created IPv6 environment
This commit is contained in:
parent
32b6500fbf
commit
fc0afb6810
|
@ -308,9 +308,9 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port)
|
||||||
int skt;
|
int skt;
|
||||||
interface_t *interface;
|
interface_t *interface;
|
||||||
|
|
||||||
if (current->sin_family != AF_INET)
|
if (current->sin_family != AF_INET && current->sin_family != AF_INET6)
|
||||||
{
|
{
|
||||||
/* ignore all but AF_INET interfaces */
|
/* ignore all but IPv4 and IPv6 interfaces */
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -334,7 +334,7 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* set up interface socket */
|
/* set up interface socket */
|
||||||
skt = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
|
skt = socket(current->sin_family, SOCK_RAW, IPPROTO_UDP);
|
||||||
if (socket < 0)
|
if (socket < 0)
|
||||||
{
|
{
|
||||||
this->logger->log(this->logger, ERROR, "unable to open interface socket!");
|
this->logger->log(this->logger, ERROR, "unable to open interface socket!");
|
||||||
|
@ -347,7 +347,7 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
current->sin_port = htons(port);
|
current->sin_port = htons(port);
|
||||||
current->sin_family = AF_INET;
|
|
||||||
if (bind(skt, (struct sockaddr*)current, sizeof(struct sockaddr_in)) < 0)
|
if (bind(skt, (struct sockaddr*)current, sizeof(struct sockaddr_in)) < 0)
|
||||||
{
|
{
|
||||||
this->logger->log(this->logger, ERROR, "unable to bind interface socket!");
|
this->logger->log(this->logger, ERROR, "unable to bind interface socket!");
|
||||||
|
|
|
@ -31,13 +31,15 @@
|
||||||
#include "args.h"
|
#include "args.h"
|
||||||
#include "interfaces.h"
|
#include "interfaces.h"
|
||||||
|
|
||||||
|
/* strings containing a colon are interpreted as an IPv6 address */
|
||||||
|
#define ip_version(string) (strchr(string, ':') != NULL)? AF_INET6 : AF_INET;
|
||||||
|
|
||||||
static const char ike_defaults[] = "3des-sha, 3des-md5";
|
static const char ike_defaults[] = "3des-sha, 3des-md5";
|
||||||
static const char esp_defaults[] = "3des-sha1, 3des-md5";
|
static const char esp_defaults[] = "3des-sha1, 3des-md5";
|
||||||
|
|
||||||
static const char firewall_defaults[] = "ipsec _updown iptables";
|
static const char firewall_defaults[] = "ipsec _updown iptables";
|
||||||
|
|
||||||
static void
|
static void default_values(starter_config_t *cfg)
|
||||||
default_values(starter_config_t *cfg)
|
|
||||||
{
|
{
|
||||||
if (cfg == NULL)
|
if (cfg == NULL)
|
||||||
return;
|
return;
|
||||||
|
@ -167,22 +169,18 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (streq(value,"%any"))
|
else if (streq(value, "%any"))
|
||||||
{
|
{
|
||||||
anyaddr(conn->addr_family, &end->addr);
|
anyaddr(conn->addr_family, &end->addr);
|
||||||
}
|
}
|
||||||
else if (value[0] == '%')
|
else if (streq(value, "%any6"))
|
||||||
{
|
{
|
||||||
if (end->iface)
|
conn->addr_family = AF_INET6;
|
||||||
pfree(end->iface);
|
anyaddr(conn->addr_family, &end->addr);
|
||||||
end->iface = clone_str(value+1, "iface");
|
|
||||||
if (starter_iface_find(end->iface, conn->addr_family, &end->addr, &end->nexthop) == -1)
|
|
||||||
{
|
|
||||||
conn->state = STATE_INVALID;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
conn->addr_family = ip_version(value);
|
||||||
ugh = ttoaddr(value, 0, conn->addr_family, &end->addr);
|
ugh = ttoaddr(value, 0, conn->addr_family, &end->addr);
|
||||||
if (ugh != NULL)
|
if (ugh != NULL)
|
||||||
{
|
{
|
||||||
|
@ -203,10 +201,14 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (streq(value, "%direct"))
|
else if (streq(value, "%direct"))
|
||||||
|
{
|
||||||
ugh = anyaddr(conn->addr_family, &end->nexthop);
|
ugh = anyaddr(conn->addr_family, &end->nexthop);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
|
conn->addr_family = ip_version(value);
|
||||||
ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop);
|
ugh = ttoaddr(value, 0, conn->addr_family, &end->nexthop);
|
||||||
|
}
|
||||||
if (ugh != NULL)
|
if (ugh != NULL)
|
||||||
{
|
{
|
||||||
plog("# bad addr: %s=%s [%s]", name, value, ugh);
|
plog("# bad addr: %s=%s [%s]", name, value, ugh);
|
||||||
|
@ -222,6 +224,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
end->has_client = TRUE;
|
end->has_client = TRUE;
|
||||||
|
conn->tunnel_addr_family = ip_version(value);
|
||||||
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
|
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
|
||||||
if (ugh != NULL)
|
if (ugh != NULL)
|
||||||
{
|
{
|
||||||
|
@ -233,6 +236,7 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
|
||||||
case KW_SUBNETWITHIN:
|
case KW_SUBNETWITHIN:
|
||||||
end->has_client = TRUE;
|
end->has_client = TRUE;
|
||||||
end->has_client_wildcard = TRUE;
|
end->has_client_wildcard = TRUE;
|
||||||
|
conn->tunnel_addr_family = ip_version(value);
|
||||||
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
|
ugh = ttosubnet(value, 0, conn->tunnel_addr_family, &end->subnet);
|
||||||
break;
|
break;
|
||||||
case KW_PROTOPORT:
|
case KW_PROTOPORT:
|
||||||
|
@ -246,7 +250,8 @@ kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ugh = ttoaddr(value, 0, conn->addr_family, &end->srcip);
|
conn->tunnel_addr_family = ip_version(value);
|
||||||
|
ugh = ttoaddr(value, 0, conn->tunnel_addr_family, &end->srcip);
|
||||||
if (ugh != NULL)
|
if (ugh != NULL)
|
||||||
{
|
{
|
||||||
plog("# bad addr: %s=%s [%s]", name, value, ugh);
|
plog("# bad addr: %s=%s [%s]", name, value, ugh);
|
||||||
|
|
|
