Andreas Steffen
883c11caa0
Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios
2015-03-27 20:56:44 +01:00
Andreas Steffen
193e057509
Added configurations for 3.18 and 3.19 KMV guest kernels
2015-03-27 20:56:44 +01:00
Andreas Steffen
85aa509e84
Added tnc/tnccs-20-pt-tls scenario
2015-03-27 20:56:43 +01:00
Andreas Steffen
be04f90815
testing: added tnc/tnccs-20-mutual scenario
2015-03-23 23:01:13 +01:00
Tobias Brunner
3d964213f5
testing: Remove obsolete leftnexthop option from configs
2015-03-12 15:51:25 +01:00
Martin Willi
2b0f34a2ef
testing: Don't check for exact IKEv1 fragment size
...
Similar to 7a9c0d51
, the exact packet size depends on many factors we don't
want to consider in this test case.
2015-03-10 10:21:16 +01:00
Martin Willi
58c3e09918
testing: Fix active/passive role description in ha/both-active test case
2015-03-10 10:02:21 +01:00
Tobias Brunner
8b2af616ac
testing: Update modified updown scripts to the latest template
...
This avoids confusion and makes identifying the changes needed for each
scenario easier.
2015-03-06 16:51:50 +01:00
Andreas Steffen
3fcb59b62a
use SHA512 for moon's BLISS signature
2015-03-04 14:08:37 +01:00
Tobias Brunner
26ebe5fea8
testing: Test classic public key authentication in ikev2/net2net-cert scenario
2015-03-04 13:54:12 +01:00
Tobias Brunner
53217d70b0
testing: Disable signature authentication on dave in openssl-ikev2/ecdsa-certs scenario
2015-03-04 13:54:12 +01:00
Tobias Brunner
7a9c0d51f4
testing: Don't check for exact IKEv2 fragment size
...
Because SHA-256 is now used for signatures the size of the two IKE_AUTH
messages changed.
2015-03-04 13:54:10 +01:00
Tobias Brunner
4aa24d4c13
testing: Update test conditions because signature schemes are now logged
...
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
2015-03-04 13:54:10 +01:00
Tobias Brunner
2f1b2d9183
testing: Add ikev2/rw-sig-auth scenario
2015-03-04 13:54:10 +01:00
Tobias Brunner
3b31245a0f
testing: Add ikev2/net2net-cert-sha2 scenario
2015-03-04 13:54:10 +01:00
Andreas Steffen
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
Martin Willi
c10b2be967
testing: Add a forecast test case
2015-02-20 16:34:55 +01:00
Martin Willi
3748fc70a7
testing: Build forecast plugin
2015-02-20 16:34:55 +01:00
Martin Willi
9ed09d5f77
testing: Add a connmark plugin test
...
In this test two hosts establish a transport mode connection from behind
moon. sun uses the connmark plugin to distinguish the flows.
This is an example that shows how one can terminate L2TP/IPsec connections
from two hosts behind the same NAT. For simplification of the test, we use
an SSH connection instead, but this works for any connection initiated flow
that conntrack can track.
2015-02-20 16:34:54 +01:00
Martin Willi
15f392d9ed
testing: Build strongSwan with the connmark plugin
2015-02-20 16:34:54 +01:00
Martin Willi
f3a419e9c4
testing: Install iptables-dev to guest images
2015-02-20 16:34:54 +01:00
Martin Willi
f27fb58ae0
testing: Update description and test evaluation of host2host-transport-nat
...
As we now reuse the reqid for identical SAs, the behavior changes for
transport connections to multiple peers behind the same NAT. Instead of
rejecting the SA, we now have two valid SAs active. For the reverse path,
however, sun sends traffic always over the newer SA, resembling the behavior
before we introduced explicit SA conflicts for different reqids.
2015-02-20 13:34:58 +01:00
Martin Willi
050556bf59
testing: Be a little more flexible in testing for established CHILD_SA modes
...
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
2015-02-20 13:34:58 +01:00
Martin Willi
b1ff437bbc
testing: Add a test scenario for make-before-break reauth using a virtual IP
2015-02-20 13:34:58 +01:00
Martin Willi
ae3fdf2603
testing: Add a test scenario for make-before-break reauth without a virtual IP
2015-02-20 13:34:57 +01:00
Reto Buerki
65566c37ca
testing: Add tkm xfrmproxy-expire test
...
