722a8a177e
testing: Make sure the whitelist plugin is ready before configuring it
2014-10-03 12:44:14 +02:00
09f1fb82f9
testing: Update PKCS#12 containers
2014-10-03 12:44:13 +02:00
079c797421
testing: Update PKCS#8 keys
2014-10-03 12:44:13 +02:00
9f5fd7899e
testing: Update public keys in DNSSEC scenarios
...
The tests are successful even if the public keys are not stored locally,
but an additional DNS query is required to fetch them.
2014-10-03 12:44:13 +02:00
2c7ad260f9
testing: Update carols certificate in several test cases
2014-10-03 12:44:13 +02:00
7ab320def3
testing: Add some notes about how to reissue attribute certificates
2014-10-03 12:31:01 +02:00
16469e8474
testing: Reissue attribute certificates for the new holder certificates
...
Due to the expired and reissued holder certificates of carol and dave, new
attribute certificates are required to match the holder certificates serial in
the ikev2/acert-{cached,fallback,inline} tests.
2014-10-03 12:28:11 +02:00
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
e0d59e10f8
testing: Update certs and keys in tkm tests
...
References #705 .
2014-09-17 17:08:35 +02:00
51da5b920b
Generated new test certificates
2014-08-28 21:34:40 +02:00
be41910e19
testing: Add sql/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
73211f9b74
testing: Add pfkey/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
945e1df738
testing: Remove obsolete shunt-policies scenarios
2014-06-26 18:12:00 +02:00
75598e5053
Updated description of TNC scenarios concerning RFC 7171 PT-EAP support
2014-06-26 09:47:03 +02:00
21aebe3781
Removed django.db from swid scenarios
2014-06-26 09:45:54 +02:00
2ef6f57456
testing: Add ikev2/shunt-policies-nat-rw scenario
2014-06-19 14:23:07 +02:00
d93987ce24
testing: Remove ikev2/shunt-policies scenario
...
This scenario doesn't really apply anymore (especially its use of drop
policies).
2014-06-19 14:23:07 +02:00
d345f0b75d
Added swanctl/net2net-route scenario
2014-06-18 14:57:33 +02:00
3f5f0b8940
Added swanctl/net2net-start scenario
2014-06-18 14:35:59 +02:00
4402bae77d
Minor changes in swanctl scenarios
2014-06-18 14:35:36 +02:00
39d6469d76
Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios
2014-06-14 15:40:23 +02:00
3eb22f1f00
Single-line --raw mode simplifies evaltest of swanctl scenarios
2014-06-14 15:40:23 +02:00
12d618e280
Added swanctl/ip-pool-db scenario
2014-06-11 18:12:35 +02:00
cda2a1e4dc
Updated strongTNC configuration
2014-06-11 18:12:34 +02:00
d643f2cf91
Added swanctl/ip-pool scenario
2014-06-10 16:48:16 +02:00
c621847395
Added swanctl/rw-cert scenario
2014-06-10 16:48:15 +02:00
b09016377a
Define default swanctl credentials in hosts directory
2014-06-10 16:19:00 +02:00
2721832a45
First swanctl scenario
2014-06-01 21:12:15 +02:00
2382d45b1c
Test SWID REST API ins tnc/tnccs-20-pdp scenarios
2014-05-31 21:25:46 +02:00
2997077bae
Migration from Debian 7.4 to 7.5
2014-05-31 20:37:57 +02:00
0f000cdd6c
Minor changes in the test environment
2014-05-15 21:30:42 +02:00
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
1dfd11fd92
testing: Added pfkey/compress test case
2014-04-24 17:36:17 +02:00
fa6c5f3506
Handle tag separators
2014-04-15 09:28:38 +02:00
edd2ed860f
Renewed expired user certificate
2014-04-15 09:28:37 +02:00
9b7f9ab5d2
Updated SWID scenarios
2014-04-15 09:21:06 +02:00
3e7044b45e
Implemented segmented SWID tag attributes on IMV side
2014-04-15 09:21:06 +02:00
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
ab8ed95bfc
Fixed pretest script in tnc/tnccs-20-pt-tls scenario
2014-04-04 23:04:54 +02:00
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
96e3142c39
Test TLS AEAD cipher suites
2014-04-01 10:12:15 +02:00
05eb83e986
Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenario
2014-03-31 22:22:58 +02:00
91d71abb16
revocation: Restrict OCSP signing to specific certificates
...
To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:
- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint
The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.
