Tobias Brunner
722a8a177e
testing: Make sure the whitelist plugin is ready before configuring it
2014-10-03 12:44:14 +02:00
Tobias Brunner
09f1fb82f9
testing: Update PKCS#12 containers
2014-10-03 12:44:13 +02:00
Tobias Brunner
079c797421
testing: Update PKCS#8 keys
2014-10-03 12:44:13 +02:00
Tobias Brunner
9f5fd7899e
testing: Update public keys in DNSSEC scenarios
...
The tests are successful even if the public keys are not stored locally,
but an additional DNS query is required to fetch them.
2014-10-03 12:44:13 +02:00
Tobias Brunner
2c7ad260f9
testing: Update carols certificate in several test cases
2014-10-03 12:44:13 +02:00
Martin Willi
7ab320def3
testing: Add some notes about how to reissue attribute certificates
2014-10-03 12:31:01 +02:00
Martin Willi
16469e8474
testing: Reissue attribute certificates for the new holder certificates
...
Due to the expired and reissued holder certificates of carol and dave, new
attribute certificates are required to match the holder certificates serial in
the ikev2/acert-{cached,fallback,inline} tests.
2014-10-03 12:28:11 +02:00
Martin Willi
44b6a34d43
configure: Load fetcher plugins after crypto base plugins
...
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
2014-09-24 17:34:54 +02:00
Reto Buerki
e0d59e10f8
testing: Update certs and keys in tkm tests
...
References #705 .
2014-09-17 17:08:35 +02:00
Andreas Steffen
51da5b920b
Generated new test certificates
2014-08-28 21:34:40 +02:00
Tobias Brunner
be41910e19
testing: Add sql/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
Tobias Brunner
73211f9b74
testing: Add pfkey/shunt-policies-nat-rw scenario
2014-06-26 18:13:26 +02:00
Tobias Brunner
945e1df738
testing: Remove obsolete shunt-policies scenarios
2014-06-26 18:12:00 +02:00
Andreas Steffen
75598e5053
Updated description of TNC scenarios concerning RFC 7171 PT-EAP support
2014-06-26 09:47:03 +02:00
Andreas Steffen
21aebe3781
Removed django.db from swid scenarios
2014-06-26 09:45:54 +02:00
Tobias Brunner
2ef6f57456
testing: Add ikev2/shunt-policies-nat-rw scenario
2014-06-19 14:23:07 +02:00
Tobias Brunner
d93987ce24
testing: Remove ikev2/shunt-policies scenario
...
This scenario doesn't really apply anymore (especially its use of drop
policies).
2014-06-19 14:23:07 +02:00
Andreas Steffen
d345f0b75d
Added swanctl/net2net-route scenario
2014-06-18 14:57:33 +02:00
Andreas Steffen
3f5f0b8940
Added swanctl/net2net-start scenario
2014-06-18 14:35:59 +02:00
Andreas Steffen
4402bae77d
Minor changes in swanctl scenarios
2014-06-18 14:35:36 +02:00
Andreas Steffen
39d6469d76
Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios
2014-06-14 15:40:23 +02:00
Andreas Steffen
3eb22f1f00
Single-line --raw mode simplifies evaltest of swanctl scenarios
2014-06-14 15:40:23 +02:00
Andreas Steffen
12d618e280
Added swanctl/ip-pool-db scenario
2014-06-11 18:12:35 +02:00
Andreas Steffen
cda2a1e4dc
Updated strongTNC configuration
2014-06-11 18:12:34 +02:00
Andreas Steffen
d643f2cf91
Added swanctl/ip-pool scenario
2014-06-10 16:48:16 +02:00
Andreas Steffen
c621847395
Added swanctl/rw-cert scenario
2014-06-10 16:48:15 +02:00
Andreas Steffen
b09016377a
Define default swanctl credentials in hosts directory
2014-06-10 16:19:00 +02:00
Andreas Steffen
2721832a45
First swanctl scenario
2014-06-01 21:12:15 +02:00
Andreas Steffen
2382d45b1c
Test SWID REST API ins tnc/tnccs-20-pdp scenarios
2014-05-31 21:25:46 +02:00
Andreas Steffen
2997077bae
Migration from Debian 7.4 to 7.5
2014-05-31 20:37:57 +02:00
Andreas Steffen
0f000cdd6c
Minor changes in the test environment
2014-05-15 21:30:42 +02:00
Andreas Steffen
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
Tobias Brunner
1dfd11fd92
testing: Added pfkey/compress test case
2014-04-24 17:36:17 +02:00
Andreas Steffen
fa6c5f3506
Handle tag separators
2014-04-15 09:28:38 +02:00
Andreas Steffen
edd2ed860f
Renewed expired user certificate
2014-04-15 09:28:37 +02:00
Andreas Steffen
9b7f9ab5d2
Updated SWID scenarios
2014-04-15 09:21:06 +02:00
Andreas Steffen
3e7044b45e
Implemented segmented SWID tag attributes on IMV side
2014-04-15 09:21:06 +02:00
Andreas Steffen
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
Andreas Steffen
48f37c448c
Make Attestation IMV independent of OS IMV
2014-04-15 09:21:05 +02:00
Andreas Steffen
ab8ed95bfc
Fixed pretest script in tnc/tnccs-20-pt-tls scenario
2014-04-04 23:04:54 +02:00
Tobias Brunner
7a61bf9032
testing: Run 'conntrack -F' before all test scenarios
...
This prevents failures due to remaining conntrack entries.