@ -157,13 +157,13 @@ set_whack_end(whack_end_t *w, starter_end_t *end)
|
||||||
w->host_addr = end->addr;
|
w->host_addr = end->addr;
|
||||||
w->host_nexthop = end->nexthop;
|
w->host_nexthop = end->nexthop;
|
||||||
w->host_srcip = end->srcip;
|
w->host_srcip = end->srcip;
|
||||||
|
|
||||||
if (end->has_client)
|
|
||||||
w->client = end->subnet;
|
|
||||||
else
|
|
||||||
w->client.addr.u.v4.sin_family = AF_INET;
|
|
||||||
|
|
||||||
w->has_client = end->has_client;
|
w->has_client = end->has_client;
|
||||||
|
|
||||||
|
if (w->has_client)
|
||||||
|
w->client = end->subnet;
|
||||||
|
else
|
||||||
|
w->client.addr.u.v4.sin_family = addrtypeof(&w->host_addr);
|
||||||
|
|
||||||
w->has_client_wildcard = end->has_client_wildcard;
|
w->has_client_wildcard = end->has_client_wildcard;
|
||||||
w->has_port_wildcard = end->has_port_wildcard;
|
w->has_port_wildcard = end->has_port_wildcard;
|
||||||
w->has_srcip = end->has_srcip;
|
w->has_srcip = end->has_srcip;
|
||||||
|
|
|
@ -68,39 +68,56 @@ cp -rfp $DEFAULTTESTSDIR/* $TESTSDIR
|
||||||
|
|
||||||
for host in $STRONGSWANHOSTS
|
for host in $STRONGSWANHOSTS
|
||||||
do
|
do
|
||||||
eval ip_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
|
eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
|
eval ipv6_${host}="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
case $host in
|
case $host in
|
||||||
moon)
|
moon)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_moon1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
searchandreplace PH_IP_MOON $ip_moon $TESTSDIR
|
searchandreplace PH_IP_MOON1 $ipv4_moon1 $TESTSDIR
|
||||||
searchandreplace PH_IP1_MOON $ip1_moon $TESTSDIR
|
searchandreplace PH_IP_MOON $ipv4_moon $TESTSDIR
|
||||||
|
eval ipv6_moon1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_MOON1 $ipv6_moon1 $TESTSDIR
|
||||||
|
searchandreplace PH_IP6_MOON $ipv6_moon $TESTSDIR
|
||||||
;;
|
;;
|
||||||
sun)
|
sun)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_sun1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
searchandreplace PH_IP_SUN $ip_sun $TESTSDIR
|
searchandreplace PH_IP_SUN1 $ipv4_sun1 $TESTSDIR
|
||||||
searchandreplace PH_IP1_SUN $ip1_sun $TESTSDIR
|
searchandreplace PH_IP_SUN $ipv4_sun $TESTSDIR
|
||||||
|
eval ipv6_sun1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_SUN1 $ipv6_sun1 $TESTSDIR
|
||||||
|
searchandreplace PH_IP6_SUN $ipv6_sun $TESTSDIR
|
||||||
;;
|
;;
|
||||||
alice)
|
alice)
|
||||||
searchandreplace PH_IP_ALICE $ip_alice $TESTSDIR
|
searchandreplace PH_IP_ALICE $ipv4_alice $TESTSDIR
|
||||||
|
searchandreplace PH_IP6_ALICE $ipv6_alice $TESTSDIR
|
||||||
;;
|
;;
|
||||||
venus)
|
venus)
|
||||||
searchandreplace PH_IP_VENUS $ip_venus $TESTSDIR
|
searchandreplace PH_IP_VENUS $ipv4_venus $TESTSDIR
|
||||||
|
searchandreplace PH_IP6_VENUS $ipv6_venus $TESTSDIR
|
||||||
;;
|
;;
|
||||||
bob)
|
bob)
|
||||||
searchandreplace PH_IP_BOB $ip_bob $TESTSDIR
|
searchandreplace PH_IP_BOB $ipv4_bob $TESTSDIR
|
||||||
|
searchandreplace PH_IPV6_BOB $ipv6_bob $TESTSDIR
|
||||||
;;
|
;;
|
||||||
carol)
|
carol)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_carol1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
searchandreplace PH_IP_CAROL $ip_carol $TESTSDIR
|
searchandreplace PH_IP_CAROL1 $ipv4_carol1 $TESTSDIR
|
||||||
searchandreplace PH_IP1_CAROL $ip1_carol $TESTSDIR
|
searchandreplace PH_IP_CAROL $ipv4_carol $TESTSDIR
|
||||||
|
eval ipv6_carol1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $TESTSDIR
|
||||||
|
searchandreplace PH_IP6_CAROL $ipv6_carol $TESTSDIR
|
||||||
;;
|
;;
|
||||||
dave)
|
dave)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_dave1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
searchandreplace PH_IP_DAVE $ip_dave $TESTSDIR
|
searchandreplace PH_IP_DAVE1 $ipv4_dave1 $TESTSDIR
|
||||||
searchandreplace PH_IP1_DAVE $ip1_dave $TESTSDIR
|
searchandreplace PH_IP_DAVE $ipv4_dave $TESTSDIR
|
||||||
|
eval ipv6_dave1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $TESTSDIR
|
||||||
|
searchandreplace PH_IP6_DAVE $ipv6_dave $TESTSDIR
|
||||||
;;
|
;;
|
||||||
winnetou)
|
winnetou)
|
||||||
searchandreplace PH_IP_WINNETOU $ip_winnetou $TESTSDIR
|
searchandreplace PH_IP_WINNETOU $ipv4_winnetou $TESTSDIR
|
||||||
|
searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $TESTSDIR
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
@ -198,7 +215,7 @@ do
|
||||||
iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'`
|
iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'`
|
||||||
tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &"
|
tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &"
|
||||||
echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG
|
echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG
|
||||||
ssh root@`eval echo \\\$ip_$host '$tcpdump_cmd'`
|
ssh root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'`
|
||||||
eval TDUP_${host}="true"
|
eval TDUP_${host}="true"
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -214,7 +231,7 @@ do
|
||||||
if ($2 != "")
|
if ($2 != "")
|
||||||
{
|
{
|
||||||
printf("echo \"%s# %s\"; ", $1, $2)
|
printf("echo \"%s# %s\"; ", $1, $2)
|
||||||
printf("ssh root@\044ip_%s \"%s\"; ", $1, $2)
|
printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2)
|
||||||
printf("echo;\n")
|
printf("echo;\n")
|
||||||
}
|
}
|
||||||
}' $TESTSDIR/${testname}/pretest.dat` >> $CONSOLE_LOG 2>&1
|
}' $TESTSDIR/${testname}/pretest.dat` >> $CONSOLE_LOG 2>&1
|
||||||
|