2014-03-31 14:40:33 +02:00
babd848778
testing: Add an acert test that forces a fallback connection based on groups
2014-03-31 11:14:59 +02:00
1a4d3222be
testing: Add an acert test case sending attribute certificates inline
2014-03-31 11:14:59 +02:00
9f676321a9
testing: Add an acert test using locally cached attribute certificates
2014-03-31 11:14:59 +02:00
959ef1a2e4
Added libipsec/net2net-3des scenario
2014-03-28 09:21:51 +01:00
7afd217ff9
Renewed self-signed OCSP signer certificate
2014-03-27 22:52:11 +01:00
c6d173a1f1
Check that valid OCSP responses are received in the ikev2/ocsp-multi-level scenario
2014-03-24 23:57:55 +01:00
bee64a82d7
Updated expired certificates issued by the Research and Sales Intermediate CAs
2014-03-24 23:38:45 +01:00
2d79f6d81e
Renewed revoked Research CA certificate
2014-03-22 15:16:15 +01:00
07e7cb146f
Added openssl-ikev2/net2net-pgp-v3 scenario
2014-03-22 09:55:03 +01:00
22e1aa51f9
Completed integration of ntru_crypto library into ntru plugin
2014-03-22 09:51:00 +01:00
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
a334ac80ae
Added ikev2/lookip scenario
2014-02-17 12:04:21 +01:00
9942e43dc6
testing: Use installed PTS SQL schema and data instead of local copy
2014-02-12 14:08:34 +01:00
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
f0ffb9f9af
Fixed description of ikev1/rw-ntru-psk scenario
2014-02-12 13:21:46 +01:00
83caf0827c
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
2014-02-12 13:16:34 +01:00
571025a609
testing: Add ikev2/host2host-transport-nat scenario
2014-01-23 10:27:13 +01:00
62e050e0ef
testing: Add ipv6/rw-compress-ikev2 scenario
2014-01-23 10:27:13 +01:00
6055e347f8
testing: Add ikev2/compress-nat scenario
2014-01-23 10:27:13 +01:00
1fde30cc23
testing: Enable firewall for ikev2/compress scenario
...
Additionally, send a regular (small) ping as the kernel does not
compress small packets and handles those differently inbound.
2014-01-23 10:27:13 +01:00
8416ebb628
charon-tkm: Update integration tests
2013-12-04 10:41:54 +01:00
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
d5cd6eba2b
Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios
2013-11-27 20:21:40 +01:00
7967876257
Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenarios
2013-10-30 20:46:32 +01:00
9043cb2f9c
Fixed sql/net2net-route-pem scenario evaluation
2013-10-23 22:23:47 +02:00
2efe61e07b
Added two Brainpool IKEv2 scenarios
2013-10-23 21:11:28 +02:00
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
1ca57d497f
Increase debug level in libipsec/rw-suite-b scenario
2013-10-11 21:34:59 +02:00
1486fe786a
Use bold font to display key size
2013-10-11 21:23:10 +02:00
fcf355036f
Added swid_directory option
2013-10-11 20:59:24 +02:00
3bd4536185
Added tnc/tnccs-11-supplicant scenario
2013-10-11 20:18:59 +02:00
d14ba7e7fd
testing: Add libipsec/host2host-cert scenario
2013-10-11 18:04:48 +02:00
ca28e13fe8
testing: Add ikev2/net2net-dnscert scenario
2013-10-11 15:45:42 +02:00
fa7815538f
testing: Add an IKEv1 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
ef4560121d
testing: Add an IKEv1 net2net AH test case
2013-10-11 10:15:22 +02:00
80a82b8d67
testing: Add an IKEv2 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
850bab6d58
testing: Add an IKEv2 net2net AH test case
2013-10-11 10:15:22 +02:00
2c4d772a79
Implemented TCG/PB-PDP_Referral message
2013-09-17 21:57:08 +02:00
97346f2a7e
Added ikev1/config-payload-push scenario
2013-09-07 08:23:58 +02:00
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
6fc5cc003d
Pull dave for OS info
2013-09-02 12:00:46 +02:00
03d673620d
Cleaned configuration files in PT-TLS client scenario
2013-08-22 17:24:20 +02:00
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
f859645b12
Fixes in tnc scenarios
2013-08-19 11:44:51 +02:00
10c7ca2399
Added tnc/tnccs-20-pt-tls scenario
2013-08-19 11:36:23 +02:00
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00
2b1ac51c9c
fixed typo
2013-07-19 20:07:32 +02:00
645e9291f0
updated some TNC scenarios
2013-07-19 19:36:07 +02:00
9e7a45bec2
testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios
...