2014-04-02 11:55:05 +02:00
Andreas Steffen
96e3142c39
Test TLS AEAD cipher suites
2014-04-01 10:12:15 +02:00
Andreas Steffen
05eb83e986
Slightly edited evaltest of ikev2/ocsp-untrusted-cert scenario
2014-03-31 22:22:58 +02:00
Martin Willi
91d71abb16
revocation: Restrict OCSP signing to specific certificates
...
To avoid considering each cached OCSP response and evaluating its trustchain,
we limit the certificates considered for OCSP signing to:
- The issuing CA of the checked certificate
- A directly delegated signer by the same CA, having the OCSP signer constraint
- Any locally installed (trusted) certificate having the OCSP signer constraint
The first two options cover the requirements from RFC 6960 2.6. For
compatibility with non-conforming CAs, we allow the third option as exception,
but require the installation of such certificates locally.
2014-03-31 14:40:33 +02:00
Martin Willi
babd848778
testing: Add an acert test that forces a fallback connection based on groups
2014-03-31 11:14:59 +02:00
Martin Willi
1a4d3222be
testing: Add an acert test case sending attribute certificates inline
2014-03-31 11:14:59 +02:00
Martin Willi
9f676321a9
testing: Add an acert test using locally cached attribute certificates
2014-03-31 11:14:59 +02:00
Andreas Steffen
959ef1a2e4
Added libipsec/net2net-3des scenario
2014-03-28 09:21:51 +01:00
Andreas Steffen
7afd217ff9
Renewed self-signed OCSP signer certificate
2014-03-27 22:52:11 +01:00
Andreas Steffen
c6d173a1f1
Check that valid OCSP responses are received in the ikev2/ocsp-multi-level scenario
2014-03-24 23:57:55 +01:00
Andreas Steffen
bee64a82d7
Updated expired certificates issued by the Research and Sales Intermediate CAs
2014-03-24 23:38:45 +01:00
Andreas Steffen
2d79f6d81e
Renewed revoked Research CA certificate
2014-03-22 15:16:15 +01:00
Andreas Steffen
07e7cb146f
Added openssl-ikev2/net2net-pgp-v3 scenario
2014-03-22 09:55:03 +01:00
Andreas Steffen
22e1aa51f9
Completed integration of ntru_crypto library into ntru plugin
2014-03-22 09:51:00 +01:00
Andreas Steffen
c683b389ba
Merged libstrongswan options into charon section
2014-03-15 14:07:34 +01:00
Andreas Steffen
f2a3a01134
strongswan.conf is not needed on RADIUS server alice
2014-03-15 14:07:33 +01:00
Andreas Steffen
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
Andreas Steffen
a334ac80ae
Added ikev2/lookip scenario
2014-02-17 12:04:21 +01:00
Tobias Brunner
9942e43dc6
testing: Use installed PTS SQL schema and data instead of local copy
2014-02-12 14:08:34 +01:00
Tobias Brunner
96e8715e32
testing: Use installed SQL schema instead of local copy
2014-02-12 14:08:34 +01:00
Andreas Steffen
f0ffb9f9af
Fixed description of ikev1/rw-ntru-psk scenario
2014-02-12 13:21:46 +01:00
Andreas Steffen
83caf0827c
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
2014-02-12 13:16:34 +01:00
Tobias Brunner
571025a609
testing: Add ikev2/host2host-transport-nat scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
62e050e0ef
testing: Add ipv6/rw-compress-ikev2 scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
6055e347f8
testing: Add ikev2/compress-nat scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
1fde30cc23
testing: Enable firewall for ikev2/compress scenario
...
Additionally, send a regular (small) ping as the kernel does not
compress small packets and handles those differently inbound.
2014-01-23 10:27:13 +01:00
Reto Buerki
8416ebb628
charon-tkm: Update integration tests
2013-12-04 10:41:54 +01:00
Andreas Steffen
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
Andreas Steffen
d5cd6eba2b
Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios
2013-11-27 20:21:40 +01:00
Andreas Steffen
7967876257
Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenarios
2013-10-30 20:46:32 +01:00
Andreas Steffen
9043cb2f9c
Fixed sql/net2net-route-pem scenario evaluation
2013-10-23 22:23:47 +02:00
Andreas Steffen
2efe61e07b
Added two Brainpool IKEv2 scenarios
2013-10-23 21:11:28 +02:00
Andreas Steffen
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
Andreas Steffen
1ca57d497f
Increase debug level in libipsec/rw-suite-b scenario
2013-10-11 21:34:59 +02:00
Andreas Steffen
1486fe786a
Use bold font to display key size
2013-10-11 21:23:10 +02:00
Andreas Steffen
fcf355036f
Added swid_directory option
2013-10-11 20:59:24 +02:00
Andreas Steffen
3bd4536185
Added tnc/tnccs-11-supplicant scenario
2013-10-11 20:18:59 +02:00
Tobias Brunner
d14ba7e7fd
testing: Add libipsec/host2host-cert scenario
2013-10-11 18:04:48 +02:00
Tobias Brunner
ca28e13fe8
testing: Add ikev2/net2net-dnscert scenario
2013-10-11 15:45:42 +02:00
Martin Willi
fa7815538f
testing: Add an IKEv1 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
Martin Willi
ef4560121d
testing: Add an IKEv1 net2net AH test case
2013-10-11 10:15:22 +02:00
Martin Willi
80a82b8d67
testing: Add an IKEv2 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
Martin Willi
850bab6d58
testing: Add an IKEv2 net2net AH test case
2013-10-11 10:15:22 +02:00
Andreas Steffen
2c4d772a79
Implemented TCG/PB-PDP_Referral message
2013-09-17 21:57:08 +02:00
Andreas Steffen
97346f2a7e
Added ikev1/config-payload-push scenario
2013-09-07 08:23:58 +02:00
Andreas Steffen
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
Andreas Steffen
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
Andreas Steffen
6fc5cc003d
Pull dave for OS info
2013-09-02 12:00:46 +02:00
Andreas Steffen
03d673620d
Cleaned configuration files in PT-TLS client scenario
2013-08-22 17:24:20 +02:00
Andreas Steffen
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
Andreas Steffen
f859645b12
Fixes in tnc scenarios
2013-08-19 11:44:51 +02:00
Andreas Steffen
10c7ca2399
Added tnc/tnccs-20-pt-tls scenario
2013-08-19 11:36:23 +02:00
Martin Willi
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
Martin Willi
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00
Andreas Steffen
2b1ac51c9c
fixed typo
2013-07-19 20:07:32 +02:00
Andreas Steffen
645e9291f0
updated some TNC scenarios
2013-07-19 19:36:07 +02:00
Tobias Brunner
9e7a45bec2
testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios
...