@ -226,7 +243,7 @@ do
|
||||||
|
|
||||||
function stop_tcpdump {
|
function stop_tcpdump {
|
||||||
echo "${1}# killall tcpdump" >> $CONSOLE_LOG
|
echo "${1}# killall tcpdump" >> $CONSOLE_LOG
|
||||||
eval ssh root@\$ip_${1} killall tcpdump
|
eval ssh root@\$ipv4_${1} killall tcpdump
|
||||||
eval TDUP_${1}="false"
|
eval TDUP_${1}="false"
|
||||||
echo ""
|
echo ""
|
||||||
}
|
}
|
||||||
|
@ -252,12 +269,12 @@ do
|
||||||
{
|
{
|
||||||
printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host)
|
printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host)
|
||||||
printf("echo \"%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit)
|
printf("echo \"%s# cat /tmp/tcpdump.log | grep \047%s\047 [%s]\"; ", host, pattern, hit)
|
||||||
printf("ssh root@\044ip_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern)
|
printf("ssh root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"; ", host, pattern)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
printf("echo \"%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit)
|
printf("echo \"%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit)
|
||||||
printf("ssh root@\044ip_%s %s | grep \"%s\"; ", host, command, pattern)
|
printf("ssh root@\044ipv4_%s %s | grep \"%s\"; ", host, command, pattern)
|
||||||
}
|
}
|
||||||
printf("cmd_exit=\044?; ")
|
printf("cmd_exit=\044?; ")
|
||||||
printf("echo; ")
|
printf("echo; ")
|
||||||
|
@ -310,7 +327,7 @@ do
|
||||||
|
|
||||||
for host in $IPSECHOSTS
|
for host in $IPSECHOSTS
|
||||||
do
|
do
|
||||||
eval HOSTLOGIN=root@\$ip_${host}
|
eval HOSTLOGIN=root@\$ipv4_${host}
|
||||||
|
|
||||||
for command in statusall listall
|
for command in statusall listall
|
||||||
do
|
do
|
||||||
|
@ -359,7 +376,7 @@ do
|
||||||
if ($2 != "")
|
if ($2 != "")
|
||||||
{
|
{
|
||||||
printf("echo \"%s# %s\"; ", $1, $2)
|
printf("echo \"%s# %s\"; ", $1, $2)
|
||||||
printf("ssh root@\044ip_%s \"%s\"; ", $1, $2)
|
printf("ssh root@\044ipv4_%s \"%s\"; ", $1, $2)
|
||||||
printf("echo;\n")
|
printf("echo;\n")
|
||||||
}
|
}
|
||||||
}' $TESTSDIR/${testname}/posttest.dat` >> $CONSOLE_LOG 2>&1
|
}' $TESTSDIR/${testname}/posttest.dat` >> $CONSOLE_LOG 2>&1
|
||||||
|
@ -371,7 +388,7 @@ do
|
||||||
|
|
||||||
for host in $IPSECHOSTS
|
for host in $IPSECHOSTS
|
||||||
do
|
do
|
||||||
eval HOSTLOGIN=root@\$ip_${host}
|
eval HOSTLOGIN=root@\$ipv4_${host}
|
||||||
ssh $HOSTLOGIN grep pluto /var/log/auth.log \
|
ssh $HOSTLOGIN grep pluto /var/log/auth.log \
|
||||||
> $TESTRESULTDIR/${host}.auth.log
|
> $TESTRESULTDIR/${host}.auth.log
|
||||||
echo >> $TESTRESULTDIR/${host}.auth.log
|
echo >> $TESTRESULTDIR/${host}.auth.log
|
||||||
|
@ -389,7 +406,7 @@ do
|
||||||
if [ "`eval echo \\\$TDUP_${host}`" = "true" ]
|
if [ "`eval echo \\\$TDUP_${host}`" = "true" ]
|
||||||
then
|
then
|
||||||
echo "${host}# killall tcpdump" >> $CONSOLE_LOG
|
echo "${host}# killall tcpdump" >> $CONSOLE_LOG
|
||||||
eval ssh root@\$ip_$host killall tcpdump
|
eval ssh root@\$ipv4_$host killall tcpdump
|
||||||
eval TDUP_${host}="false"
|
eval TDUP_${host}="false"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -452,10 +469,10 @@ cecho ""
|
||||||
HTDOCS="/var/www/localhost/htdocs"
|
HTDOCS="/var/www/localhost/htdocs"
|
||||||
|
|
||||||
cecho-n "Copying test results to winnetou.."
|
cecho-n "Copying test results to winnetou.."
|
||||||
ssh root@${ip_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1
|
ssh root@${ipv4_winnetou} mkdir -p $HTDOCS/testresults > /dev/null 2>&1
|
||||||
scp -r $TODAYDIR root@${ip_winnetou}:$HTDOCS/testresults > /dev/null 2>&1
|
scp -r $TODAYDIR root@${ipv4_winnetou}:$HTDOCS/testresults > /dev/null 2>&1
|
||||||
ssh root@${ip_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1
|
ssh root@${ipv4_winnetou} ln -s $HTDOCS/images $HTDOCS/testresults/$TESTDATE/images > /dev/null 2>&1
|
||||||
cecho "done"
|
cecho "done"
|
||||||
cecho ""
|
cecho ""
|
||||||
cecho "The results are available in $TODAYDIR"
|
cecho "The results are available in $TODAYDIR"
|
||||||
cecho "or via the link http://$ip_winnetou/testresults/$TESTDATE"
|
cecho "or via the link http://$ipv4_winnetou/testresults/$TESTDATE"
|
||||||
|
|
|
@ -3,9 +3,9 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_ALICE broadcast 10.1.255.255 netmask 255.255.0.0"
|
iface_eth0="PH_IP_ALICE broadcast 10.1.255.255 netmask 255.255.0.0 add PH_IP6_ALICE/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
gateway="eth0/PH_IP1_MOON"
|
gateway="eth0/PH_IP_MOON1"
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_BOB broadcast 10.2.255.255 netmask 255.255.0.0"
|
iface_eth0="PH_IP_BOB broadcast 10.2.255.255 netmask 255.255.0.0 add PH_IP6_BOB/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
gateway="eth0/PH_IP1_SUN"
|
gateway="eth0/PH_IP_SUN1"
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_CAROL broadcast 192.168.0.255 netmask 255.255.255.0"
|
iface_eth0="PH_IP_CAROL broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_CAROL/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_DAVE broadcast 192.168.0.255 netmask 255.255.255.0"
|
iface_eth0="PH_IP_DAVE broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_DAVE/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
|
|
|
@ -14,15 +14,15 @@
|
||||||
|
|
||||||
PH_IP_ALICE alice.strongswan.org alice
|
PH_IP_ALICE alice.strongswan.org alice
|
||||||
PH_IP_VENUS venus.strongswan.org venus
|
PH_IP_VENUS venus.strongswan.org venus
|
||||||
PH_IP1_MOON moon1.strongswan.org moon1