Certificates are now properly extracted from PKCS#12 files.
2013-07-15 11:27:07 +02:00
0a013e1af5
Override policy recommendation in enforcement
2013-07-11 10:34:00 +02:00
9e0182b922
openssl plugin can replace random, hmac, and gcm plugins
2013-07-10 20:38:07 +02:00
3910fb3715
Added openssl-ikev2/net2net-pkcs12 scenario
2013-07-10 20:25:49 +02:00
49a26e5b57
Added ikev2/net2net-pkcs12 scenario
2013-07-10 20:17:44 +02:00
3b569df215
conntrack -F makes ikev2/nat-rw scenario to work always
2013-07-10 17:50:25 +02:00
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
1d728758ed
Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case
2013-07-01 13:48:21 +02:00
bb802daacc
Fixed libipsec/rw-suite-b scenario
2013-07-01 12:32:45 +02:00
3405156f97
Added libipsec/rw-suite-b scenario
2013-07-01 11:04:14 +02:00
156e552caf
Added libipsec/net2net-cert scenario
2013-06-29 22:23:45 +02:00
1cfefd38a2
Add type=transport to tkm/host2host-* connections
...
Explicitly specify transport mode in connection configuration of the
responding host (sun).
2013-06-29 15:07:10 +02:00
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
50daffb784
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
2013-06-28 17:00:29 +02:00
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
2a4915e87a
cleaned up XML code in tnccs-11 plugin
2013-04-04 17:12:07 +02:00
8f72ba4aff
Added Framed-IP-Address information to RADIUS accounting records
2013-03-22 23:52:01 +01:00
0b6c43f038
Added ikev2/rw-eap-framed-ip-radius scenario
2013-03-22 19:08:42 +01:00
1eada67bcb
Added ikev2/ip-two-pools-v4v6-db scenario
2013-03-22 12:18:43 +01:00
8484f2bc5c
Implement multiple-clients integration test
...
Two transport connections to gateway sun are set up, one from client
carol and the other from client dave. The gateway sun uses the Trusted
Key Manager (TKM) and is the responder for both connections. The
authentication is based on X.509 certificates. In order to test the
connections, both carol and dave ping gateway sun.
2013-03-19 15:23:51 +01:00
a520e4a010
Implement net2net-xfrmproxy integration test
2013-03-19 15:23:50 +01:00
847d320950
Implement net2net-initiator integration test
2013-03-19 15:23:50 +01:00
d8b2064a34
Add xfrm_proxy integration test
2013-03-19 15:23:50 +01:00
3150dbd3e3
Add TKM responder integration test
2013-03-19 15:23:50 +01:00
117375ed00
Add initial TKM integration test
...
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
2013-03-19 15:23:50 +01:00
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
f0c102cbfa
Added ikev2/rw-dnssec scenario
2013-02-19 12:25:01 +01:00
1d4ff25fb8
Added ikev2/net2net-dnssec scenario
2013-02-19 12:25:01 +01:00
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
812cd9c18a
Removed UML from description of ikev2/default-keys test
2013-01-17 16:56:02 +01:00
b1169a880a
Updated comments in test.conf of all tests
2013-01-17 16:56:02 +01:00
7699a928f7
Renamed $UMLHOSTS to $VIRTHOSTS
2013-01-17 16:56:02 +01:00
88bffacfdc
Drop vim swap file
2013-01-17 16:55:04 +01:00
c25f850601
Drop obsolete Gentoo dhcpd init script
2013-01-17 16:55:03 +01:00
530f7b8421
No need to enable ip_forward in pretest files
...
It is enabled by default now.
