Andreas Steffen
f0ffb9f9af
Fixed description of ikev1/rw-ntru-psk scenario
2014-02-12 13:21:46 +01:00
Andreas Steffen
83caf0827c
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
2014-02-12 13:16:34 +01:00
Tobias Brunner
571025a609
testing: Add ikev2/host2host-transport-nat scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
62e050e0ef
testing: Add ipv6/rw-compress-ikev2 scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
6055e347f8
testing: Add ikev2/compress-nat scenario
2014-01-23 10:27:13 +01:00
Tobias Brunner
1fde30cc23
testing: Enable firewall for ikev2/compress scenario
...
Additionally, send a regular (small) ping as the kernel does not
compress small packets and handles those differently inbound.
2014-01-23 10:27:13 +01:00
Reto Buerki
8416ebb628
charon-tkm: Update integration tests
2013-12-04 10:41:54 +01:00
Andreas Steffen
802eaf3789
Any of the four NTRU parameter sets can be selected
2013-11-27 20:21:41 +01:00
Andreas Steffen
d5cd6eba2b
Added ikev2/net2net-ntru-cert and ikev2/rw-ntru-psk scenarios
2013-11-27 20:21:40 +01:00
Andreas Steffen
7967876257
Encrypt carol's PKCS#8 private key in openssl-ikve2/rw-suite-b-128|192 scenarios
2013-10-30 20:46:32 +01:00
Andreas Steffen
9043cb2f9c
Fixed sql/net2net-route-pem scenario evaluation
2013-10-23 22:23:47 +02:00
Andreas Steffen
2efe61e07b
Added two Brainpool IKEv2 scenarios
2013-10-23 21:11:28 +02:00
Andreas Steffen
b891c22aa9
Updated and split data.sql
2013-10-23 00:26:02 +02:00
Andreas Steffen
1ca57d497f
Increase debug level in libipsec/rw-suite-b scenario
2013-10-11 21:34:59 +02:00
Andreas Steffen
1486fe786a
Use bold font to display key size
2013-10-11 21:23:10 +02:00
Andreas Steffen
fcf355036f
Added swid_directory option
2013-10-11 20:59:24 +02:00
Andreas Steffen
3bd4536185
Added tnc/tnccs-11-supplicant scenario
2013-10-11 20:18:59 +02:00
Tobias Brunner
d14ba7e7fd
testing: Add libipsec/host2host-cert scenario
2013-10-11 18:04:48 +02:00
Tobias Brunner
ca28e13fe8
testing: Add ikev2/net2net-dnscert scenario
2013-10-11 15:45:42 +02:00
Martin Willi
fa7815538f
testing: Add an IKEv1 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
Martin Willi
ef4560121d
testing: Add an IKEv1 net2net AH test case
2013-10-11 10:15:22 +02:00
Martin Willi
80a82b8d67
testing: Add an IKEv2 host2host AH transport mode test case
2013-10-11 10:15:22 +02:00
Martin Willi
850bab6d58
testing: Add an IKEv2 net2net AH test case
2013-10-11 10:15:22 +02:00
Andreas Steffen
2c4d772a79
Implemented TCG/PB-PDP_Referral message
2013-09-17 21:57:08 +02:00
Andreas Steffen
97346f2a7e
Added ikev1/config-payload-push scenario
2013-09-07 08:23:58 +02:00
Andreas Steffen
9b8137fdd3
Added tags table and some tag samples
2013-09-05 11:29:23 +02:00
Andreas Steffen
86f00e6aff
Added regids table and some sample reqid data
2013-09-02 12:00:47 +02:00
Andreas Steffen
6fc5cc003d
Pull dave for OS info
2013-09-02 12:00:46 +02:00
Andreas Steffen
03d673620d
Cleaned configuration files in PT-TLS client scenario
2013-08-22 17:24:20 +02:00
Andreas Steffen
aff4367907
Flush iptables rules on alice
2013-08-19 12:20:57 +02:00
Andreas Steffen
f859645b12
Fixes in tnc scenarios
2013-08-19 11:44:51 +02:00
Andreas Steffen
10c7ca2399
Added tnc/tnccs-20-pt-tls scenario
2013-08-19 11:36:23 +02:00
Martin Willi
2cfe88aacb
testing: enforce xauth-eap in ikev1/xauth-rsa-eap-md5-radius
...
As eap-radius now provides its own XAuth backend and eap-radius is loaded before
xauth-eap, we have to enforce the exact XAuth backend to use.