Certificates are now properly extracted from PKCS#12 files.
2013-07-15 11:27:07 +02:00
Andreas Steffen
0a013e1af5
Override policy recommendation in enforcement
2013-07-11 10:34:00 +02:00
Andreas Steffen
9e0182b922
openssl plugin can replace random, hmac, and gcm plugins
2013-07-10 20:38:07 +02:00
Andreas Steffen
3910fb3715
Added openssl-ikev2/net2net-pkcs12 scenario
2013-07-10 20:25:49 +02:00
Andreas Steffen
49a26e5b57
Added ikev2/net2net-pkcs12 scenario
2013-07-10 20:17:44 +02:00
Andreas Steffen
3b569df215
conntrack -F makes ikev2/nat-rw scenario to work always
2013-07-10 17:50:25 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Tobias Brunner
1d728758ed
Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case
2013-07-01 13:48:21 +02:00
Andreas Steffen
bb802daacc
Fixed libipsec/rw-suite-b scenario
2013-07-01 12:32:45 +02:00
Andreas Steffen
3405156f97
Added libipsec/rw-suite-b scenario
2013-07-01 11:04:14 +02:00
Andreas Steffen
156e552caf
Added libipsec/net2net-cert scenario
2013-06-29 22:23:45 +02:00
Reto Buerki
1cfefd38a2
Add type=transport to tkm/host2host-* connections
...
Explicitly specify transport mode in connection configuration of the
responding host (sun).
2013-06-29 15:07:10 +02:00
Andreas Steffen
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
Tobias Brunner
50daffb784
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
2013-06-28 17:00:29 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Tobias Brunner
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
Andreas Steffen
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
Andreas Steffen
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
Andreas Steffen
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
Andreas Steffen
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
Andreas Steffen
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
Andreas Steffen
2a4915e87a
cleaned up XML code in tnccs-11 plugin
2013-04-04 17:12:07 +02:00
Andreas Steffen
8f72ba4aff
Added Framed-IP-Address information to RADIUS accounting records
2013-03-22 23:52:01 +01:00
Andreas Steffen
0b6c43f038
Added ikev2/rw-eap-framed-ip-radius scenario
2013-03-22 19:08:42 +01:00
Andreas Steffen
1eada67bcb
Added ikev2/ip-two-pools-v4v6-db scenario
2013-03-22 12:18:43 +01:00
Reto Buerki
8484f2bc5c
Implement multiple-clients integration test
...
Two transport connections to gateway sun are set up, one from client
carol and the other from client dave. The gateway sun uses the Trusted
Key Manager (TKM) and is the responder for both connections. The
authentication is based on X.509 certificates. In order to test the
connections, both carol and dave ping gateway sun.
2013-03-19 15:23:51 +01:00
Reto Buerki
a520e4a010
Implement net2net-xfrmproxy integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
847d320950
Implement net2net-initiator integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
d8b2064a34
Add xfrm_proxy integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
3150dbd3e3
Add TKM responder integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
117375ed00
Add initial TKM integration test
...
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
2013-03-19 15:23:50 +01:00
Andreas Steffen
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
Andreas Steffen
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
Andreas Steffen
f0c102cbfa
Added ikev2/rw-dnssec scenario
2013-02-19 12:25:01 +01:00
Andreas Steffen
1d4ff25fb8
Added ikev2/net2net-dnssec scenario
2013-02-19 12:25:01 +01:00
Andreas Steffen
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
Andreas Steffen
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
Tobias Brunner
812cd9c18a
Removed UML from description of ikev2/default-keys test
2013-01-17 16:56:02 +01:00
Tobias Brunner
b1169a880a
Updated comments in test.conf of all tests
2013-01-17 16:56:02 +01:00
Tobias Brunner
7699a928f7
Renamed $UMLHOSTS to $VIRTHOSTS
2013-01-17 16:56:02 +01:00
Reto Buerki
88bffacfdc
Drop vim swap file
2013-01-17 16:55:04 +01:00
Reto Buerki
c25f850601
Drop obsolete Gentoo dhcpd init script
2013-01-17 16:55:03 +01:00
Reto Buerki
530f7b8421
No need to enable ip_forward in pretest files
...
It is enabled by default now.