2013-01-17 16:55:03 +01:00
44e533b88e
converted ha/both-active iptables scenario
2013-01-17 16:55:03 +01:00
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
a0ffe67fab
converted all p2pnat iptables scenarios
2013-01-17 16:55:02 +01:00
472a411aa8
converted all tnc iptables scenarios
2013-01-17 16:55:02 +01:00
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
136f74161b
converted all sql iptables scenarios
2013-01-17 16:55:02 +01:00
6fff9d9ace
converted all pfkey iptables scenarios
2013-01-17 16:55:01 +01:00
8fbb9458d6
converted all openssl-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
44047e7adb
converted all openssl-ikev1 iptables scenarios
2013-01-17 16:55:01 +01:00
61ab7db386
converted all gcrypt-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
1dc14281fc
converted all af-alg iptables scenarios
2013-01-17 16:55:01 +01:00
ac09da8e50
added ikev1/nat-virtual-ip scenario
2013-01-17 16:55:00 +01:00
ca0128588f
converted all ikev1 iptables scenarios
2013-01-17 16:55:00 +01:00
d815235d17
use iptables-restore in all ikev2 firewall scenarios
2013-01-17 16:55:00 +01:00
28b7db2b3c
Updated mark_update script in several IKEv2 scenarios
2013-01-17 16:55:00 +01:00
9b4477d5b8
activated iptables in some ikev2 scenarios
2013-01-17 16:55:00 +01:00
8e75e8dfa7
Fixed NO evaltest in tnc/tnccs-20-pdp scenario
2013-01-17 16:54:59 +01:00
9c36018cc7
Disable IPv4 forwarding on carol in order to pass tnc/tnccs-20-os scenario
2013-01-17 16:54:59 +01:00
602ba2f6d1
Adjust ikev2/farp test to qemu network interfaces
2013-01-17 16:54:58 +01:00
7fa92110e8
Adjust ikev2/dhcp tests to qemu network interfaces
2013-01-17 16:54:57 +01:00
76ccd25a05
Add expect-connection guest image script
...
This script can be used in pretest.dat files to wait until an IPsec
connection becomes available. This avoids unconditional sleeps and
improves test performance.
The ipv6 tests have been updated to use the expect-connection script.
2013-01-17 16:54:55 +01:00
533177003c
Adapt test configurations
...
Adapt test configurations to the new Debian-based system.
2013-01-17 15:22:07 +01:00
ef214f2855
added ike2/rw-eap-md5-class-radius scenario
2012-11-21 06:05:34 +01:00
7c49d77982
updated parameters
2012-11-12 10:45:38 +01:00
a9c9414d58
implemented IETF Numeric Version attribute
2012-10-18 22:33:26 +02:00
ef315c5a1c
implemented IETF Remediation Instructions attribute
2012-10-18 18:24:26 +02:00
154cae09e3
increased IMC/IMV debug level to 3
2012-10-17 10:02:53 +02:00
4abe404d27
added tnc/tnccs-20-os scenario
2012-10-12 09:50:15 +02:00
e97602151a
removed ikev2/dynamic-responder scenario
2012-09-22 17:50:57 +02:00
04bb739578
do not enable integrity and crypto tests in ikev1/rw-cert-unity scenario
2012-09-21 21:26:52 +02:00
0d33f428d1
Move rw-eap-dynamic scenario to its proper location
2012-09-21 09:34:10 +02:00
995a9c8a0a
Add a simple test case for the unity plugin, featuring both includes and excludes
2012-09-18 17:20:47 +02:00
56ea95195a
Add a road-warrior test case requesting both an IPv4 and an IPv6 virtual address
2012-09-18 17:11:03 +02:00
979027ae04
ikev1 hybrid authentication does not need client certificates
2012-09-12 12:42:24 +02:00
e1588893f5
corrected topology in ikev2/rw-radius-accounting scenario
2012-09-12 12:26:39 +02:00
98521f0821
this is the correct evaltest
2012-09-10 15:53:03 +02:00