2013-07-29 10:35:59 +02:00
Martin Willi
9d75f04eee
testing: add a testcase for plain XAuth RADIUS authentication
2013-07-29 09:00:49 +02:00
Andreas Steffen
2b1ac51c9c
fixed typo
2013-07-19 20:07:32 +02:00
Andreas Steffen
645e9291f0
updated some TNC scenarios
2013-07-19 19:36:07 +02:00
Tobias Brunner
9e7a45bec2
testing: Don't load certificates explicitly and delete CA certificates in PKCS#12 scenarios
...
Certificates are now properly extracted from PKCS#12 files.
2013-07-15 11:27:07 +02:00
Andreas Steffen
0a013e1af5
Override policy recommendation in enforcement
2013-07-11 10:34:00 +02:00
Andreas Steffen
9e0182b922
openssl plugin can replace random, hmac, and gcm plugins
2013-07-10 20:38:07 +02:00
Andreas Steffen
3910fb3715
Added openssl-ikev2/net2net-pkcs12 scenario
2013-07-10 20:25:49 +02:00
Andreas Steffen
49a26e5b57
Added ikev2/net2net-pkcs12 scenario
2013-07-10 20:17:44 +02:00
Andreas Steffen
3b569df215
conntrack -F makes ikev2/nat-rw scenario to work always
2013-07-10 17:50:25 +02:00
Andreas Steffen
9844f240f8
Register packages under Debian 7.0 x86_64
2013-07-04 22:53:41 +02:00
Tobias Brunner
1d728758ed
Ping from dave before shutting down tcpdump in libipsec/rw-suite-b test case
2013-07-01 13:48:21 +02:00
Andreas Steffen
bb802daacc
Fixed libipsec/rw-suite-b scenario
2013-07-01 12:32:45 +02:00
Andreas Steffen
3405156f97
Added libipsec/rw-suite-b scenario
2013-07-01 11:04:14 +02:00
Andreas Steffen
156e552caf
Added libipsec/net2net-cert scenario
2013-06-29 22:23:45 +02:00
Reto Buerki
1cfefd38a2
Add type=transport to tkm/host2host-* connections
...
Explicitly specify transport mode in connection configuration of the
responding host (sun).
2013-06-29 15:07:10 +02:00
Andreas Steffen
b1f1e5e5f2
5.1.0 changes for test cases
2013-06-29 00:07:15 +02:00
Tobias Brunner
50daffb784
dhcp: Use chunk_hash_static() to calculate ID-based MAC addresses
2013-06-28 17:00:29 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Tobias Brunner
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
Andreas Steffen
0f499f41dc
Use attest database in tnc/tnccs-20-os scenario
2013-04-21 16:31:23 +02:00
Andreas Steffen
1b912ad384
check for successful activation of FIPS mode
2013-04-19 18:46:52 +02:00
Andreas Steffen
545df30c18
Added openssl-ikev2/rw-cpa scenario
2013-04-19 18:34:35 +02:00
Andreas Steffen
8d384fb7df
disable reauth, too
2013-04-15 20:21:27 +02:00
Andreas Steffen
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
Andreas Steffen
2a4915e87a
cleaned up XML code in tnccs-11 plugin
2013-04-04 17:12:07 +02:00
Andreas Steffen
8f72ba4aff
Added Framed-IP-Address information to RADIUS accounting records
2013-03-22 23:52:01 +01:00
Andreas Steffen
0b6c43f038
Added ikev2/rw-eap-framed-ip-radius scenario
2013-03-22 19:08:42 +01:00
Andreas Steffen
1eada67bcb
Added ikev2/ip-two-pools-v4v6-db scenario
2013-03-22 12:18:43 +01:00
Reto Buerki
8484f2bc5c
Implement multiple-clients integration test
...
Two transport connections to gateway sun are set up, one from client
carol and the other from client dave. The gateway sun uses the Trusted
Key Manager (TKM) and is the responder for both connections. The
authentication is based on X.509 certificates. In order to test the
connections, both carol and dave ping gateway sun.
2013-03-19 15:23:51 +01:00
Reto Buerki
a520e4a010
Implement net2net-xfrmproxy integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
847d320950
Implement net2net-initiator integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
d8b2064a34
Add xfrm_proxy integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
3150dbd3e3
Add TKM responder integration test
2013-03-19 15:23:50 +01:00
Reto Buerki
117375ed00
Add initial TKM integration test
...