|
PH_IP_MOON1 moon1.strongswan.org moon1
|
||||||
PH_IP_MOON moon.strongswan.org moon
|
PH_IP_MOON moon.strongswan.org moon
|
||||||
PH_IP_CAROL carol.strongswan.org carol
|
PH_IP_CAROL carol.strongswan.org carol
|
||||||
PH_IP1_CAROL carol1.strongswan.org carol1
|
PH_IP_CAROL1 carol1.strongswan.org carol1
|
||||||
PH_IP_WINNETOU winnetou.strongswan.org winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
|
PH_IP_WINNETOU winnetou.strongswan.org winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
|
||||||
PH_IP_DAVE dave.strongswan.org dave
|
PH_IP_DAVE dave.strongswan.org dave
|
||||||
PH_IP1_DAVE dave1.strongswan.org dave1
|
PH_IP_DAVE1 dave1.strongswan.org dave1
|
||||||
PH_IP_SUN sun.strongswan.org sun
|
PH_IP_SUN sun.strongswan.org sun
|
||||||
PH_IP1_SUN sun1.strongswan.org sun1
|
PH_IP_SUN1 sun1.strongswan.org sun1
|
||||||
PH_IP_BOB bob.strongswan.org bob
|
PH_IP_BOB bob.strongswan.org bob
|
||||||
|
|
||||||
# IPV6 versions of localhost and co
|
# IPV6 versions of localhost and co
|
||||||
|
@ -32,3 +32,17 @@ ff00::0 ip6-mcastprefix
|
||||||
ff02::1 ip6-allnodes
|
ff02::1 ip6-allnodes
|
||||||
ff02::2 ip6-allrouters
|
ff02::2 ip6-allrouters
|
||||||
ff02::3 ip6-allhosts
|
ff02::3 ip6-allhosts
|
||||||
|
|
||||||
|
PH_IP6_ALICE ip6-alice.strongswan.org ip6-alice
|
||||||
|
PH_IP6_VENUS ip6-venus.strongswan.org ip6-venus
|
||||||
|
PH_IP6_MOON1 ip6-moon1.strongswan.org ip6-moon1
|
||||||
|
PH_IP6_MOON ip6-moon.strongswan.org ip6-moon
|
||||||
|
PH_IP6_CAROL ip6-carol.strongswan.org ip6-carol
|
||||||
|
PH_IP6_CAROL1 ip6-carol1.strongswan.org ip6-carol1
|
||||||
|
PH_IP6_WINNETOU ip6-winnetou.strongswan.org ip6-winnetou
|
||||||
|
PH_IP6_DAVE ip6-dave.strongswan.org ip6-dave
|
||||||
|
PH_IP6_DAVE1 ip6-dave1.strongswan.org ip6-dave1
|
||||||
|
PH_IP6_SUN ip6-sun.strongswan.org ip6-sun
|
||||||
|
PH_IP6_SUN1 ip6-sun1.strongswan.org ip6-sun1
|
||||||
|
PH_IP6_BOB ip6-bob.strongswan.org ip6-bob
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_MOON broadcast 192.168.0.255 netmask 255.255.255.0"
|
iface_eth0="PH_IP_MOON broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_MOON/16"
|
||||||
iface_eth1="PH_IP1_MOON broadcast 10.1.255.255 netmask 255.255.0.0"
|
iface_eth1="PH_IP_MOON1 broadcast 10.1.255.255 netmask 255.255.0.0 add PH_IP6_MOON1/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_SUN broadcast 192.168.0.255 netmask 255.255.255.0"
|
iface_eth0="PH_IP_SUN broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_SUN/16"
|
||||||
iface_eth1="PH_IP1_SUN broadcast 10.2.255.255 netmask 255.255.0.0"
|
iface_eth1="PH_IP_SUN1 broadcast 10.2.255.255 netmask 255.255.0.0 add PH_IP6_SUN1/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
|
|
|
@ -3,9 +3,9 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_VENUS broadcast 10.1.255.255 netmask 255.255.0.0"
|
iface_eth0="PH_IP_VENUS broadcast 10.1.255.255 netmask 255.255.0.0 add PH_IP6_VENUS/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
gateway="eth0/PH_IP1_MOON"
|
gateway="eth0/PH_IP_MOON1"
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# This is basically the ifconfig argument without the ifconfig $iface
|
# This is basically the ifconfig argument without the ifconfig $iface
|
||||||
#
|
#
|
||||||
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
iface_lo="127.0.0.1 netmask 255.0.0.0"
|
||||||
iface_eth0="PH_IP_WINNETOU broadcast 192.168.0.255 netmask 255.255.255.0"
|
iface_eth0="PH_IP_WINNETOU broadcast 192.168.0.255 netmask 255.255.255.0 add PH_IP6_WINNETOU/16"
|
||||||
|
|
||||||
# For setting the default gateway
|
# For setting the default gateway
|
||||||
#
|
#
|
||||||
|
|
|
@ -58,44 +58,61 @@ HOSTIP=`ifconfig eth0 |grep inet |sed -e "s/.*inet addr://" -e "s/ Bcast.*//"`
|
||||||
for host in $STRONGSWANHOSTS
|
for host in $STRONGSWANHOSTS
|
||||||
do
|
do
|
||||||
cecho-n "${host}.."
|
cecho-n "${host}.."
|
||||||
eval ip_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
|
eval ipv4_${host}="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
|
eval ipv6_${host}="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
|
|
||||||
[ "`eval echo \\\$ip_${host}`" != "$HOSTIP" ] || die "$host has the same IP as eth0 (Host)! Please change that."
|
[ "`eval echo \\\$ipv4_${host}`" != "$HOSTIP" ] || die "$host has the same IP as eth0 (Host)! Please change that."
|
||||||
|
|
||||||
case $host in
|
case $host in
|
||||||
moon)
|
moon)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_moon1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
[ "`eval echo \\\$ip1_${host}`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
|
[ "`eval echo \\\$ipv4_moon1`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
|
||||||
searchandreplace PH_IP_MOON $ip_moon $HOSTCONFIGDIR
|
searchandreplace PH_IP_MOON1 $ipv4_moon1 $HOSTCONFIGDIR
|
||||||
searchandreplace PH_IP1_MOON $ip1_moon $HOSTCONFIGDIR
|
searchandreplace PH_IP_MOON $ipv4_moon $HOSTCONFIGDIR
|
||||||
|
eval ipv6_moon1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_MOON1 $ipv6_moon1 $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_MOON $ipv6_moon $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
sun)
|
sun)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_sun1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
[ "`eval echo \\\$ip1_${host}`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
|
[ "`eval echo \\\$ipv4_sun1`" != "$HOSTIP" ] || die "eth1 of $host has the same IP as eth0 (Host)! Please change that."