This test asserts that the handling of XFRM expire messages from the
kernel are handled correctly by the xfrm-proxy and the Esa Event Service
(EES) in charon-tkm.
2015-02-20 13:34:54 +01:00
Reto Buerki
03409ac7a0
testing: Assert ees acquire messages in xfrmproxy tests
2015-02-20 13:34:54 +01:00
Reto Buerki
8fce649d9a
testing: Assert proper ESA deletion
...
Extend the tkm/host2host-initiator testcase by asserting proper ESA
deletion after connection shutdown.
2015-02-20 13:34:52 +01:00
Andreas Steffen
5028644943
Updated RFC3779 certificates
2014-12-28 12:53:16 +01:00
Andreas Steffen
ac0cb2d363
Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario
2014-12-12 13:55:03 +01:00
Andreas Steffen
c44f481ae0
Updated BLISS scenario keys and certificates to new format
2014-12-12 12:00:20 +01:00
Andreas Steffen
9b01a061ec
Increased check size du to INITIAL_CONTACT notify
2014-11-29 14:57:41 +01:00
Andreas Steffen
c02ebf1ecd
Renewed expired certificates
2014-11-29 14:51:18 +01:00
Andreas Steffen
43d9247599
Created ikev2/rw-ntru-bliss scenario
2014-11-29 14:51:18 +01:00
Reto Buerki
0de4ba58ce
testing: Update tkm/multiple-clients/evaltest.dat
...
Since the CC context is now properly reset in the bus listener plugin,
the second connection from host dave re-uses the first CC ID. Adjust
the expect string on gateway sun accordingly.
2014-10-31 13:49:40 +01:00
Andreas Steffen
a521ef3b8e
Increased fragment size to 1400 in ipv6/net2net-ikev1 scenario
2014-10-18 14:05:53 +02:00
Andreas Steffen
09b46cdb6a
Enabled IKEv2 fragmentation in ipv6/net2net-ikev2 scenario
2014-10-18 14:05:18 +02:00
Tobias Brunner
504bcf71b5
testing: Enable nat table for iptables on 3.17 kernels
2014-10-13 15:48:55 +02:00
Andreas Steffen
cb5ad2ba3d
testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID Inventory attribute
2014-10-11 15:01:21 +02:00
Andreas Steffen
a5e6a479d4
Added KVM config for 3.16 and 3.17 kernels
2014-10-11 14:50:08 +02:00
Tobias Brunner
83efded313
testing: Ensure no guest is running when modifying images
...
Sometimes guests are not stopped properly. If images are then modified
they will be corrupted.
2014-10-10 19:03:50 +02:00
Tobias Brunner
b7b2f9379d
testing: Enable virtio console for guests
...
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729 .
2014-10-10 19:03:28 +02:00
Tobias Brunner
1836c1845b
testing: Add ikev2/net2net-fragmentation scenario
2014-10-10 09:33:23 +02:00
Tobias Brunner
144b40e07c
testing: Update ikev1/net2net-fragmentation scenario
2014-10-10 09:32:42 +02:00
Tobias Brunner
89e953797d
testing: Don't check for the actual number of SWID tags in PDP scenarios
...
The number of SWID tags varies depending on the base image, but lets
assume the number is in the hundreds.
2014-10-07 12:18:36 +02:00
Tobias Brunner
8f9016b1e2
testing: Make TNC scenarios agnostic to the actual Debian version
...
The scenarios will work with new or old base images as long as the version
in use is included as product in the master data (src/libimcv/imv/data.sql).
2014-10-07 12:18:25 +02:00
Tobias Brunner
93fac61da5
testing: Make TKM related build recipes future-proof
...
The tkm scenarios recently failed due to a segmentation fault on my host
because I had an old build of the tkm library already built in the build
directory. Because the stamp file was not versioned the new release was
never checked out or built and charon-tkm was linked against the old
version causing a segmentation fault during key derivation.
2014-10-07 10:47:06 +02:00
Andreas Steffen
100c1a4bf1
testing: Updated certificates and keys in sql scenarios
2014-10-06 09:42:58 +02:00
Andreas Steffen
73af3a1b04
Updated revoked certificate in ikev2/ocsp-revoked scenario
2014-10-05 21:33:35 +02:00
Andreas Steffen
006518e859
The critical-extension scenarios need the old private keys
2014-10-05 20:58:03 +02:00