2dd0883fb7
recovered ikev2/ip-two-pools-mixed evaltest
2012-09-10 15:46:50 +02:00
d401bcfe97
adapted ip-pool evaltests
2012-09-10 15:41:27 +02:00
a785bb8797
make sending of IETF Assessment Result attributes configurable
2012-09-09 23:24:23 +02:00
1e5634c9b3
remove virtual IP for moon's inner interface
2012-06-29 23:20:32 +02:00
4271838f9c
an IKE daemon needs these plugins but a PDP doesn't
2012-06-29 06:24:02 +02:00
1c959e4479
added ikev1/virtual-ip scenario
2012-06-28 14:52:07 +02:00
5a86589d0c
corrected description of ikev1/ip-pool-db scenario
2012-06-28 14:44:10 +02:00
5c0d1bccb0
corrected description of ikev1/ip-pool scenario
2012-06-28 14:42:34 +02:00
788e512d58
added ikev1/ip-pool scenario
2012-06-28 14:37:04 +02:00
f39a2f275e
merged xauth-id-rsa and xauth-rsa-config scenarios
2012-06-28 14:23:47 +02:00
8cad9ed42c
charon automatically removes virtual interfaces
2012-06-28 09:30:24 +02:00
fc16296391
adapted description to IKEv2
2012-06-22 09:53:37 +02:00
bf577b6714
fixed typo
2012-06-20 11:15:09 +02:00
0802b8359e
added ipv6/rw-ip6-in-ip4-ikev1 scenario
2012-06-20 11:13:20 +02:00
36988a0a37
added ipv6/rw-ip6-in-ip4-ikev2 scenario
2012-06-20 11:03:51 +02:00
87f8ff168b
sleep one second more
2012-06-19 06:18:05 +02:00
e4012ae386
use socket-default in scenario
2012-06-19 06:17:37 +02:00
bc60bb8bf4
added ikev1/xauth-id-rsa-hybrid scenario
2012-06-18 22:51:50 +02:00
771a66c6a0
added ikev1/xauth-id-rsa-aggressive scenario
2012-06-18 22:30:26 +02:00
8b8f5c6141
rsasig is not recognized as authentication method
2012-06-18 22:03:36 +02:00
49d18a8e06
enable potentially unsafe aggressive mode
2012-06-18 21:34:48 +02:00
7a892288fb
change ikev1/xauth scenarios to modern notation
2012-06-18 21:22:01 +02:00
daa857029f
removed plutostart parameter
2012-06-13 21:19:05 +02:00
4745fce666
deleted IKEv1 charon-pluto interoperability scenarios
2012-06-12 10:00:21 +02:00
47f8ae7cfd
added ikev1/dynamic scenarios using allow-any
2012-06-08 22:54:12 +02:00
7cc65a0376
removed whitespace
2012-06-08 22:34:49 +02:00
d9e1b4c033
added ikev2/dynamic-two-peers scenario
2012-06-08 21:52:20 +02:00
68f3e2462a
added ikev2/dynamic-responder scenario
2012-06-08 21:24:42 +02:00
420e77c2d0
added ikev2/dynamic-initiator scenario
2012-06-08 21:24:41 +02:00
6f948c5c8d
added nonce plugin to gcrypt scenarios
2012-05-30 07:21:03 +02:00
08951eb7a8
upgraded ipv6 scenarios to 5.0.0
2012-05-29 23:40:01 +02:00
da7a46b73b
upgraded ike scenarios to 5.0.0
2012-05-25 16:58:17 +02:00
d2933125d5
added IKEv1 IPCOMP pluto-charon interoperability scenarios
2012-05-25 12:52:21 +02:00
b253008544
upgraded ikev1/compress to 5.0.0
2012-05-24 17:36:27 +02:00
fa50a89c95
added ikev1/xauth-rsa-eap-md5-radius scenario
2012-05-24 09:26:00 +02:00
31c83b973e
load nonce plugin
2012-05-23 15:05:57 +02:00
ad59f3a91a
added ikev1 pluto-charon interoperability scenarios
2012-05-23 14:47:41 +02:00
148b643880
upgraded ikev1 scenarios to 5.0.0
2012-05-23 14:45:15 +02:00
5cc6dc8b39
check for ESP in UDP encapsulation
2012-05-12 12:15:58 +02:00
a56fdff194
upgraded ikev2 scenarios to 5.0.0
2012-05-11 11:00:32 +02:00
0e1c6fa2a9
suppress leak detective output
2012-05-11 05:48:11 +02:00
86aab92248
upgraded ha scenario for 5.0.0
2012-05-06 15:03:26 +02:00
922e0d0975
added gcrypt-ikev1 pluto interoperability tests
2012-05-06 09:51:19 +02:00
949d08dfca