|
||||||
searchandreplace PH_IP_SUN $ip_sun $HOSTCONFIGDIR
|
searchandreplace PH_IP_SUN1 $ipv4_sun1 $HOSTCONFIGDIR
|
||||||
searchandreplace PH_IP1_SUN $ip1_sun $HOSTCONFIGDIR
|
searchandreplace PH_IP_SUN $ipv4_sun $HOSTCONFIGDIR
|
||||||
|
eval ipv6_sun1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_SUN1 $ipv6_sun1 $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_SUN $ipv6_sun $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
alice)
|
alice)
|
||||||
searchandreplace PH_IP_ALICE $ip_alice $HOSTCONFIGDIR
|
searchandreplace PH_IP_ALICE $ipv4_alice $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_ALICE $ipv6_alice $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
venus)
|
venus)
|
||||||
searchandreplace PH_IP_VENUS $ip_venus $HOSTCONFIGDIR
|
searchandreplace PH_IP_VENUS $ipv4_venus $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_VENUS $ipv6_venus $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
bob)
|
bob)
|
||||||
searchandreplace PH_IP_BOB $ip_bob $HOSTCONFIGDIR
|
searchandreplace PH_IP_BOB $ipv4_bob $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_BOB $ipv6_bob $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
carol)
|
carol)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_carol1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
searchandreplace PH_IP_CAROL $ip_carol $HOSTCONFIGDIR
|
searchandreplace PH_IP_CAROL1 $ipv4_carol1 $HOSTCONFIGDIR
|
||||||
searchandreplace PH_IP1_CAROL $ip1_carol $HOSTCONFIGDIR
|
searchandreplace PH_IP_CAROL $ipv4_carol $HOSTCONFIGDIR
|
||||||
|
eval ipv6_carol1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_CAROL1 $ipv6_carol1 $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_CAROL $ipv6_carol $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
dave)
|
dave)
|
||||||
eval ip1_${host}="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $2 }' | awk '{ print $1 }'`"
|
eval ipv4_dave1="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
searchandreplace PH_IP_DAVE $ip_dave $HOSTCONFIGDIR
|
searchandreplace PH_IP_DAVE1 $ipv4_dave1 $HOSTCONFIGDIR
|
||||||
searchandreplace PH_IP1_DAVE $ip1_dave $HOSTCONFIGDIR
|
searchandreplace PH_IP_DAVE $ipv4_dave $HOSTCONFIGDIR
|
||||||
|
eval ipv6_dave1="`echo $HOSTNAMEIPV6 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $2 }' | awk '{ print $1 }'`"
|
||||||
|
searchandreplace PH_IP6_DAVE1 $ipv6_dave1 $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_DAVE $ipv6_dave $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
winnetou)
|
winnetou)
|
||||||
searchandreplace PH_IP_WINNETOU $ip_winnetou $HOSTCONFIGDIR
|
searchandreplace PH_IP_WINNETOU $ipv4_winnetou $HOSTCONFIGDIR
|
||||||
|
searchandreplace PH_IP6_WINNETOU $ipv6_winnetou $HOSTCONFIGDIR
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
|
@ -58,10 +58,10 @@ else
|
||||||
cecho "done"
|
cecho "done"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for host in $HOSTNAMEIPS
|
for host in $HOSTNAMEIPV4
|
||||||
do
|
do
|
||||||
HOSTNAME=`echo $host | awk -F : '{ print $1 }'`
|
HOSTNAME=`echo $host | awk -F, '{ print $1 }'`
|
||||||
IP=`echo $host | awk -F : '{ print $2 }'`
|
IP=`echo $host | awk -F, '{ print $2 }'`
|
||||||
if [ `grep "$IP " ~/.ssh/known_hosts | wc -l` != "0" ]
|
if [ `grep "$IP " ~/.ssh/known_hosts | wc -l` != "0" ]
|
||||||
then
|
then
|
||||||
cecho "!! Warning: An entry exists for the following IP address: $IP"
|
cecho "!! Warning: An entry exists for the following IP address: $IP"
|
||||||
|
|
|
@ -152,7 +152,7 @@ cp $LOOPDIR/etc/ssh/ssh_host_rsa_key $LOOPDIR/root/.ssh/id_rsa
|
||||||
|
|
||||||
for host in $STRONGSWANHOSTS
|
for host in $STRONGSWANHOSTS
|
||||||
do
|
do
|
||||||
eval ip="`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
|
eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
echo "$host,$ip `cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
|
echo "$host,$ip `cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
|
||||||
echo "`cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
|
echo "`cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
|
||||||
done
|
done
|
||||||
|
|
|
@ -46,7 +46,7 @@ if [ -d $TESTSDIR/$testname/hosts ]
|
||||||
then
|
then
|
||||||
for host in `ls $TESTSDIR/$testname/hosts`
|
for host in `ls $TESTSDIR/$testname/hosts`
|
||||||
do
|
do
|
||||||
eval HOSTLOGIN="root@`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
|
eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
scp -rp $TESTSDIR/$testname/hosts/$host/etc $HOSTLOGIN:/ > /dev/null 2>&1
|
scp -rp $TESTSDIR/$testname/hosts/$host/etc $HOSTLOGIN:/ > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -58,7 +58,7 @@ fi
|
||||||
|
|
||||||
for host in $IPSECHOSTS
|
for host in $IPSECHOSTS
|
||||||
do
|
do
|
||||||
eval HOSTLOGIN="root@`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
|
eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
ssh $HOSTLOGIN 'rm -f /var/log/auth.log; \
|
ssh $HOSTLOGIN 'rm -f /var/log/auth.log; \
|
||||||
kill -SIGHUP `cat /var/run/syslogd.pid`' > /dev/null 2>&1
|
kill -SIGHUP `cat /var/run/syslogd.pid`' > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
|
|
|
@ -47,7 +47,7 @@ if [ -d $TESTSDIR/${testname}/hosts ]
|
||||||
then
|
then
|
||||||
for host in `ls $TESTSDIR/${testname}/hosts`
|
for host in `ls $TESTSDIR/${testname}/hosts`
|
||||||
do
|
do
|
||||||
eval HOSTLOGIN="root@`echo $HOSTNAMEIPS | sed -n -e "s/^.*${host}://gp" | awk -F : '{ print $1 }' | awk '{ print $1 }'`"
|
eval HOSTLOGIN="root@`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F, '{ print $1 }' | awk '{ print $1 }'`"
|
||||||
scp -rp $HOSTCONFIGDIR/${host}/etc $HOSTLOGIN:/ > /dev/null 2>&1
|
scp -rp $HOSTCONFIGDIR/${host}/etc $HOSTLOGIN:/ > /dev/null 2>&1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -21,7 +21,7 @@ UMLTESTDIR=~/strongswan-testing
|
||||||
|
|
||||||
# Bzipped kernel sources
|
# Bzipped kernel sources
|
||||||
# (file extension .tar.bz2 required)
|
# (file extension .tar.bz2 required)
|
||||||
KERNEL=$UMLTESTDIR/linux-2.6.16.16.tar.bz2
|
KERNEL=$UMLTESTDIR/linux-2.6.16.19.tar.bz2
|
||||||
|
|
||||||
# Extract kernel version
|
# Extract kernel version
|
||||||
KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
|
KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
|
||||||
|
@ -98,20 +98,30 @@ SELECTEDTESTSONLY="no"
|
||||||
SELECTEDTESTS="net2net-cert"
|
SELECTEDTESTS="net2net-cert"