A connection between the hosts moon and sun is set up. The host moon
uses the Trusted Key Manager (TKM) and is the initiator of the transport
connection. The authentication is based on X.509 certificates.
2013-03-19 15:23:50 +01:00
Andreas Steffen
f7580a5a67
added openssl-ikev2/alg-aes-gcm scenario
2013-03-03 11:43:52 +01:00
Andreas Steffen
81419b9748
use DNs in tnc/tnccs-20-tls scenario
2013-03-03 10:47:17 +01:00
Andreas Steffen
f0c102cbfa
Added ikev2/rw-dnssec scenario
2013-02-19 12:25:01 +01:00
Andreas Steffen
1d4ff25fb8
Added ikev2/net2net-dnssec scenario
2013-02-19 12:25:01 +01:00
Andreas Steffen
5374fe3a09
added ikev1/net2net-fragmentation scenario
2013-02-12 23:01:48 +01:00
Andreas Steffen
7d355f853d
use EAP identity in tnc/tnccs-20-pdp scenario
2013-02-12 20:41:37 +01:00
Tobias Brunner
812cd9c18a
Removed UML from description of ikev2/default-keys test
2013-01-17 16:56:02 +01:00
Tobias Brunner
b1169a880a
Updated comments in test.conf of all tests
2013-01-17 16:56:02 +01:00
Tobias Brunner
7699a928f7
Renamed $UMLHOSTS to $VIRTHOSTS
2013-01-17 16:56:02 +01:00
Reto Buerki
88bffacfdc
Drop vim swap file
2013-01-17 16:55:04 +01:00
Reto Buerki
c25f850601
Drop obsolete Gentoo dhcpd init script
2013-01-17 16:55:03 +01:00
Reto Buerki
530f7b8421
No need to enable ip_forward in pretest files
...
It is enabled by default now.
2013-01-17 16:55:03 +01:00
Andreas Steffen
44e533b88e
converted ha/both-active iptables scenario
2013-01-17 16:55:03 +01:00
Andreas Steffen
5c09942d54
converted all ipv6 iptables/ip6tables scenarios
2013-01-17 16:55:03 +01:00
Andreas Steffen
a0ffe67fab
converted all p2pnat iptables scenarios
2013-01-17 16:55:02 +01:00
Andreas Steffen
472a411aa8
converted all tnc iptables scenarios
2013-01-17 16:55:02 +01:00
Andreas Steffen
cedc96c2c4
implemented ip6tables.rules
2013-01-17 16:55:02 +01:00
Andreas Steffen
136f74161b
converted all sql iptables scenarios
2013-01-17 16:55:02 +01:00
Andreas Steffen
6fff9d9ace
converted all pfkey iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
8fbb9458d6
converted all openssl-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
44047e7adb
converted all openssl-ikev1 iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
61ab7db386
converted all gcrypt-ikev2 iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
1dc14281fc
converted all af-alg iptables scenarios
2013-01-17 16:55:01 +01:00
Andreas Steffen
ac09da8e50
added ikev1/nat-virtual-ip scenario
2013-01-17 16:55:00 +01:00
Andreas Steffen
ca0128588f
converted all ikev1 iptables scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
d815235d17
use iptables-restore in all ikev2 firewall scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
28b7db2b3c
Updated mark_update script in several IKEv2 scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
9b4477d5b8
activated iptables in some ikev2 scenarios
2013-01-17 16:55:00 +01:00
Andreas Steffen
8e75e8dfa7
Fixed NO evaltest in tnc/tnccs-20-pdp scenario
2013-01-17 16:54:59 +01:00
Andreas Steffen
9c36018cc7
Disable IPv4 forwarding on carol in order to pass tnc/tnccs-20-os scenario
2013-01-17 16:54:59 +01:00
Reto Buerki
602ba2f6d1
Adjust ikev2/farp test to qemu network interfaces
2013-01-17 16:54:58 +01:00
Reto Buerki
7fa92110e8
Adjust ikev2/dhcp tests to qemu network interfaces
2013-01-17 16:54:57 +01:00
Reto Buerki
76ccd25a05
Add expect-connection guest image script
...
This script can be used in pretest.dat files to wait until an IPsec
connection becomes available. This avoids unconditional sleeps and
improves test performance.
The ipv6 tests have been updated to use the expect-connection script.
2013-01-17 16:54:55 +01:00