upgraded gcrypt-ikev1 scenarios to 5.0.0
2012-05-06 09:25:31 +02:00
04d7b1725d
upgraded gcrypt-ikev2 scenarios to 5.0.0
2012-05-06 09:23:09 +02:00
8f834c16ae
upgraded pfkey scenarios to 5.0.0
2012-05-05 11:55:48 +02:00
6624b8be24
removed leftover ipsec.conf parameters
2012-05-05 09:20:42 +02:00
84b291e668
upgraded sql scenarios to 5.0.0
2012-05-05 09:16:15 +02:00
8a5a33b52e
upgrade p2pnat scenarios to 5.0.0
2012-05-04 14:56:09 +02:00
e5502cd2b5
updated af-alg scenarios to 5.0.0
2012-05-04 12:15:30 +02:00
680609b972
added openssl-ikev1 pluto interoperability tests
2012-05-04 12:12:39 +02:00
1e9b62ad50
deleted unneeded openssl-ikev1 files
2012-05-04 12:11:57 +02:00
90e941fb97
upgraded openssl-ikev1 scenarios to 5.0.0
2012-05-04 12:06:45 +02:00
3805e569f6
upgraded openssl-ikev2 scenarios to 5.0.0
2012-05-04 12:03:05 +02:00
22bec9d4ae
upgraded tnc scenarios to 5.0.0
2012-05-04 11:57:31 +02:00
fe23d9aaa4
ikev2/net2net-pubkey scenario does not need dnskey plugin
2012-04-30 07:02:08 +02:00
86b79a5f6d
added ikev2/net2net-pubkey scenario
2012-04-30 00:33:18 +02:00
7ea31a17ea
added ikev2/net2net-rsa scenario
2012-04-30 00:32:58 +02:00
2338b9f019
added ikev2/rw-eap-md5-id-prompt scenario
2012-04-29 19:10:25 +02:00
5ff8fe5d48
activated cmac plugin in UML test suites
2012-04-22 22:22:25 +02:00
3cea55b0c8
corrected description
2012-03-17 23:22:25 +01:00
9da795392e
added ikev2/esp-alg-sha1-160 scenario
2012-03-17 23:20:03 +01:00
d9b539dc33
added ikev2/esp-alg-md5-128 scenario
2012-03-17 22:56:37 +01:00
ebf292bad0
refreshed carolCert-ocsp.pem
2012-03-15 07:58:35 +01:00
ea2f340e27
added tnc/tnccs-20-pdp scenario
2012-03-14 08:47:12 +01:00
9b8053a63a
edited description of tnc/tnccs-11-radius scenario
2012-03-14 08:46:52 +01:00
2af22e1135
adapted debug output check in openssl-ikev2/rw-eap-tls-only scenario
2012-02-07 20:31:17 +01:00
269e487567
open RADIUS accounting port in firewall
2012-02-06 20:45:21 +01:00
9755910d7f
added ikev2/rw-radius-accounting scenario
2012-02-06 12:52:48 +01:00
48bf8ce9bd
added openssl-ikev2/ecdsa-pkcs8 scenario
2012-02-03 11:44:04 +01:00
6b4e0dd504
added ikev2/rw-pkcs8 scenario
2012-02-03 11:10:13 +01:00
a24f2241bc
made ikev2/reauth-late scenario more robust
2011-12-21 06:00:13 +01:00
63179fd459
upgraded Test IMC/IMV pair to fully support multple IMC IDs
2011-12-11 22:01:49 +01:00
566311862f
moved random plugin in front of openssl in order to prefer gmp
2011-11-05 07:24:17 +01:00
0986fe362f
added integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios
2011-11-04 11:27:19 +01:00
a12bb386f7
enable integrity test in tnc/tnccs-dynamic scenario
2011-11-02 09:30:18 +01:00
6ae024392b
removed xcbc plugin from sql scenarios
2011-11-01 00:16:35 +01:00
5153af66e0
added tnc-tnccs plugin and removed xcbc plugin
2011-10-25 15:20:03 +02:00
448fc5091f
updated strong certificates
2011-10-17 18:04:12 +02:00
f63f7822ed
Run scenarios without xcbc plugin
2011-10-17 14:08:50 +02:00
91adba2051
Run scenarios without xcbc plugin
2011-10-16 17:18:32 +02:00
8b0e38e69e
run scenarios without xcbc plugin
2011-10-14 17:41:08 +02:00
fc67132697
due to a bug fix reverted to the previous RULE_CRL_VALIDATION check
2011-09-09 09:25:54 +02:00
7ec35f561c
show correct network topology in shunt-policies scenarios
2011-07-26 07:55:20 +02:00
92032fd4d6
Fixed sleep command in two test cases.