|
||||||
|
|
||||||
##############################################################
|
##############################################################
|
||||||
# hostname and according IP(s)
|
# hostname and corresponding IPv4 and IPv6 addresses
|
||||||
# You may change the IPs but keep them in the same net,
|
# You may change the IPs but keep them in the same subnet,
|
||||||
# this means retain the netmasks!
|
# this means retain the netmasks!
|
||||||
# Also don't use IPs ending with 254, they are reserved!
|
# Also don't use IPs ending with 254, they are reserved!
|
||||||
#
|
#
|
||||||
HOSTNAMEIPS="\
|
HOSTNAMEIPV4="\
|
||||||
alice:10.1.0.10 \
|
alice,10.1.0.10 \
|
||||||
venus:10.1.0.20 \
|
venus,10.1.0.20 \
|
||||||
moon:192.168.0.1:10.1.0.1 \
|
moon,192.168.0.1,10.1.0.1 \
|
||||||
carol:192.168.0.100:10.3.0.1 \
|
carol,192.168.0.100,10.3.0.1 \
|
||||||
winnetou:192.168.0.150 \
|
winnetou,192.168.0.150 \
|
||||||
dave:192.168.0.200:10.3.0.2 \
|
dave,192.168.0.200,10.3.0.2 \
|
||||||
sun:192.168.0.2:10.2.0.1 \
|
sun,192.168.0.2,10.2.0.1 \
|
||||||
bob:10.2.0.10"
|
bob,10.2.0.10"
|
||||||
|
|
||||||
|
HOSTNAMEIPV6="\
|
||||||
|
alice,fec1::10 \
|
||||||
|
venus,fec1::20 \
|
||||||
|
moon,fec0::1,fec1::1 \
|
||||||
|
carol,fec0::10,fec3::1 \
|
||||||
|
winnetou,fec0::15 \
|
||||||
|
dave,fec0::20,fec3::2 \
|
||||||
|
sun,fec0::2,fec2::1 \
|
||||||
|
bob,fec2::10"
|
||||||
|
|
||||||
##############################################################
|
##############################################################
|
||||||
# VPN gateways / clients
|
# VPN gateways / clients
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
|
alice::ipsec status::nat-t.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||||
bob::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
|
bob::ipsec status::nat-t.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||||
alice::ping -c 1 PH_IP1_SUN::64 bytes from PH_IP1_SUN: icmp_seq=1::YES
|
alice::ping -c 1 PH_IP_SUN1::64 bytes from PH_IP_SUN1: icmp_seq=1::YES
|
||||||
moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
|
moon::tcpdump::IP moon.strongswan.org.* > sun.strongswan.org.ipsec-nat-t: UDP::YES
|
||||||
moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
|
moon::tcpdump::IP sun.strongswan.org.ipsec-nat-t > moon.strongswan.org.*: UDP::YES
|
||||||
|
|
|
@ -6,9 +6,11 @@ config setup
|
||||||
plutostart=no
|
plutostart=no
|
||||||
|
|
||||||
conn host-host
|
conn host-host
|
||||||
left=PH_IP_SUN
|
left=PH_IP_MOON
|
||||||
leftcert=sunCert.pem
|
leftcert=moonCert.pem
|
||||||
right=PH_IP_MOON
|
leftid=@moon.strongswan.org
|
||||||
rightcert=moonCert.pem
|
right=PH_IP_SUN
|
||||||
|
rightcert=sunCert.pem
|
||||||
|
rightid=@sun.strongswan.org
|
||||||
keyexchange=ikev2
|
keyexchange=ikev2
|
||||||
auto=add
|
auto=add
|
||||||
|
|
|
@ -6,9 +6,11 @@ config setup
|
||||||
plutostart=no
|
plutostart=no
|
||||||
|
|
||||||
conn host-host
|
conn host-host
|
||||||
left=PH_IP_MOON
|
left=PH_IP_SUN
|
||||||
leftcert=moonCert.pem
|
leftcert=sunCert.pem
|
||||||
right=PH_IP_SUN
|
leftid=@sun.strongswan.org
|
||||||
rightcert=sunCert.pem
|
right=PH_IP_MOON
|
||||||
|
rightcert=moonCert.pem
|
||||||
|
rightid=@moon.strongswan.org
|
||||||
keyexchange=ikev2
|
keyexchange=ikev2
|
||||||
auto=add
|
auto=add
|
||||||
|
|
|
@ -2,8 +2,15 @@
|
||||||
|
|
||||||
version 2.0 # conforms to second version of ipsec.conf specification
|
version 2.0 # conforms to second version of ipsec.conf specification
|
||||||
|
|
||||||
|
config setup
|
||||||
|
plutodebug=control
|
||||||
|
crlcheckinterval=180
|
||||||
|
|
||||||
conn %default
|
conn %default
|
||||||
|
ikelifetime=60m
|
||||||
|
keylife=20m
|
||||||
left=PH_IP_MOON
|
left=PH_IP_MOON
|
||||||
|
leftnexthop=%direct
|
||||||
leftcert=moonCert.pem
|
leftcert=moonCert.pem
|
||||||
leftid=@moon.strongswan.org
|
leftid=@moon.strongswan.org
|
||||||
leftsubnet=10.1.0.0/16
|
leftsubnet=10.1.0.0/16
|
||||||
|
|
|
@ -15,7 +15,7 @@ conn %default
|
||||||
keyingtries=1
|
keyingtries=1
|
||||||
right=PH_IP_MOON
|
right=PH_IP_MOON
|
||||||
rightsubnet=10.1.0.0/16
|
rightsubnet=10.1.0.0/16
|
||||||
rightsourceip=PH_IP1_MOON
|
rightsourceip=PH_IP_MOON1
|
||||||
rightnexthop=%direct
|
rightnexthop=%direct
|
||||||
rightcert=moonCert.pem
|
rightcert=moonCert.pem
|
||||||
rightid=@moon.strongswan.org
|
rightid=@moon.strongswan.org
|
||||||
|
@ -24,11 +24,11 @@ conn %default
|
||||||
conn rw-carol
|
conn rw-carol
|
||||||
left=%any
|
left=%any
|
||||||
leftid=carol@strongswan.org
|
leftid=carol@strongswan.org
|
||||||
leftsourceip=PH_IP1_CAROL
|
leftsourceip=PH_IP_CAROL1
|
||||||
auto=add
|
auto=add
|
||||||
|
|
||||||
conn rw-dave
|
conn rw-dave
|
||||||
left=%any
|
left=%any
|
||||||
leftid=dave@strongswan.org
|
leftid=dave@strongswan.org
|
||||||
leftsourceip=PH_IP1_DAVE
|
leftsourceip=PH_IP_DAVE1
|
||||||
auto=add
|
auto=add
|
||||||
|
|
|
@ -7,5 +7,5 @@ dave::ipsec stop
|
||||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||||
dave::/etc/init.d/iptables stop 2> /dev/null
|
dave::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::ip addr del PH_IP1_CAROL/32 dev eth0