2013-01-17 16:55:03 +01:00
Andreas Steffen
44e533b88e
converted ha/both-active iptables scenario
2013-01-17 16:55:03 +01:00
Andreas Steffen
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
Andreas Steffen
a0ffe67fab
converted all p2pnat iptables scenarios
2013-01-17 16:55:02 +01:00
Andreas Steffen
472a411aa8
converted all tnc iptables scenarios
2013-01-17 16:55:02 +01:00
Andreas Steffen
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
Andreas Steffen
136f74161b
converted all sql iptables scenarios
2013-01-17 16:55:02 +01:00
Andreas Steffen
6fff9d9ace
converted all pfkey iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
8fbb9458d6
converted all openssl-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
44047e7adb
converted all openssl-ikev1 iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
61ab7db386
converted all gcrypt-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
1dc14281fc
converted all af-alg iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
ac09da8e50
added ikev1/nat-virtual-ip scenario
2013-01-17 16:55:00 +01:00
Andreas Steffen
ca0128588f
converted all ikev1 iptables scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
d815235d17
use iptables-restore in all ikev2 firewall scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
28b7db2b3c
Updated mark_update script in several IKEv2 scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
9b4477d5b8
activated iptables in some ikev2 scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
8e75e8dfa7
Fixed NO evaltest in tnc/tnccs-20-pdp scenario
2013-01-17 16:54:59 +01:00
Andreas Steffen
9c36018cc7
Disable IPv4 forwarding on carol in order to pass tnc/tnccs-20-os scenario
2013-01-17 16:54:59 +01:00
Reto Buerki
602ba2f6d1
Adjust ikev2/farp test to qemu network interfaces
2013-01-17 16:54:58 +01:00
Reto Buerki
7fa92110e8
Adjust ikev2/dhcp tests to qemu network interfaces
2013-01-17 16:54:57 +01:00
Reto Buerki
76ccd25a05
Add expect-connection guest image script
...
This script can be used in pretest.dat files to wait until an IPsec
connection becomes available. This avoids unconditional sleeps and
improves test performance.
The ipv6 tests have been updated to use the expect-connection script.
2013-01-17 16:54:55 +01:00
Reto Buerki
533177003c
Adapt test configurations
...
Adapt test configurations to the new Debian-based system.
2013-01-17 15:22:07 +01:00
Andreas Steffen
ef214f2855
added ike2/rw-eap-md5-class-radius scenario
2012-11-21 06:05:34 +01:00
Andreas Steffen
7c49d77982
updated parameters
2012-11-12 10:45:38 +01:00
Andreas Steffen
a9c9414d58
implemented IETF Numeric Version attribute
2012-10-18 22:33:26 +02:00
Andreas Steffen
ef315c5a1c
implemented IETF Remediation Instructions attribute
2012-10-18 18:24:26 +02:00
Andreas Steffen
154cae09e3
increased IMC/IMV debug level to 3
2012-10-17 10:02:53 +02:00
Andreas Steffen
4abe404d27
added tnc/tnccs-20-os scenario
2012-10-12 09:50:15 +02:00
Andreas Steffen
e97602151a
removed ikev2/dynamic-responder scenario
2012-09-22 17:50:57 +02:00
Andreas Steffen
04bb739578
do not enable integrity and crypto tests in ikev1/rw-cert-unity scenario
2012-09-21 21:26:52 +02:00
Tobias Brunner
0d33f428d1
Move rw-eap-dynamic scenario to its proper location
2012-09-21 09:34:10 +02:00
Martin Willi
995a9c8a0a
Add a simple test case for the unity plugin, featuring both includes and excludes
2012-09-18 17:20:47 +02:00
Martin Willi
56ea95195a
Add a road-warrior test case requesting both an IPv4 and an IPv6 virtual address
2012-09-18 17:11:03 +02:00
Andreas Steffen
979027ae04
ikev1 hybrid authentication does not need client certificates
2012-09-12 12:42:24 +02:00
Andreas Steffen
e1588893f5
corrected topology in ikev2/rw-radius-accounting scenario
2012-09-12 12:26:39 +02:00
Andreas Steffen
98521f0821
this is the correct evaltest
2012-09-10 15:53:03 +02:00
Andreas Steffen
2dd0883fb7
recovered ikev2/ip-two-pools-mixed evaltest
2012-09-10 15:46:50 +02:00
Andreas Steffen