2011-07-21 16:34:37 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
456c668d92
added ikev2/net2net-esn scenario
2011-07-16 14:12:23 +02:00
0cb5d713ab
alice is now master in the ha/both-active scenario
2011-07-14 17:31:47 +02:00
9de0f9d487
short form changed
2011-07-14 16:49:41 +02:00
52ba840d5c
adapted tnc scenarios to new imcvs library path
2011-07-06 21:55:17 +02:00
1f3b5c7778
corrected description of shunt-policies scenario
2011-07-05 22:07:42 +02:00
d6e40a3b91
start and stop apache server on dave
2011-07-04 22:40:46 +02:00
0b0f36cc1a
added ITA Scanner IMC/IMV pair to tnccs-11-radius-block scenario
2011-07-04 22:32:34 +02:00
31479712b5
added ITA Scanner IMC/IMV pair to tnccs-20 and tnccs-20-block scenarios
2011-07-04 21:44:22 +02:00
c755c365d7
fixed sql/shunt-policies scenario
2011-06-29 08:23:58 +02:00
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00
535f5d8a10
added tnc/tnccs-20-server-retry scenario
2011-06-23 19:59:27 +02:00
6b57728cce
renamed tncss-20-retry scenario to tnccs-20-client-retry
2011-06-23 19:59:00 +02:00
9368185260
restablish the lost links to the TNC@FHH project
2011-06-15 14:16:58 +02:00
f9b5d9ae9c
fixed some descriptions
2011-06-15 14:07:16 +02:00
da73199fe5
added the tnc/tnccs-20-retry scenario
2011-06-15 14:06:48 +02:00
8b3d522620
link to the TNC@FHH project
2011-06-03 08:36:57 +02:00
b24ffda989
fixed sleep command in ikev1/esp-ah-tunnel scenario
2011-06-03 07:05:43 +02:00
7bd580bf08
active and passive IKEv2 hosts changed again
2011-06-03 01:47:25 +02:00
2e60060095
moved TNC scenarios to tnc folder
2011-06-03 00:47:20 +02:00
51679e67c9
ikev2/rw-eap-tnc-11-radius scenario now uses a PA-TNC IMC/IMV pair
2011-06-02 12:36:27 +02:00
0410c3c363
disable leak_detective in ikev2/rw-eap-tnc-11-radius scenario
2011-06-01 22:17:32 +02:00
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
4cefb9bd10
removed unused files
2011-05-31 15:46:51 +02:00
a5cfcc5f50
re-established a deleted colon character
2011-05-30 22:48:53 +02:00
ea9f1002cd
cleaned up the rw-eap-tnc-20 and rw-eap-tnc-20-fhh scenarios
2011-05-30 21:46:45 +02:00
83348c80e4
added the ikev2/rw-eap-tnc-20 scenario based on the RFC 5792 PA-TNC protocol
2011-05-30 21:31:50 +02:00
61420db66c
renamed ikev2/rw-eap-tnc-20 scenario to rw-eap-tnc-20-fhh
2011-05-30 21:28:07 +02:00
636a7d2bc3
whitelisting can already be enabled in strongswan.conf
2011-05-14 17:11:15 +02:00
8afbc768f3
added ikev2/rw-whitelist scenario
2011-05-12 21:11:01 +02:00
1ef7a2ef94
with the 2.6.38 kernel alice is preferred for handling the IKE connections
2011-04-08 07:50:20 +02:00
7346114e9c
added ikev2/rw-eap-peap-mschapv2 scenario
2011-04-06 19:44:58 +02:00
35e2a87e1e
added ikev2/rw-eap-peap-md5 scenario
2011-04-06 19:44:30 +02:00
119b0a45a1
added ikev2/rw-eap-peap-radius scenario
2011-04-06 19:42:52 +02:00
bf2233b32d
updated ikev2/rw-eap-tnc scenarios
2011-04-01 19:44:25 +02:00
3f5647819b
redirect debug output of imc/imv pairs to syslog
2011-03-19 23:23:52 +01:00
b03dd40fe6
some changes to the ikev2/rw-eap-tnc-11|20 scenarios
2011-03-19 16:48:06 +01:00
357894c692
af-alg plugin does not require hmac and xcbc plugins
2011-03-18 09:55:26 +01:00
ae04b73eb4
added af-alg-ikev1/alg-camellia scenario
2011-03-18 07:39:21 +01:00
ec160f132c
added af-alg-ikev2/alg-camellia scenario
2011-03-18 07:34:48 +01:00
efe7e863e7
added the af-alg-ikev1/rw-cert scenario
2011-03-17 23:16:41 +01:00
d6946481ae
added the af-alg-ikev2/rw-cert scenario
2011-03-17 22:55:26 +01:00
76c8b190f8
removed ipsec up %startall from scenario descriptions
2011-02-10 10:03:59 +01:00
f04d1c2dfe
replaced ipsec up %startall command by start_action job
2011-02-09 22:27:04 +01:00
2ecafc7316
added openssl-ikev2/critical-extension scenario
2011-02-08 22:58:31 +01:00
2ee4cb6430
added ikev2/critical-extension scenario
2011-02-08 07:05:23 +01:00
84545f6e7c
Some typos fixed.