|
carol::ip addr del PH_IP_CAROL1/32 dev eth0
|
||||||
dave::ip addr del PH_IP1_DAVE/32 dev eth0
|
dave::ip addr del PH_IP_DAVE1/32 dev eth0
|
||||||
|
|
|
@ -15,7 +15,7 @@ conn %default
|
||||||
keyingtries=1
|
keyingtries=1
|
||||||
left=PH_IP_MOON
|
left=PH_IP_MOON
|
||||||
leftsubnet=10.1.0.0/16
|
leftsubnet=10.1.0.0/16
|
||||||
leftsourceip=PH_IP1_MOON
|
leftsourceip=PH_IP_MOON1
|
||||||
leftnexthop=%direct
|
leftnexthop=%direct
|
||||||
leftcert=moonCert.pem
|
leftcert=moonCert.pem
|
||||||
leftid=@moon.strongswan.org
|
leftid=@moon.strongswan.org
|
||||||
|
@ -24,11 +24,11 @@ conn %default
|
||||||
conn rw-carol
|
conn rw-carol
|
||||||
right=%any
|
right=%any
|
||||||
rightid=carol@strongswan.org
|
rightid=carol@strongswan.org
|
||||||
rightsourceip=PH_IP1_CAROL
|
rightsourceip=PH_IP_CAROL1
|
||||||
auto=add
|
auto=add
|
||||||
|
|
||||||
conn rw-dave
|
conn rw-dave
|
||||||
right=%any
|
right=%any
|
||||||
rightid=dave@strongswan.org
|
rightid=dave@strongswan.org
|
||||||
rightsourceip=PH_IP1_DAVE
|
rightsourceip=PH_IP_DAVE1
|
||||||
auto=add
|
auto=add
|
||||||
|
|
|
@ -7,5 +7,5 @@ dave::ipsec stop
|
||||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||||
dave::/etc/init.d/iptables stop 2> /dev/null
|
dave::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::ip addr del PH_IP1_CAROL/32 dev eth0
|
carol::ip addr del PH_IP_CAROL1/32 dev eth0
|
||||||
dave::ip addr del PH_IP1_DAVE/32 dev eth0
|
dave::ip addr del PH_IP_DAVE1/32 dev eth0
|
||||||
|
|
|
@ -7,3 +7,4 @@ moon::ipsec start
|
||||||
carol::sleep 2
|
carol::sleep 2
|
||||||
carol::ipsec up home
|
carol::ipsec up home
|
||||||
dave::ipsec up home
|
dave::ipsec up home
|
||||||
|
carol::sleep 1
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||||
carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
|
||||||
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
|
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
|
||||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||||
carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
|
||||||
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
|
carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname::alice::YES
|
||||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
carol::ping -c 2 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
|
carol::ping -c 2 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq::YES
|
||||||
carol::ping -c 2 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq::YES
|
carol::ping -c 2 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq::YES
|
||||||
carol::ssh PH_IP_ALICE hostname::alice::YES
|
carol::ssh PH_IP_ALICE hostname::alice::YES
|
||||||
carol::cat /var/log/auth.log::initiate on demand::YES
|
carol::cat /var/log/auth.log::initiate on demand::YES
|
||||||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
conn %default
|
conn %default
|
||||||
left=PH_IP_MOON
|
left=PH_IP_MOON
|
||||||
leftsubnet=10.1.0.0/16
|
leftsubnet=10.1.0.0/16
|
||||||
leftsourceip=PH_IP1_MOON
|
leftsourceip=PH_IP_MOON1
|
||||||
leftnexthop=%direct
|
leftnexthop=%direct
|
||||||
leftcert=moonCert.pem
|
leftcert=moonCert.pem
|
||||||
leftid=@moon.strongswan.org
|
leftid=@moon.strongswan.org
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
conn rw-carol
|
conn rw-carol
|
||||||
right=%any
|
right=%any
|
||||||
rightid=carol@strongswan.org
|
rightid=carol@strongswan.org
|
||||||
rightsourceip=PH_IP1_CAROL
|
rightsourceip=PH_IP_CAROL1
|
||||||
auto=add
|
auto=add
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,6 @@
|
||||||
conn rw-dave
|
conn rw-dave
|
||||||
right=%any
|
right=%any
|
||||||
rightid=dave@strongswan.org
|
rightid=dave@strongswan.org
|
||||||
rightsourceip=PH_IP1_DAVE
|
rightsourceip=PH_IP_DAVE1
|
||||||
auto=add
|
auto=add
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ dave::ipsec stop
|
||||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||||
dave::/etc/init.d/iptables stop 2> /dev/null
|
dave::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::ip addr del PH_IP1_CAROL/32 dev eth0
|
carol::ip addr del PH_IP_CAROL1/32 dev eth0
|
||||||
dave::ip addr del PH_IP1_DAVE/32 dev eth0
|
dave::ip addr del PH_IP_DAVE1/32 dev eth0
|
||||||
moon::rm /etc/ipsec.connections /etc/ipsec.host
|
moon::rm /etc/ipsec.connections /etc/ipsec.host
|
||||||
moon::rm -r /etc/ipsec.peers
|
moon::rm -r /etc/ipsec.peers
|
||||||
|
|
|
@ -8,3 +8,4 @@ moon::ipsec start --debug-all
|
||||||
carol::sleep 2
|
carol::sleep 2
|
||||||
carol::ipsec up home
|
carol::ipsec up home
|
||||||
dave::ipsec up home
|
dave::ipsec up home
|
||||||
|
carol::sleep 1
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||||
carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
|
||||||
moon::ping -c 1 PH_IP1_CAROL::64 bytes from PH_IP1_CAROL: icmp_seq=1::YES
|
moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
|
||||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||||
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: icmp::YES
|
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: icmp::YES
|
