eba2622587
testing: Migrate ikev2-stroke-bye scenarios to vici
2021-06-22 10:23:06 +02:00
706c58b291
testing: Fixed pretest script of ikev1/rw-psk-aggressive scenario
2021-06-21 12:03:36 +02:00
7c5a2974b9
testing: Reorganizing IKEv1 and IKEv2 examples
...
For documentation purposes the new folders ikev1-algs, ikev2-algs,
ikev1-multi-ca and ikev2-multi-ca have been created. Most of the
test cases have now been converted to the vici interface. The
remaining legacy stroke scenarios yet to be converted have been put
into the ikev2-stroke-bye folder.
For documentation purposes some legacy stroke scenarios will be kept
in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
2021-05-21 09:42:50 +02:00
a6f0e19bf5
Fixed some typos, courtesy of codespell
2020-11-04 10:06:46 +01:00
9d8d85f23c
testing: Fix SHA description in ikev*/esp-alg-null scenarios
2019-11-07 11:33:09 +01:00
f05e9eebb0
testing: Added drbg plugin where required
2019-10-18 16:24:39 +02:00
cfeae14b06
testing: Deleting dynamic test keys and certificates
2019-05-08 14:56:48 +02:00
8db01c6a3f
testing: Script building fresh certificates
2019-05-08 14:56:48 +02:00
bc0a01ff2e
testing: Update documentation in headers of all updown scripts
2019-04-29 17:43:04 +02:00
231828f810
testing: Config changes for FreeRADIUS 3.0
...
Also includes some changes for jessie's version of FreeRADIUS 2 (was
previously a custom version).
Besides the move to a subdir the config files were adapted for 3.0.
The rlm_sim_files module was removed with FreeRADIUS 3 and Debian's
package of FreeRADIUS 2 does not ship it, so we now replicate it using
the files module (via users file, which is actually a symlink to
mods-config/files/authorize in the default installation of FreeRADIUS 3).
Another approach was tried using rlm_passwd, however, that module does
not read binary/hex data, only printable strings, which would require
changing the triplets.
For 2.x a hack in the site config is necessary to make the attributes
available to the EAP-SIM module.
2018-11-21 14:32:25 +01:00
a8112cc174
testing: Use freeradius instead of the removed radiusd to start FreeRADIUS
2018-11-21 14:32:25 +01:00
47ec761674
testing: Fix checks after changing fragmentation log messages
2018-07-09 17:15:07 +02:00
ce4aebe00a
testing: Configure logging via syslog in strongswan.conf
...
Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.
2017-11-15 17:24:04 +01:00
99c03e9a11
testing: make curve25519 the default DH group
2016-11-14 16:20:51 +01:00
188b190a70
mgf1: Refactored MGF1 as an XOF
2016-09-21 06:40:52 +02:00
c3e5109c37
testing: Add ikev1/net2net-esn scenario
2016-06-29 11:16:48 +02:00
aacf84d837
testing: Add expect-connection calls for all tests and hosts
...
There are some exceptions (e.g. those that use auto=start or p2pnat).
2016-06-16 14:35:18 +02:00
8f56bbc82b
testing: Update test scenarios for Debian jessie
...
The main difference is that ping now reports icmp_seq instead of
icmp_req, so we match for icmp_.eq, which works with both releases.
tcpdump now also reports port 4500 as ipsec-nat-t.
2016-06-16 14:04:11 +02:00
796c36ade1
testing: Fix scenarios that check /etc/resolv.conf
2016-06-13 16:18:38 +02:00
141ac4df8f
testing: wait until connections are loaded
2016-05-15 19:02:57 +02:00
07b0eac4b1
testing: attr-sql is a charon plugin
2016-03-05 15:53:22 +01:00
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
beb4a07ea8
ikev1: Log successful authentication with signature scheme
...
Output is now identical to that of the IKEv2 pubkey authenticator.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-02-01 15:58:53 +01:00
1a79525559
testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs
2015-12-21 12:14:12 +01:00
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
c4b9b7ef2c
testing: Fixed another timing issue
2015-11-13 14:02:06 +01:00
946bc3a3f5
testing: Fixed some more timing issues
2015-11-10 16:54:38 +01:00
10051b01e9
testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs
2015-11-09 15:18:39 +01:00
f519acd42f
testing: Remove nearly all sleep calls from pretest and posttest scripts
...
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
2015-11-09 15:18:35 +01:00
f36b6d49af
testing: Adapt tests to retransmission settings and reduce DPD delay/timeout
2015-11-09 15:18:34 +01:00
e9ea7e6fb7
testing: Updated environment variable documentation in updown scripts
2015-08-31 11:00:05 +02:00
362e87e3e0
testing: Updated carol's certificate from research CA and dave's certificate from sales CA
2015-04-26 16:52:06 +02:00
2b0f34a2ef
testing: Don't check for exact IKEv1 fragment size
...
Similar to 7a9c0d51
2015-03-10 10:21:16 +01:00
8b2af616ac
testing: Update modified updown scripts to the latest template
...
This avoids confusion and makes identifying the changes needed for each
scenario easier.
2015-03-06 16:51:50 +01:00
050556bf59
testing: Be a little more flexible in testing for established CHILD_SA modes
...
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
2015-02-20 13:34:58 +01:00
9b01a061ec
Increased check size du to INITIAL_CONTACT notify
2014-11-29 14:57:41 +01:00
144b40e07c
testing: Update ikev1/net2net-fragmentation scenario
2014-10-10 09:32:42 +02:00
2c7ad260f9
testing: Update carols certificate in several test cases
2014-10-03 12:44:13 +02:00
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
f0ffb9f9af
Fixed description of ikev1/rw-ntru-psk scenario
2014-02-12 13:21:46 +01:00
83caf0827c
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
2014-02-12 13:16:34 +01:00
fa7815538f
testing: Add an IKEv1 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
ef4560121d
testing: Add an IKEv1 net2net AH test case
2013-10-11 10:15:22 +02:00
97346f2a7e
Added ikev1/config-payload-push scenario
2013-09-07 08:23:58 +02:00
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00
Andreas Steffen