Andreas Steffen
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
Andreas Steffen
6fc5cc003d
Pull dave for OS info
2013-09-02 12:00:46 +02:00
Martin Willi
b656f63efe
testing: support a .gitignored testing.conf.local for site-local configurations
2013-08-29 15:55:23 +02:00
Andreas Steffen
03d673620d
Cleaned configuration files in PT-TLS client scenario
2013-08-22 17:24:20 +02:00
Andreas Steffen
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
Andreas Steffen
f859645b12
Fixes in tnc scenarios
2013-08-19 11:44:51 +02:00
Andreas Steffen
10c7ca2399
Added tnc/tnccs-20-pt-tls scenario
2013-08-19 11:36:23 +02:00
Andreas Steffen
b38d9d5a54
Implemented SWID prototype IMC/IMV pair
2013-08-15 23:34:23 +02:00
Andreas Steffen
4c961168cc
Updated PTS database scheme to new workitems model
2013-07-29 11:41:47 +02:00
Martin Willi
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
Martin Willi
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00
Andreas Steffen
2b1ac51c9c
fixed typo
2013-07-19 20:07:32 +02:00
Andreas Steffen
645e9291f0
updated some TNC scenarios
2013-07-19 19:36:07 +02:00
Tobias Brunner
9e7a45bec2
testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios
...
Certificates are now properly extracted from PKCS#12 files.
2013-07-15 11:27:07 +02:00
Andreas Steffen
0a013e1af5
Override policy recommendation in enforcement
2013-07-11 10:34:00 +02:00
Andreas Steffen
9e0182b922
openssl plugin can replace random, hmac, and gcm plugins
2013-07-10 20:38:07 +02:00
Andreas Steffen
3910fb3715
Added openssl-ikev2/net2net-pkcs12 scenario
2013-07-10 20:25:49 +02:00
Andreas Steffen
49a26e5b57
Added ikev2/net2net-pkcs12 scenario
2013-07-10 20:17:44 +02:00
Andreas Steffen
3b569df215
conntrack -F makes ikev2/nat-rw scenario to work always
2013-07-10 17:50:25 +02:00
Andreas Steffen
ef13480699
Added config-3.10
2013-07-04 23:17:10 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Tobias Brunner
1d728758ed
Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case
2013-07-01 13:48:21 +02:00
Andreas Steffen
2ea32e7964
Enable libipsec and charon-cmd in strongSwan recipe
2013-07-01 12:32:45 +02:00
Andreas Steffen
bb802daacc
Fixed libipsec/rw-suite-b scenario
2013-07-01 12:32:45 +02:00
Andreas Steffen
3405156f97
Added libipsec/rw-suite-b scenario
2013-07-01 11:04:14 +02:00
Andreas Steffen
9ea77350ce
Fixed index.txt for strongSwan EC CA
2013-07-01 11:01:11 +02:00
Andreas Steffen
156e552caf
Added libipsec/net2net-cert scenario
2013-06-29 22:23:45 +02:00
Reto Buerki
1cfefd38a2
Add type=transport to tkm/host2host-* connections
...
Explicitly specify transport mode in connection configuration of the
responding host (sun).
2013-06-29 15:07:10 +02:00
Andreas Steffen
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
Tobias Brunner
50daffb784
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
2013-06-28 17:00:29 +02:00
Andreas Steffen
4f9aabbfd7
implemented policy rules for OS IMV
2013-06-21 23:25:22 +02:00
Tobias Brunner
62516a7465
testing: Increase base image size so there is space for test results on winnetou
2013-06-11 11:01:26 +02:00
Tobias Brunner
053ad34959
testing: Ignore errors when searching for imcv log entries in daemon.log
2013-06-10 18:52:32 +02:00
Tobias Brunner
c6e1eda6d0
testing: Set terminal title when logging in via SSH
...
Since we always log in as root use a simpler command prompt. And don't
store duplicate commands in the bash command history.
2013-05-15 10:35:48 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Tobias Brunner
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
Tobias Brunner
e74bca9e19
testing: Don't run tests when building tkm
...
The problem with XML/Ada described in 9c2aba27
actually occurs when
running the tests here.
Really fixes #336 .
2013-05-07 10:19:37 +02:00
Tobias Brunner
9c2aba2735
testing: Don't run tests when building tkm-rpc
...
There are issues with some versions of the XML/Ada library on i386,
blocking the build of the testing environment when these tests are run.
