Andreas Steffen
eba2622587
testing: Migrate ikev2-stroke-bye scenarios to vici
2021-06-22 10:23:06 +02:00
Andreas Steffen
706c58b291
testing: Fixed pretest script of ikev1/rw-psk-aggressive scenario
2021-06-21 12:03:36 +02:00
Andreas Steffen
7c5a2974b9
testing: Reorganizing IKEv1 and IKEv2 examples
...
For documentation purposes the new folders ikev1-algs, ikev2-algs,
ikev1-multi-ca and ikev2-multi-ca have been created. Most of the
test cases have now been converted to the vici interface. The
remaining legacy stroke scenarios yet to be converted have been put
into the ikev2-stroke-bye folder.
For documentation purposes some legacy stroke scenarios will be kept
in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
2021-05-21 09:42:50 +02:00
Tobias Brunner
a6f0e19bf5
Fixed some typos, courtesy of codespell
2020-11-04 10:06:46 +01:00
zhangkaiheb@126.com
9d8d85f23c
testing: Fix SHA description in ikev*/esp-alg-null scenarios
2019-11-07 11:33:09 +01:00
Andreas Steffen
f05e9eebb0
testing: Added drbg plugin where required
2019-10-18 16:24:39 +02:00
Andreas Steffen
cfeae14b06
testing: Deleting dynamic test keys and certificates
2019-05-08 14:56:48 +02:00
Andreas Steffen
8db01c6a3f
testing: Script building fresh certificates
2019-05-08 14:56:48 +02:00
Tobias Brunner
bc0a01ff2e
testing: Update documentation in headers of all updown scripts
2019-04-29 17:43:04 +02:00
Tobias Brunner
231828f810
testing: Config changes for FreeRADIUS 3.0
...
Also includes some changes for jessie's version of FreeRADIUS 2 (was
previously a custom version).
Besides the move to a subdir the config files were adapted for 3.0.
The rlm_sim_files module was removed with FreeRADIUS 3 and Debian's
package of FreeRADIUS 2 does not ship it, so we now replicate it using
the files module (via users file, which is actually a symlink to
mods-config/files/authorize in the default installation of FreeRADIUS 3).
Another approach was tried using rlm_passwd, however, that module does
not read binary/hex data, only printable strings, which would require
changing the triplets.
For 2.x a hack in the site config is necessary to make the attributes
available to the EAP-SIM module.
2018-11-21 14:32:25 +01:00
Tobias Brunner
a8112cc174
testing: Use freeradius instead of the removed radiusd to start FreeRADIUS
2018-11-21 14:32:25 +01:00
Tobias Brunner
47ec761674
testing: Fix checks after changing fragmentation log messages
2018-07-09 17:15:07 +02:00
Tobias Brunner
ce4aebe00a
testing: Configure logging via syslog in strongswan.conf
...
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
2017-11-15 17:24:04 +01:00
Andreas Steffen
99c03e9a11
testing: make curve25519 the default DH group
2016-11-14 16:20:51 +01:00
Andreas Steffen
188b190a70
mgf1: Refactored MGF1 as an XOF
2016-09-21 06:40:52 +02:00
Tobias Brunner
c3e5109c37
testing: Add ikev1/net2net-esn scenario
2016-06-29 11:16:48 +02:00
Tobias Brunner
aacf84d837
testing: Add expect-connection calls for all tests and hosts
...
There are some exceptions (e.g. those that use auto=start or p2pnat).
2016-06-16 14:35:18 +02:00
Tobias Brunner
8f56bbc82b
testing: Update test scenarios for Debian jessie
...
The main difference is that ping now reports icmp_seq instead of
icmp_req, so we match for icmp_.eq, which works with both releases.
tcpdump now also reports port 4500 as ipsec-nat-t.
2016-06-16 14:04:11 +02:00
Tobias Brunner
796c36ade1
testing: Fix scenarios that check /etc/resolv.conf
2016-06-13 16:18:38 +02:00
Andreas Steffen
141ac4df8f
testing: wait until connections are loaded
2016-05-15 19:02:57 +02:00
Andreas Steffen
07b0eac4b1
testing: attr-sql is a charon plugin
2016-03-05 15:53:22 +01:00
Tobias Brunner
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
Thomas Egerer
beb4a07ea8
ikev1: Log successful authentication with signature scheme
...
Output is now identical to that of the IKEv2 pubkey authenticator.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-02-01 15:58:53 +01:00
Tobias Brunner
1a79525559
testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs
2015-12-21 12:14:12 +01:00
Andreas Steffen
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
Andreas Steffen
c4b9b7ef2c
testing: Fixed another timing issue
2015-11-13 14:02:06 +01:00
Andreas Steffen
946bc3a3f5
testing: Fixed some more timing issues
2015-11-10 16:54:38 +01:00
Tobias Brunner
10051b01e9
testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs
2015-11-09 15:18:39 +01:00
Tobias Brunner
f519acd42f
testing: Remove nearly all sleep calls from pretest and posttest scripts
...
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
2015-11-09 15:18:35 +01:00
Tobias Brunner
f36b6d49af
testing: Adapt tests to retransmission settings and reduce DPD delay/timeout
2015-11-09 15:18:34 +01:00
Tobias Brunner
e9ea7e6fb7
testing: Updated environment variable documentation in updown scripts
2015-08-31 11:00:05 +02:00
Andreas Steffen
362e87e3e0
testing: Updated carol's certificate from research CA and dave's certificate from sales CA
2015-04-26 16:52:06 +02:00
Martin Willi
2b0f34a2ef
testing: Don't check for exact IKEv1 fragment size
...
Similar to 7a9c0d51
, the exact packet size depends on many factors we don't
want to consider in this test case.
2015-03-10 10:21:16 +01:00
Tobias Brunner
8b2af616ac
testing: Update modified updown scripts to the latest template
...
This avoids confusion and makes identifying the changes needed for each
scenario easier.
2015-03-06 16:51:50 +01:00
Martin Willi
050556bf59
testing: Be a little more flexible in testing for established CHILD_SA modes
...
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
2015-02-20 13:34:58 +01:00
Andreas Steffen
9b01a061ec
Increased check size du to INITIAL_CONTACT notify
2014-11-29 14:57:41 +01:00
Tobias Brunner
144b40e07c
testing: Update ikev1/net2net-fragmentation scenario
2014-10-10 09:32:42 +02:00
Tobias Brunner
2c7ad260f9
testing: Update carols certificate in several test cases
2014-10-03 12:44:13 +02:00
Martin Willi
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
Tobias Brunner
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
Andreas Steffen
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
Andreas Steffen
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
Tobias Brunner
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
Andreas Steffen
f0ffb9f9af
Fixed description of ikev1/rw-ntru-psk scenario
2014-02-12 13:21:46 +01:00
Andreas Steffen
83caf0827c
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
2014-02-12 13:16:34 +01:00
Martin Willi
fa7815538f
testing: Add an IKEv1 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
Martin Willi
ef4560121d
testing: Add an IKEv1 net2net AH test case
2013-10-11 10:15:22 +02:00
Andreas Steffen
97346f2a7e
Added ikev1/config-payload-push scenario
2013-09-07 08:23:58 +02:00
Martin Willi
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
Martin Willi
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00