d401bcfe97
adapted ip-pool evaltests
2012-09-10 15:41:27 +02:00
Andreas Steffen
a785bb8797
make sending of IETF Assessment Result attributes configurable
2012-09-09 23:24:23 +02:00
Andreas Steffen
1e5634c9b3
remove virtual IP for moon's inner interface
2012-06-29 23:20:32 +02:00
Andreas Steffen
4271838f9c
an IKE daemon needs these plugins but a PDP doesn't
2012-06-29 06:24:02 +02:00
Andreas Steffen
1c959e4479
added ikev1/virtual-ip scenario
2012-06-28 14:52:07 +02:00
Andreas Steffen
5a86589d0c
corrected description of ikev1/ip-pool-db scenario
2012-06-28 14:44:10 +02:00
Andreas Steffen
5c0d1bccb0
corrected description of ikev1/ip-pool scenario
2012-06-28 14:42:34 +02:00
Andreas Steffen
788e512d58
added ikev1/ip-pool scenario
2012-06-28 14:37:04 +02:00
Andreas Steffen
f39a2f275e
merged xauth-id-rsa and xauth-rsa-config scenarios
2012-06-28 14:23:47 +02:00
Andreas Steffen
8cad9ed42c
charon automatically removes virtual interfaces
2012-06-28 09:30:24 +02:00
Andreas Steffen
fc16296391
adapted description to IKEv2
2012-06-22 09:53:37 +02:00
Andreas Steffen
bf577b6714
fixed typo
2012-06-20 11:15:09 +02:00
Andreas Steffen
0802b8359e
added ipv6/rw-ip6-in-ip4-ikev1 scenario
2012-06-20 11:13:20 +02:00
Andreas Steffen
36988a0a37
added ipv6/rw-ip6-in-ip4-ikev2 scenario
2012-06-20 11:03:51 +02:00
Andreas Steffen
87f8ff168b
sleep one second more
2012-06-19 06:18:05 +02:00
Andreas Steffen
e4012ae386
use socket-default in scenario
2012-06-19 06:17:37 +02:00
Andreas Steffen
bc60bb8bf4
added ikev1/xauth-id-rsa-hybrid scenario
2012-06-18 22:51:50 +02:00
Andreas Steffen
771a66c6a0
added ikev1/xauth-id-rsa-aggressive scenario
2012-06-18 22:30:26 +02:00
Andreas Steffen
8b8f5c6141
rsasig is not recognized as authentication method
2012-06-18 22:03:36 +02:00
Andreas Steffen
49d18a8e06
enable potentially unsafe aggressive mode
2012-06-18 21:34:48 +02:00
Andreas Steffen
7a892288fb
change ikev1/xauth scenarios to modern notation
2012-06-18 21:22:01 +02:00
Andreas Steffen
daa857029f
removed plutostart parameter
2012-06-13 21:19:05 +02:00
Andreas Steffen
4745fce666
deleted IKEv1 charon-pluto interoperability scenarios
2012-06-12 10:00:21 +02:00
Andreas Steffen
47f8ae7cfd
added ikev1/dynamic scenarios using allow-any
2012-06-08 22:54:12 +02:00
Andreas Steffen
7cc65a0376
removed whitespace
2012-06-08 22:34:49 +02:00
Andreas Steffen
d9e1b4c033
added ikev2/dynamic-two-peers scenario
2012-06-08 21:52:20 +02:00
Andreas Steffen
68f3e2462a
added ikev2/dynamic-responder scenario
2012-06-08 21:24:42 +02:00
Andreas Steffen
420e77c2d0
added ikev2/dynamic-initiator scenario
2012-06-08 21:24:41 +02:00
Andreas Steffen
6f948c5c8d
added nonce plugin to gcrypt scenarios
2012-05-30 07:21:03 +02:00
Andreas Steffen
08951eb7a8
upgraded ipv6 scenarios to 5.0.0
2012-05-29 23:40:01 +02:00
Andreas Steffen
da7a46b73b
upgraded ike scenarios to 5.0.0
2012-05-25 16:58:17 +02:00
Andreas Steffen
d2933125d5
added IKEv1 IPCOMP pluto-charon interoperability scenarios
2012-05-25 12:52:21 +02:00
Andreas Steffen
b253008544
upgraded ikev1/compress to 5.0.0
2012-05-24 17:36:27 +02:00
Andreas Steffen
fa50a89c95
added ikev1/xauth-rsa-eap-md5-radius scenario
2012-05-24 09:26:00 +02:00
Andreas Steffen
31c83b973e
load nonce plugin
2012-05-23 15:05:57 +02:00
Andreas Steffen
ad59f3a91a
added ikev1 pluto-charon interoperability scenarios
2012-05-23 14:47:41 +02:00
Andreas Steffen
148b643880
upgraded ikev1 scenarios to 5.0.0
2012-05-23 14:45:15 +02:00
Andreas Steffen
5cc6dc8b39
check for ESP in UDP encapsulation
2012-05-12 12:15:58 +02:00
Andreas Steffen
a56fdff194
upgraded ikev2 scenarios to 5.0.0
2012-05-11 11:00:32 +02:00
Andreas Steffen
0e1c6fa2a9
suppress leak detective output
2012-05-11 05:48:11 +02:00
Andreas Steffen
86aab92248
upgraded ha scenario for 5.0.0
2012-05-06 15:03:26 +02:00
Andreas Steffen
922e0d0975
added gcrypt-ikev1 pluto interoperability tests
2012-05-06 09:51:19 +02:00
Andreas Steffen
949d08dfca
upgraded gcrypt-ikev1 scenarios to 5.0.0