TKM tests won't work in such a case but at least make-testing does not
block with this patch.
Fixes #336 .
2013-05-06 18:17:58 +02:00
Andreas Steffen
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
Andreas Steffen
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
Andreas Steffen
b97dd59ba8
install FIPS-aware OpenSSL Debian packages
2013-04-19 18:36:38 +02:00
Andreas Steffen
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
Andreas Steffen
70312e6596
build openssl-fips in KVM root-image
2013-04-19 18:34:35 +02:00
Andreas Steffen
ef934caba8
build soup plugin in KVM test environment
2013-04-15 20:23:41 +02:00
Andreas Steffen
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
Andreas Steffen
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
Andreas Steffen
8dade2d146
fixed configure options
2013-04-04 21:09:07 +02:00
Andreas Steffen
2a4915e87a
cleaned up XML code in tnccs-11 plugin
2013-04-04 17:12:07 +02:00
Andreas Steffen
fec7c824b8
fix start of wpa_supplicant
2013-03-31 19:48:07 +02:00
Martin Willi
c59f3dcb68
Use new strongSwan HA kernel patchset keeping iptables ABI
...
Allows us to install stock debian iptables without the need for patching and
compiling our own.
2013-03-26 10:31:29 +01:00
Martin Willi
b5f3c1f785
Define SSHCONF from strongswan testing directory, not TESTDIR
...
This fixes the use of SSHCONF in the ssh wrapper script before ./do-tests
had a chance to create the required symlinks.
2013-03-26 10:31:29 +01:00
Martin Willi
0ba8842348
Lazy unmount guest filesystem after building image, as it still might be busy
2013-03-26 10:31:29 +01:00
Reto Buerki
f7fea72e46
Recipes: Disable Anet unit tests
...
Some Anet unit tests may fail because of the network configuration on
the testing host. These failures do not indicate a problem in Anet but
are a result of unpredictable events.
2013-03-25 16:49:30 +01:00
Andreas Steffen
7e20062fdf
Added hostapd package to base image
2013-03-22 23:53:39 +01:00
Andreas Steffen
8f72ba4aff
Added Framed-IP-Address information to RADIUS accounting records
2013-03-22 23:52:01 +01:00
Andreas Steffen
0b6c43f038
Added ikev2/rw-eap-framed-ip-radius scenario
2013-03-22 19:08:42 +01:00
Andreas Steffen
4a3c1cdc2b
Store debug output from standalone IMC/IMVs
2013-03-22 16:45:24 +01:00
Andreas Steffen
1eada67bcb
Added ikev2/ip-two-pools-v4v6-db scenario
2013-03-22 12:18:43 +01:00
Reto Buerki
3db17b0ccc
Fixed TKM build
2013-03-22 10:35:48 +01:00
Andreas Steffen
2c80ab3def
Build TNC-enabled wpa_supplicant
2013-03-22 10:33:39 +01:00
Reto Buerki
8484f2bc5c
Implement multiple-clients integration test
...
Two transport connections to gateway sun are set up, one from client
carol and the other from client dave. The gateway sun uses the Trusted
Key Manager (TKM) and is the responder for both connections. The
authentication is based on X.509 certificates. In order to test the
connections, both carol and dave ping gateway sun.
2013-03-19 15:23:51 +01:00
Reto Buerki
a520e4a010
Implement net2net-xfrmproxy integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
847d320950
Implement net2net-initiator integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
d8b2064a34
Add xfrm_proxy integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
f10f7fe261
Provide script to build Ada XFRM proxy
2013-03-19 15:23:50 +01:00
Reto Buerki
3150dbd3e3
Add TKM responder integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
117375ed00
Add initial TKM integration test
...
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
2013-03-19 15:23:50 +01:00
Reto Buerki
7b702150a0
Add expect-file guest image script
...
This script can be used in pretest.dat files to wait until a given file
appears.
2013-03-19 15:23:50 +01:00
Reto Buerki
0e1d008d71
Add /usr/local/lib/ipsec to linker cache
2013-03-19 15:23:50 +01:00
Reto Buerki
b491ee4ecd
Provide recipes to build tkm and required libraries
2013-03-19 15:23:50 +01:00
Reto Buerki
3fc766d61e
Add GNAT compiler and Ada libs to base image
2013-03-19 15:23:50 +01:00
Tobias Brunner
7a87381840
testing: Rename interfaces and bridges so they are easier to identify
...