2011-02-07 11:39:41 +01:00
3891b75628
disable INITIAL_CONTACT message by setting unigueids=no
2011-02-02 15:58:40 +01:00
f808aa2c44
load constraints plugin in ikev2/multi-level-ca-pathlen scenario
2011-01-31 14:46:16 +01:00
ec9f8440f3
adapted some UML timings
2011-01-31 09:38:22 +01:00
3ba7616d8f
added ikev2/rw-eap-tnc-dynamic scenario
2011-01-31 07:30:41 +01:00
e27554144a
increase sleep time in mediation scenarios
2010-12-12 21:54:44 +01:00
458e7779a8
reorganized ikev2/rw-eap-tnc scenarios
2010-12-12 12:51:14 +01:00
146e9123a2
added the ikev2/rw-eap-tnc-20 scenario
2010-12-12 10:47:16 +01:00
2965eb3cc7
added sql/multi-level-ca scenario
2010-12-05 21:53:43 +01:00
f143f0f743
use a composite test proposal
2010-12-01 10:05:28 +01:00
cbdcca7fd7
renamed algorithm to proposal
2010-11-30 17:38:49 +01:00
f4e5acef3a
store IKE and ESP proposals in SQL database
2010-11-30 17:03:21 +01:00
b62bde3b95
configured various DPD modes in sql scenarios
2010-11-28 17:41:27 +01:00
11c904b373
added sql/net2net-route-pem scenario
2010-11-28 12:00:44 +01:00
d6a13b895f
added sql/net2net-start-pem scenario
2010-11-28 12:00:19 +01:00
d16ecc1753
fixed iptables script of gateway alice
2010-11-20 21:01:54 +01:00
aafe3b090e
removed copy of strongswancCert.pem
2010-11-20 20:34:21 +01:00
4a8ebe0b35
added ha/both-active scenario
2010-11-20 20:16:26 +01:00
8d01a80819
do not send certificate requests in EAP-ONLY scenarios
2010-10-14 21:10:03 +02:00
ea7c8b3880
added ikev2/rw-eap-tnc-ls scenario
2010-10-14 21:00:41 +02:00
cf76984c28
Define explicit IKEv1 keyexchange mode V
2010-10-14 16:13:52 +02:00
6587f1a04d
increase eap-tls max_message_count in fragments scenario
2010-10-14 16:09:44 +02:00
972663ccb0
Define explicit IKEv1 keyexchange mode IV.
2010-10-14 13:55:04 +02:00
897a9baaba
define explicit IKEv1 keyexchange mode III
2010-10-14 07:34:13 +02:00
a885f0737c
fixed ikev2/rw-eap-ttls-radius scenario
2010-10-14 07:26:10 +02:00
d8a379e1e4
fixed ikev2/rw-eap-tnc-radius-block scenario
2010-10-14 07:22:39 +02:00
adf5ebaa28
fixed ikev2/rw-eap-tnc scenario
2010-10-14 07:08:33 +02:00
c763ec09db
fixed ikev2/rw-eap-sim-radius scenario
2010-10-14 07:01:06 +02:00
15a7b95f86
fixed ikev2/rw-eap-sim-only-radius scenario
2010-10-14 06:55:06 +02:00
907ca3d4df
fixed ikev2/mult-auth-rsa-eap-sim-id
2010-10-14 06:41:26 +02:00
e6f685b0fa
scenarios without RADIUS server can use default iptables script
2010-10-11 17:04:53 +02:00
e5f5f612bd
fixed some evaltest.dat files
2010-10-11 16:58:12 +02:00
7d8cb1f952
added ikev2/rw-eap-tnc-block scenario
2010-10-11 16:58:12 +02:00
8efd583a64
explicit ikev1 key exchange for ikev1/esp-alg-null scenario
2010-10-09 22:07:51 +02:00
1e6c92789e
fixed typo
2010-10-09 22:05:26 +02:00
74e14ed631
define explicit IKEv1 key exchange mode II
2010-10-09 20:04:00 +02:00
ed08f7ce83
use DBG_TNC for TNC debugging output
2010-10-09 16:01:19 +02:00
db24b600fb
changed filter attribute from access to allow
2010-10-09 01:01:19 +02:00
a1afa8d810
added ikev2/rw-eap-tnc scenario
2010-10-09 00:59:31 +02:00
8dcc56dcc0
created tnc-imc and tnc-imv plugins
2010-10-07 23:31:23 +02:00
84babfb895
define explicit IKEv1 key exchange mode
2010-10-07 07:31:44 +02:00
9b201cf859
host venus is used in ikev2/rw-eap-tnc-radius scenario
2010-10-06 10:38:18 +02:00
541666b89f
added ikev2/rw-eap-tnc-radius-block scenario
2010-10-06 10:32:50 +02:00
48e16e0ae1
final version of ikev2/rw-eap-tnc-radius scenario
2010-10-05 20:38:34 +02:00
Tobias Brunner