2012-05-06 09:25:31 +02:00
Andreas Steffen
04d7b1725d
upgraded gcrypt-ikev2 scenarios to 5.0.0
2012-05-06 09:23:09 +02:00
Andreas Steffen
8f834c16ae
upgraded pfkey scenarios to 5.0.0
2012-05-05 11:55:48 +02:00
Andreas Steffen
6624b8be24
removed leftover ipsec.conf parameters
2012-05-05 09:20:42 +02:00
Andreas Steffen
84b291e668
upgraded sql scenarios to 5.0.0
2012-05-05 09:16:15 +02:00
Andreas Steffen
8a5a33b52e
upgrade p2pnat scenarios to 5.0.0
2012-05-04 14:56:09 +02:00
Andreas Steffen
e5502cd2b5
updated af-alg scenarios to 5.0.0
2012-05-04 12:15:30 +02:00
Andreas Steffen
680609b972
added openssl-ikev1 pluto interoperability tests
2012-05-04 12:12:39 +02:00
Andreas Steffen
1e9b62ad50
deleted unneeded openssl-ikev1 files
2012-05-04 12:11:57 +02:00
Andreas Steffen
90e941fb97
upgraded openssl-ikev1 scenarios to 5.0.0
2012-05-04 12:06:45 +02:00
Andreas Steffen
3805e569f6
upgraded openssl-ikev2 scenarios to 5.0.0
2012-05-04 12:03:05 +02:00
Andreas Steffen
22bec9d4ae
upgraded tnc scenarios to 5.0.0
2012-05-04 11:57:31 +02:00
Andreas Steffen
fe23d9aaa4
ikev2/net2net-pubkey scenario does not need dnskey plugin
2012-04-30 07:02:08 +02:00
Andreas Steffen
86b79a5f6d
added ikev2/net2net-pubkey scenario
2012-04-30 00:33:18 +02:00
Andreas Steffen
7ea31a17ea
added ikev2/net2net-rsa scenario
2012-04-30 00:32:58 +02:00
Andreas Steffen
2338b9f019
added ikev2/rw-eap-md5-id-prompt scenario
2012-04-29 19:10:25 +02:00
Andreas Steffen
5ff8fe5d48
activated cmac plugin in UML test suites
2012-04-22 22:22:25 +02:00
Andreas Steffen
3cea55b0c8
corrected description
2012-03-17 23:22:25 +01:00
Andreas Steffen
9da795392e
added ikev2/esp-alg-sha1-160 scenario
2012-03-17 23:20:03 +01:00
Andreas Steffen
d9b539dc33
added ikev2/esp-alg-md5-128 scenario
2012-03-17 22:56:37 +01:00
Andreas Steffen
ebf292bad0
refreshed carolCert-ocsp.pem
2012-03-15 07:58:35 +01:00
Andreas Steffen
ea2f340e27
added tnc/tnccs-20-pdp scenario
2012-03-14 08:47:12 +01:00
Andreas Steffen
9b8053a63a
edited description of tnc/tnccs-11-radius scenario
2012-03-14 08:46:52 +01:00
Andreas Steffen
2af22e1135
adapted debug output check in openssl-ikev2/rw-eap-tls-only scenario
2012-02-07 20:31:17 +01:00
Andreas Steffen
269e487567
open RADIUS accounting port in firewall
2012-02-06 20:45:21 +01:00
Andreas Steffen
9755910d7f
added ikev2/rw-radius-accounting scenario
2012-02-06 12:52:48 +01:00
Andreas Steffen
48bf8ce9bd
added openssl-ikev2/ecdsa-pkcs8 scenario
2012-02-03 11:44:04 +01:00
Andreas Steffen
6b4e0dd504
added ikev2/rw-pkcs8 scenario
2012-02-03 11:10:13 +01:00
Andreas Steffen
a24f2241bc
made ikev2/reauth-late scenario more robust
2011-12-21 06:00:13 +01:00
Andreas Steffen
63179fd459
upgraded Test IMC/IMV pair to fully support multple IMC IDs
2011-12-11 22:01:49 +01:00
Andreas Steffen
566311862f
moved random plugin in front of openssl in order to prefer gmp
2011-11-05 07:24:17 +01:00
Andreas Steffen
0986fe362f
added integrity test to rw-eap-sim-rsa and rw-eap-aka-rsa scenarios
2011-11-04 11:27:19 +01:00
Andreas Steffen
a12bb386f7
enable integrity test in tnc/tnccs-dynamic scenario
2011-11-02 09:30:18 +01:00
Andreas Steffen
6ae024392b
removed xcbc plugin from sql scenarios
2011-11-01 00:16:35 +01:00
Andreas Steffen
5153af66e0
added tnc-tnccs plugin and removed xcbc plugin
2011-10-25 15:20:03 +02:00
Andreas Steffen
448fc5091f
updated strong certificates
2011-10-17 18:04:12 +02:00
Andreas Steffen
f63f7822ed
Run scenarios without xcbc plugin
2011-10-17 14:08:50 +02:00
Andreas Steffen
91adba2051
Run scenarios without xcbc plugin
2011-10-16 17:18:32 +02:00
Andreas Steffen
8b0e38e69e
run scenarios without xcbc plugin
2011-10-14 17:41:08 +02:00
Andreas Steffen
fc67132697
due to a bug fix reverted to the previous RULE_CRL_VALIDATION check
2011-09-09 09:25:54 +02:00
Andreas Steffen
7ec35f561c
show correct network topology in shunt-policies scenarios
2011-07-26 07:55:20 +02:00
Tobias Brunner
92032fd4d6
Fixed sleep command in two test cases.
2011-07-21 16:34:37 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Andreas Steffen
456c668d92
added ikev2/net2net-esn scenario
2011-07-16 14:12:23 +02:00
Andreas Steffen
0cb5d713ab
alice is now master in the ha/both-active scenario
2011-07-14 17:31:47 +02:00
Andreas Steffen
9de0f9d487
short form changed
2011-07-14 16:49:41 +02:00
Andreas Steffen
52ba840d5c
adapted tnc scenarios to new imcvs library path
2011-07-06 21:55:17 +02:00
Andreas Steffen
1f3b5c7778
corrected description of shunt-policies scenario
2011-07-05 22:07:42 +02:00
Andreas Steffen
d6e40a3b91
start and stop apache server on dave
2011-07-04 22:40:46 +02:00
Andreas Steffen
0b0f36cc1a
added ITA Scanner IMC/IMV pair to tnccs-11-radius-block scenario
2011-07-04 22:32:34 +02:00
Andreas Steffen
31479712b5
added ITA Scanner IMC/IMV pair to tnccs-20 and tnccs-20-block scenarios
2011-07-04 21:44:22 +02:00
Andreas Steffen
c755c365d7
fixed sql/shunt-policies scenario
2011-06-29 08:23:58 +02:00
Andreas Steffen
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00
Andreas Steffen
535f5d8a10
added tnc/tnccs-20-server-retry scenario
2011-06-23 19:59:27 +02:00
Andreas Steffen
6b57728cce
renamed tncss-20-retry scenario to tnccs-20-client-retry
2011-06-23 19:59:00 +02:00
Andreas Steffen
9368185260
restablish the lost links to the TNC@FHH project
2011-06-15 14:16:58 +02:00
Andreas Steffen
f9b5d9ae9c
fixed some descriptions
2011-06-15 14:07:16 +02:00
Andreas Steffen
da73199fe5
added the tnc/tnccs-20-retry scenario
2011-06-15 14:06:48 +02:00
Andreas Steffen
8b3d522620
link to the TNC@FHH project
2011-06-03 08:36:57 +02:00
Andreas Steffen
b24ffda989
fixed sleep command in ikev1/esp-ah-tunnel scenario
2011-06-03 07:05:43 +02:00
Andreas Steffen
7bd580bf08
active and passive IKEv2 hosts changed again
2011-06-03 01:47:25 +02:00
Andreas Steffen
2e60060095
moved TNC scenarios to tnc folder
2011-06-03 00:47:20 +02:00
Andreas Steffen
51679e67c9
ikev2/rw-eap-tnc-11-radius scenario now uses a PA-TNC IMC/IMV pair
2011-06-02 12:36:27 +02:00
Andreas Steffen
0410c3c363
disable leak_detective in ikev2/rw-eap-tnc-11-radius scenario
2011-06-01 22:17:32 +02:00
Andreas Steffen
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
Andreas Steffen
4cefb9bd10
removed unused files
2011-05-31 15:46:51 +02:00
Andreas Steffen
a5cfcc5f50
re-established a deleted colon character
2011-05-30 22:48:53 +02:00
Andreas Steffen
ea9f1002cd
cleaned up the rw-eap-tnc-20 and rw-eap-tnc-20-fhh scenarios
2011-05-30 21:46:45 +02:00
Andreas Steffen
83348c80e4
added the ikev2/rw-eap-tnc-20 scenario based on the RFC 5792 PA-TNC protocol
2011-05-30 21:31:50 +02:00
Andreas Steffen
61420db66c
renamed ikev2/rw-eap-tnc-20 scenario to rw-eap-tnc-20-fhh
2011-05-30 21:28:07 +02:00
Andreas Steffen
636a7d2bc3
whitelisting can already be enabled in strongswan.conf
2011-05-14 17:11:15 +02:00
Andreas Steffen
8afbc768f3
added ikev2/rw-whitelist scenario
2011-05-12 21:11:01 +02:00
Andreas Steffen
1ef7a2ef94
with the 2.6.38 kernel alice is preferred for handling the IKE connections
2011-04-08 07:50:20 +02:00
Andreas Steffen
7346114e9c
added ikev2/rw-eap-peap-mschapv2 scenario
2011-04-06 19:44:58 +02:00
Andreas Steffen
35e2a87e1e
added ikev2/rw-eap-peap-md5 scenario
2011-04-06 19:44:30 +02:00
Andreas Steffen
119b0a45a1
added ikev2/rw-eap-peap-radius scenario
2011-04-06 19:42:52 +02:00
Andreas Steffen
bf2233b32d
updated ikev2/rw-eap-tnc scenarios
2011-04-01 19:44:25 +02:00
Andreas Steffen
3f5647819b
redirect debug output of imc/imv pairs to syslog
2011-03-19 23:23:52 +01:00
Andreas Steffen
b03dd40fe6
some changes to the ikev2/rw-eap-tnc-11|20 scenarios
2011-03-19 16:48:06 +01:00
Andreas Steffen
357894c692
af-alg plugin does not require hmac and xcbc plugins
2011-03-18 09:55:26 +01:00
Andreas Steffen
ae04b73eb4
added af-alg-ikev1/alg-camellia scenario
2011-03-18 07:39:21 +01:00
Andreas Steffen
ec160f132c
added af-alg-ikev2/alg-camellia scenario
2011-03-18 07:34:48 +01:00
Andreas Steffen
efe7e863e7
added the af-alg-ikev1/rw-cert scenario
2011-03-17 23:16:41 +01:00
Andreas Steffen
d6946481ae
added the af-alg-ikev2/rw-cert scenario
2011-03-17 22:55:26 +01:00
Andreas Steffen
76c8b190f8
removed ipsec up %startall from scenario descriptions
2011-02-10 10:03:59 +01:00
Andreas Steffen
f04d1c2dfe
replaced ipsec up %startall command by start_action job
2011-02-09 22:27:04 +01:00
Andreas Steffen
2ecafc7316
added openssl-ikev2/critical-extension scenario
2011-02-08 22:58:31 +01:00
Andreas Steffen
2ee4cb6430
added ikev2/critical-extension scenario
2011-02-08 07:05:23 +01:00
Tobias Brunner
84545f6e7c
Some typos fixed.