This simplifies capturing traffic with Wireshark on the host as each of
the guest's interfaces is clearly identified.
The three bridges were previously numbered starting from 0, this scheme
is restored here.
2013-03-19 11:50:39 +01:00
Tobias Brunner
9525e9c506
testing: Don't use a specific version for the QEMU machine type
...
The previously used pc-1.1 is not yet available on e.g. Ubuntu 12.04.
With 'pc' the most current supported version of that type is used.
2013-03-19 11:50:39 +01:00
Tobias Brunner
d62f043f01
testing: Add screen package to base image
...
Makes working in a single SSH session easier.
2013-03-05 17:40:13 +01:00
Tobias Brunner
eeb029360a
testing: Enable ssh connection to second IP by name (e.g. moon1)
2013-03-05 17:40:13 +01:00
Tobias Brunner
45ee7c9429
testing: ssh script accepts IP addresses instead of host names
2013-03-05 17:40:13 +01:00
Tobias Brunner
5057455674
testing: ssh script forwards arguments to ssh command
...
This allows to execute commands on a virtual host.
2013-03-05 17:40:12 +01:00
Andreas Steffen
d7eec03815
removed unneeded DS files
2013-03-05 09:08:25 +01:00
Andreas Steffen
7b11a1dcdc
upgraded KVM test suite to Linux 3.8 kernel
2013-03-03 11:59:07 +01:00
Andreas Steffen
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
Andreas Steffen
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
Tobias Brunner
9a70fe8412
testing: Add a script to easily connect to a host via SSH
...
This doesn't require any entries in /etc/hosts and the correct SSH
config is used to allow password-less access.
2013-02-28 18:21:14 +01:00
Reto Buerki
b32e732b2f
Check kvm command existence in start-testing
2013-02-22 19:22:08 +01:00
Andreas Steffen
f0c102cbfa
Added ikev2/rw-dnssec scenario
2013-02-19 12:25:01 +01:00
Andreas Steffen
1d4ff25fb8
Added ikev2/net2net-dnssec scenario
2013-02-19 12:25:01 +01:00
Andreas Steffen
37c589f0e0
Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and root zones
2013-02-19 12:25:01 +01:00
Andreas Steffen
3fbc328d14
Build unbound and ipseckey plugins on KVM image
2013-02-19 12:25:01 +01:00
Andreas Steffen
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
Andreas Steffen
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
Andreas Steffen
d82372fab8
Removed INSTALL from EXTRA_DIST
2013-01-17 23:20:37 +01:00
Tobias Brunner
232af2fab5
Updated documentation for the integration tests
2013-01-17 16:56:02 +01:00
Tobias Brunner
812cd9c18a
Removed UML from description of ikev2/default-keys test
2013-01-17 16:56:02 +01:00
Tobias Brunner
b1169a880a
Updated comments in test.conf of all tests
2013-01-17 16:56:02 +01:00
Tobias Brunner
7699a928f7
Renamed $UMLHOSTS to $VIRTHOSTS
2013-01-17 16:56:02 +01:00
Reto Buerki
88bffacfdc
Drop vim swap file
2013-01-17 16:55:04 +01:00
Reto Buerki
f3db566983
Enforce reception of multicast traffic on virbr[1|2]
...
This is needed to let the ha/both-active test pass.
2013-01-17 16:55:04 +01:00
Reto Buerki
41943e9c1b
Make core dumps work
...
Core dumps are written to the /var/local/dumps directory.
2013-01-17 16:55:04 +01:00
Reto Buerki
e3a3013323
Append seconds to TESTDATE
...
This avoids 'file exists' warnings when running tests multiple times in
one minute.
2013-01-17 16:55:04 +01:00
Reto Buerki
2c4954ad24
Switch to 'mapped' access mode for hostfs
...
Passthrough mode only works as expected when running as root. On
Debian/Ubuntu systems qemu runs as user 'libvirt-qemu' and group 'kvm'
so all shared files must be chowned to grant access from guests.
Symlinks created on the host are still problematic because the Plan 9
filesystem has no direct notion of symbolic links, see [1].
[1] - http://ericvh.github.com/9p-rfc/rfc9p2000.u.html
2013-01-17 16:55:04 +01:00
Reto Buerki
677795c3e7
Make guest ACPI shutdown work
2013-01-17 16:55:03 +01:00