||||||
|
|
|
@ -16,7 +16,7 @@ conn %default
|
||||||
|
|
||||||
conn home
|
conn home
|
||||||
right=PH_IP_CAROL
|
right=PH_IP_CAROL
|
||||||
rightsourceip=PH_IP1_CAROL
|
rightsourceip=PH_IP_CAROL1
|
||||||
rightnexthop=%direct
|
rightnexthop=%direct
|
||||||
rightcert=carolCert.pem
|
rightcert=carolCert.pem
|
||||||
rightid=carol@strongswan.org
|
rightid=carol@strongswan.org
|
||||||
|
|
|
@ -16,7 +16,7 @@ conn %default
|
||||||
|
|
||||||
conn rw
|
conn rw
|
||||||
right=PH_IP_MOON
|
right=PH_IP_MOON
|
||||||
rightsourceip=PH_IP1_MOON
|
rightsourceip=PH_IP_MOON1
|
||||||
rightnexthop=%direct
|
rightnexthop=%direct
|
||||||
rightcert=moonCert.pem
|
rightcert=moonCert.pem
|
||||||
rightid=@moon.strongswan.org
|
rightid=@moon.strongswan.org
|
||||||
|
|
|
@ -4,4 +4,4 @@ moon::ipsec stop
|
||||||
carol::ipsec stop
|
carol::ipsec stop
|
||||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::ip addr del PH_IP1_CAROL/32 dev eth0
|
carol::ip addr del PH_IP_CAROL1/32 dev eth0
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||||
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||||
carol::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
|
carol::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
|
||||||
moon::ping -c 1 PH_IP1_CAROL::64 bytes from PH_IP1_CAROL: icmp_seq=1::YES
|
moon::ping -c 1 PH_IP_CAROL1::64 bytes from PH_IP_CAROL1: icmp_seq=1::YES
|
||||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||||
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: icmp::YES
|
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: icmp::YES
|
||||||
|
|
|
@ -16,7 +16,7 @@ conn %default
|
||||||
|
|
||||||
conn home
|
conn home
|
||||||
left=PH_IP_CAROL
|
left=PH_IP_CAROL
|
||||||
leftsourceip=PH_IP1_CAROL
|
leftsourceip=PH_IP_CAROL1
|
||||||
leftnexthop=%direct
|
leftnexthop=%direct
|
||||||
leftcert=carolCert.pem
|
leftcert=carolCert.pem
|
||||||
leftid=carol@strongswan.org
|
leftid=carol@strongswan.org
|
||||||
|
|
|
@ -16,7 +16,7 @@ conn %default
|
||||||
|
|
||||||
conn rw
|
conn rw
|
||||||
left=PH_IP_MOON
|
left=PH_IP_MOON
|
||||||
leftsourceip=PH_IP1_MOON
|
leftsourceip=PH_IP_MOON1
|
||||||
leftnexthop=%direct
|
leftnexthop=%direct
|
||||||
leftcert=moonCert.pem
|
leftcert=moonCert.pem
|
||||||
leftid=@moon.strongswan.org
|
leftid=@moon.strongswan.org
|
||||||
|
|
|
@ -4,4 +4,4 @@ moon::ipsec stop
|
||||||
carol::ipsec stop
|
carol::ipsec stop
|
||||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
carol::/etc/init.d/iptables stop 2> /dev/null
|
||||||
carol::ip addr del PH_IP1_CAROL/32 dev eth0
|
carol::ip addr del PH_IP_CAROL1/32 dev eth0
|
||||||
|
|
|
@ -4,3 +4,4 @@ carol::ipsec start
|
||||||
moon::ipsec start
|
moon::ipsec start
|
||||||
carol::sleep 2
|
carol::sleep 2
|
||||||
carol::ipsec up home
|
carol::ipsec up home
|
||||||
|
carol::sleep 1
|
||||||
|
|
|
@ -3,7 +3,7 @@ venus::ipsec status::wlan.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||||
moon::ipsec status::alice.*STATE_QUICK_R2.*IPsec SA established::YES
|
moon::ipsec status::alice.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||||
moon::ipsec status::venus.*STATE_QUICK_R2.*IPsec SA established::YES
|
moon::ipsec status::venus.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||||
alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
|
alice::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES
|
||||||
alice::ping -c 1 PH_IP1_MOON::64 bytes from PH_IP1_MOON: icmp_seq=1::YES
|
alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
|
||||||
alice::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
|
alice::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
|
||||||
alice::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
|
alice::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
|
||||||
venus::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
|
venus::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
|
||||||
|
|
|
@ -31,7 +31,7 @@ conn wlan
|
||||||
leftcert=aliceCert.pem
|
leftcert=aliceCert.pem
|
||||||
leftid=alice@strongswan.org
|
leftid=alice@strongswan.org
|
||||||
leftfirewall=yes
|
leftfirewall=yes
|
||||||
right=PH_IP1_MOON
|
right=PH_IP_MOON1
|
||||||
rightid=@moon.strongswan.org
|
rightid=@moon.strongswan.org
|
||||||
rightsubnet=0.0.0.0/0
|
rightsubnet=0.0.0.0/0
|
||||||
auto=add
|
auto=add
|
||||||
|
|
|
@ -28,7 +28,7 @@ conn venus
|
||||||
auto=add
|
auto=add
|
||||||
|
|
||||||
conn wlan
|
conn wlan
|
||||||
left=PH_IP1_MOON
|
left=PH_IP_MOON1
|
||||||
leftnexthop=%direct
|
leftnexthop=%direct
|
||||||
leftsubnet=0.0.0.0/0
|
leftsubnet=0.0.0.0/0
|
||||||
leftcert=moonCert.pem
|
leftcert=moonCert.pem
|
||||||
|
|
|
@ -31,7 +31,7 @@ conn wlan
|
||||||
leftcert=venusCert.pem
|
leftcert=venusCert.pem
|
||||||
leftid=@venus.strongswan.org
|
leftid=@venus.strongswan.org
|
||||||
leftfirewall=yes
|
leftfirewall=yes
|
||||||
right=PH_IP1_MOON
|
right=PH_IP_MOON1
|
||||||
rightid=@moon.strongswan.org
|
rightid=@moon.strongswan.org
|
||||||
rightsubnet=0.0.0.0/0
|
rightsubnet=0.0.0.0/0
|
||||||
auto=add
|
auto=add
|
||||||
|
|
Loading…
Reference in New Issue