2011-02-07 11:39:41 +01:00
Andreas Steffen
3891b75628
disable INITIAL_CONTACT message by setting unigueids=no
2011-02-02 15:58:40 +01:00
Andreas Steffen
f808aa2c44
load constraints plugin in ikev2/multi-level-ca-pathlen scenario
2011-01-31 14:46:16 +01:00
Andreas Steffen
ec9f8440f3
adapted some UML timings
2011-01-31 09:38:22 +01:00
Andreas Steffen
3ba7616d8f
added ikev2/rw-eap-tnc-dynamic scenario
2011-01-31 07:30:41 +01:00
Andreas Steffen
e27554144a
increase sleep time in mediation scenarios
2010-12-12 21:54:44 +01:00
Andreas Steffen
458e7779a8
reorganized ikev2/rw-eap-tnc scenarios
2010-12-12 12:51:14 +01:00
Andreas Steffen
146e9123a2
added the ikev2/rw-eap-tnc-20 scenario
2010-12-12 10:47:16 +01:00
Andreas Steffen
2965eb3cc7
added sql/multi-level-ca scenario
2010-12-05 21:53:43 +01:00
Andreas Steffen
f143f0f743
use a composite test proposal
2010-12-01 10:05:28 +01:00
Andreas Steffen
cbdcca7fd7
renamed algorithm to proposal
2010-11-30 17:38:49 +01:00
Andreas Steffen
f4e5acef3a
store IKE and ESP proposals in SQL database
2010-11-30 17:03:21 +01:00
Andreas Steffen
b62bde3b95
configured various DPD modes in sql scenarios
2010-11-28 17:41:27 +01:00
Andreas Steffen
11c904b373
added sql/net2net-route-pem scenario
2010-11-28 12:00:44 +01:00
Andreas Steffen
d6a13b895f
added sql/net2net-start-pem scenario
2010-11-28 12:00:19 +01:00
Andreas Steffen
d16ecc1753
fixed iptables script of gateway alice
2010-11-20 21:01:54 +01:00
Andreas Steffen
aafe3b090e
removed copy of strongswancCert.pem
2010-11-20 20:34:21 +01:00
Andreas Steffen
4a8ebe0b35
added ha/both-active scenario
2010-11-20 20:16:26 +01:00
Andreas Steffen
8d01a80819
do not send certificate requests in EAP-ONLY scenarios
2010-10-14 21:10:03 +02:00
Andreas Steffen
ea7c8b3880
added ikev2/rw-eap-tnc-ls scenario
2010-10-14 21:00:41 +02:00
Andreas Steffen
cf76984c28
Define explicit IKEv1 keyexchange mode V
2010-10-14 16:13:52 +02:00
Andreas Steffen
6587f1a04d
increase eap-tls max_message_count in fragments scenario
2010-10-14 16:09:44 +02:00
Tobias Brunner
972663ccb0
Define explicit IKEv1 keyexchange mode IV.
2010-10-14 13:55:04 +02:00
Andreas Steffen
897a9baaba
define explicit IKEv1 keyexchange mode III
2010-10-14 07:34:13 +02:00
Andreas Steffen
a885f0737c
fixed ikev2/rw-eap-ttls-radius scenario
2010-10-14 07:26:10 +02:00
Andreas Steffen
d8a379e1e4
fixed ikev2/rw-eap-tnc-radius-block scenario
2010-10-14 07:22:39 +02:00
Andreas Steffen
adf5ebaa28
fixed ikev2/rw-eap-tnc scenario
2010-10-14 07:08:33 +02:00
Andreas Steffen
c763ec09db
fixed ikev2/rw-eap-sim-radius scenario
2010-10-14 07:01:06 +02:00
Andreas Steffen
15a7b95f86
fixed ikev2/rw-eap-sim-only-radius scenario
2010-10-14 06:55:06 +02:00
Andreas Steffen
907ca3d4df
fixed ikev2/mult-auth-rsa-eap-sim-id
2010-10-14 06:41:26 +02:00
Andreas Steffen
e6f685b0fa
scenarios without RADIUS server can use default iptables script
2010-10-11 17:04:53 +02:00
Andreas Steffen
e5f5f612bd
fixed some evaltest.dat files
2010-10-11 16:58:12 +02:00
Andreas Steffen
7d8cb1f952
added ikev2/rw-eap-tnc-block scenario
2010-10-11 16:58:12 +02:00
Andreas Steffen
8efd583a64
explicit ikev1 key exchange for ikev1/esp-alg-null scenario
2010-10-09 22:07:51 +02:00
Andreas Steffen
1e6c92789e
fixed typo
2010-10-09 22:05:26 +02:00
Andreas Steffen
74e14ed631
define explicit IKEv1 key exchange mode II
2010-10-09 20:04:00 +02:00
Andreas Steffen
ed08f7ce83
use DBG_TNC for TNC debugging output
2010-10-09 16:01:19 +02:00
Andreas Steffen
db24b600fb
changed filter attribute from access to allow
2010-10-09 01:01:19 +02:00
Andreas Steffen
a1afa8d810
added ikev2/rw-eap-tnc scenario
2010-10-09 00:59:31 +02:00
Andreas Steffen
8dcc56dcc0
created tnc-imc and tnc-imv plugins
2010-10-07 23:31:23 +02:00
Andreas Steffen
84babfb895
define explicit IKEv1 key exchange mode
2010-10-07 07:31:44 +02:00
Andreas Steffen
9b201cf859
host venus is used in ikev2/rw-eap-tnc-radius scenario
2010-10-06 10:38:18 +02:00
Andreas Steffen
541666b89f
added ikev2/rw-eap-tnc-radius-block scenario
2010-10-06 10:32:50 +02:00
Andreas Steffen
48e16e0ae1
final version of ikev2/rw-eap-tnc-radius scenario
2010-10-05 20:38:34 +02:00