test-vector support in rw-cert scenarios
This commit is contained in:
Andreas Steffen
parent
e0b09f8e76
commit
c8db70156d
|
|
@ -0,0 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
pluto {
|
||||
load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,15 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac x509 xcbc stroke kernel-netlink
|
||||
}
|
||||
|
||||
pluto {
|
||||
load = curl aes des sha1 sha2 md5 gmp random pubkey hmac
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random pubkey hmac
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
pluto {
|
||||
load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
pluto {
|
||||
load = test-vectors sha1 sha2 md5 aes des hmac gmp pubkey random curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,5 +23,4 @@ conn rw-eap
|
|||
rightsendcert=never
|
||||
rightauth=eap-aka
|
||||
eap_identity=%any
|
||||
right=%any
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -9,15 +9,16 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=eap
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftnexthop=%direct
|
||||
leftid=carol@strongswan.org
|
||||
leftauth=eap
|
||||
leftfirewall=yes
|
||||
eap_identity=carol
|
||||
right=PH_IP_MOON
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightauth=pubkey
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -12,15 +12,15 @@ conn %default
|
|||
keyexchange=ikev2
|
||||
|
||||
conn rw-eap
|
||||
authby=rsasig
|
||||
eap=radius
|
||||
eap_identity=%identity
|
||||
left=PH_IP_MOON
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftid=@moon.strongswan.org
|
||||
leftcert=moonCert.pem
|
||||
leftauth=pubkey
|
||||
leftfirewall=yes
|
||||
rightid=*@strongswan.org
|
||||
rightsendcert=never
|
||||
rightauth=eap-radius
|
||||
eap_identity=%any
|
||||
right=%any
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -9,14 +9,15 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=eap
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftnexthop=%direct
|
||||
leftid=carol@strongswan.org
|
||||
leftauth=eap
|
||||
leftfirewall=yes
|
||||
right=PH_IP_MOON
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightauth=pubkey
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -12,14 +12,14 @@ conn %default
|
|||
keyexchange=ikev2
|
||||
|
||||
conn rw-eap
|
||||
authby=rsasig
|
||||
eap=radius
|
||||
left=PH_IP_MOON
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftid=@moon.strongswan.org
|
||||
leftcert=moonCert.pem
|
||||
leftauth=pubkey
|
||||
leftfirewall=yes
|
||||
rightid=*@strongswan.org
|
||||
rightauth=eap-radius
|
||||
rightsendcert=never
|
||||
right=%any
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -9,14 +9,15 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=eap
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftnexthop=%direct
|
||||
leftid=carol@strongswan.org
|
||||
leftauth=eap
|
||||
leftfirewall=yes
|
||||
right=PH_IP_MOON
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightauth=pubkey
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -12,14 +12,14 @@ conn %default
|
|||
keyexchange=ikev2
|
||||
|
||||
conn rw-eap
|
||||
authby=rsasig
|
||||
eap=md5
|
||||
left=PH_IP_MOON
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftid=@moon.strongswan.org
|
||||
leftcert=moonCert.pem
|
||||
leftauth=pubkey
|
||||
leftfirewall=yes
|
||||
rightid=*@strongswan.org
|
||||
rightauth=eap-md5
|
||||
rightsendcert=never
|
||||
right=%any
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -9,15 +9,16 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=eap
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftnexthop=%direct
|
||||
leftid=carol@strongswan.org
|
||||
leftfirewall=yes
|
||||
leftauth=eap
|
||||
eap_identity=228060123456001
|
||||
right=PH_IP_MOON
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightauth=pubkey
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -12,15 +12,15 @@ conn %default
|
|||
keyexchange=ikev2
|
||||
|
||||
conn rw-eap
|
||||
authby=rsasig
|
||||
eap=radius
|
||||
eap_identity=%identity
|
||||
left=PH_IP_MOON
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftid=@moon.strongswan.org
|
||||
leftcert=moonCert.pem
|
||||
leftauth=pubkey
|
||||
leftfirewall=yes
|
||||
rightid=*@strongswan.org
|
||||
rightauth=eap-radius
|
||||
eap_identity=%any
|
||||
rightsendcert=never
|
||||
right=%any
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -9,14 +9,15 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=eap
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftnexthop=%direct
|
||||
leftid=carol@strongswan.org
|
||||
leftauth=eap
|
||||
leftfirewall=yes
|
||||
right=PH_IP_MOON
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=10.1.0.0/16
|
||||
rightauth=pubkey
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -12,14 +12,14 @@ conn %default
|
|||
keyexchange=ikev2
|
||||
|
||||
conn rw-eapsim
|
||||
authby=rsasig
|
||||
eap=sim
|
||||
left=PH_IP_MOON
|
||||
leftsubnet=10.1.0.0/16
|
||||
leftid=@moon.strongswan.org
|
||||
leftcert=moonCert.pem
|
||||
leftauth=pubkey
|
||||
leftfirewall=yes
|
||||
rightid=*@strongswan.org
|
||||
rightauth=eap-sim
|
||||
right=%any
|
||||
rightsendcert=never
|
||||
auto=add
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
authby=ecdsasig
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
authby=ecdsasig
|
||||
|
||||
conn home
|
||||
left=PH_IP_DAVE
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = aes des sha1 sha2 md5 gmp openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev1
|
||||
authby=ecdsasig
|
||||
|
||||
conn carol
|
||||
also=moon
|
||||
|
|
|
|||
|
|
@ -3,3 +3,9 @@
|
|||
pluto {
|
||||
load = openssl pubkey random hmac curl
|
||||
}
|
||||
|
||||
# pluto uses optimized DH exponent sizes (RFC 3526)
|
||||
|
||||
libstrongswan {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=ecdsasig
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=ecdsasig
|
||||
|
||||
conn home
|
||||
left=PH_IP_DAVE
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ conn %default
|
|||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
authby=ecdsasig
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
|
|
|
|||
|
|
@ -1,5 +1,12 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
|
||||
load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,12 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac stroke kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
required = yes
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
dh_exponent_ansi_x9_42 = no
|
||||
load = curl openssl random x509 pubkey hmac stroke kernel-netlink updown
|
||||
load = curl test-vectors openssl random x509 pubkey hmac stroke kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-pfkey kernel-netlink updown
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,5 +6,11 @@ charon {
|
|||
database = sqlite:///etc/ipsec.d/ipsec.db
|
||||
}
|
||||
}
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,5 +6,11 @@ charon {
|
|||
database = sqlite:///etc/ipsec.d/ipsec.db
|
||||
}
|
||||
}
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,5 +6,11 @@ charon {
|
|||
database = sqlite:///etc/ipsec.d/ipsec.db
|
||||
}
|
||||
}
|
||||
load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
|
||||
load = curl test-vectors aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink updown sqlite sql
|
||||
}
|
||||
|
||||
libstrongswan {
|
||||
crypto_test {
|
||||
on_add = yes
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue