire job::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf index 8a2f8b77c..c15fdbb4f 100755 --- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf index 24e5df519..b93233168 100755 --- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf +++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/protoport-dual/evaltest.dat b/testing/tests/pfkey/protoport-dual/evaltest.dat index bd24b911c..d2fc698f9 100644 --- a/testing/tests/pfkey/protoport-dual/evaltest.dat +++ b/testing/tests/pfkey/protoport-dual/evaltest.dat @@ -1,7 +1,9 @@ -carol::ipsec statusall::home-icmp.*INSTALLED::YES -carol::ipsec statusall::home-ssh.*INSTALLED::YES -moon::ipsec statusall::rw-icmp.*INSTALLED::YES -moon::ipsec statusall::rw-ssh.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf index 51971a13c..d7c48a777 100755 --- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf index 0d7e8db3f..84ebd77e0 100755 --- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/protoport-route/evaltest.dat b/testing/tests/pfkey/protoport-route/evaltest.dat index 78d062918..09dfd8f42 100644 --- a/testing/tests/pfkey/protoport-route/evaltest.dat +++ b/testing/tests/pfkey/protoport-route/evaltest.dat @@ -2,9 +2,11 @@ carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES carol::ssh PH_IP_ALICE hostname::alice::YES carol::cat /var/log/daemon.log::creating acquire job::YES -carol::ipsec statusall::home-icmp.*INSTALLED::YES -carol::ipsec statusall::home-ssh.*INSTALLED::YES -moon::ipsec statusall::rw-icmp.*INSTALLED::YES -moon::ipsec statusall::rw-ssh.*INSTALLED::YES +carol::ipsec status 2> /dev/null::home-icmp.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +carol::ipsec status 2> /dev/null::home-icmp.*INSTALLED, TUNNEL::YES +carol::ipsec status 2> /dev/null::home-ssh.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-icmp.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw-ssh.*INSTALLED, TUNNEL::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf index d76a6ee17..bd0fbbecf 100755 --- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf index 0d7e8db3f..84ebd77e0 100755 --- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/rw-cert/evaltest.dat b/testing/tests/pfkey/rw-cert/evaltest.dat index 06a0f8cda..b545c2289 100644 --- a/testing/tests/pfkey/rw-cert/evaltest.dat +++ b/testing/tests/pfkey/rw-cert/evaltest.dat @@ -1,10 +1,14 @@ -moon::ipsec statusall::rw.*ESTABLISHED::YES -carol::ipsec statusall::home.*ESTABLISHED::YES -dave::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES +dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES +moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES +carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES +moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES - diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf index bcdb8641b..d0e7ae27f 100755 --- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf +++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf index ea8bc92a7..d917f6d5d 100755 --- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf +++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf index 274521386..00a522069 100755 --- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/shunt-policies/evaltest.dat b/testing/tests/pfkey/shunt-policies/evaltest.dat index 2f6e1a91f..87368fb31 100644 --- a/testing/tests/pfkey/shunt-policies/evaltest.dat +++ b/testing/tests/pfkey/shunt-policies/evaltest.dat @@ -1,15 +1,19 @@ -moon::ipsec statusall::net-net.*ESTABLISHED::YES -sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon:: ipsec status 2> /dev/null::local-net.*PASS::YES +moon:: ipsec status 2> /dev/null::venus-icmp.*DROP::YES +moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES +sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES +moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES +sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES venus::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::NO venus::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -moon::ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES -moon::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -moon::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES -bob::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES -bob::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES -bob::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO +moon:: ping -c 1 -I PH_IP_MOON1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +bob:: ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::NO sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES venus::ssh PH_IP_BOB hostname::bob::YES diff --git a/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf b/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf index a4958f295..f87bfa8e5 100755 --- a/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf +++ b/testing/tests/pfkey/shunt-policies/hosts/moon/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default diff --git a/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf b/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf index c3b36fb7c..f952be18b 100755 --- a/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf +++ b/testing/tests/pfkey/shunt-policies/hosts/sun/etc/ipsec.conf @@ -1,8 +1,6 @@ # /etc/ipsec.conf - strongSwan IPsec configuration file config setup - crlcheckinterval=180 - strictcrlpolicy=no plutostart=no conn %default