883c11caa0
Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios
2015-03-27 20:56:44 +01:00
193e057509
Added configurations for 3.18 and 3.19 KMV guest kernels
2015-03-27 20:56:44 +01:00
85aa509e84
Added tnc/tnccs-20-pt-tls scenario
2015-03-27 20:56:43 +01:00
be04f90815
testing: added tnc/tnccs-20-mutual scenario
2015-03-23 23:01:13 +01:00
3d964213f5
testing: Remove obsolete leftnexthop option from configs
2015-03-12 15:51:25 +01:00
2b0f34a2ef
testing: Don't check for exact IKEv1 fragment size
...
Similar to 7a9c0d51
2015-03-10 10:21:16 +01:00
58c3e09918
testing: Fix active/passive role description in ha/both-active test case
2015-03-10 10:02:21 +01:00
8b2af616ac
testing: Update modified updown scripts to the latest template
...
This avoids confusion and makes identifying the changes needed for each
scenario easier.
2015-03-06 16:51:50 +01:00
3fcb59b62a
use SHA512 for moon's BLISS signature
2015-03-04 14:08:37 +01:00
26ebe5fea8
testing: Test classic public key authentication in ikev2/net2net-cert scenario
2015-03-04 13:54:12 +01:00
53217d70b0
testing: Disable signature authentication on dave in openssl-ikev2/ecdsa-certs scenario
2015-03-04 13:54:12 +01:00
7a9c0d51f4
testing: Don't check for exact IKEv2 fragment size
...
Because SHA-256 is now used for signatures the size of the two IKE_AUTH
messages changed.
2015-03-04 13:54:10 +01:00
4aa24d4c13
testing: Update test conditions because signature schemes are now logged
...
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
2015-03-04 13:54:10 +01:00
2f1b2d9183
testing: Add ikev2/rw-sig-auth scenario
2015-03-04 13:54:10 +01:00
3b31245a0f
testing: Add ikev2/net2net-cert-sha2 scenario
2015-03-04 13:54:10 +01:00
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
c10b2be967
testing: Add a forecast test case
2015-02-20 16:34:55 +01:00
3748fc70a7
testing: Build forecast plugin
2015-02-20 16:34:55 +01:00
9ed09d5f77
testing: Add a connmark plugin test
...
In this test two hosts establish a transport mode connection from behind
moon. sun uses the connmark plugin to distinguish the flows.
This is an example that shows how one can terminate L2TP/IPsec connections
from two hosts behind the same NAT. For simplification of the test, we use
an SSH connection instead, but this works for any connection initiated flow
that conntrack can track.
2015-02-20 16:34:54 +01:00
15f392d9ed
testing: Build strongSwan with the connmark plugin
2015-02-20 16:34:54 +01:00
f3a419e9c4
testing: Install iptables-dev to guest images
2015-02-20 16:34:54 +01:00
f27fb58ae0
testing: Update description and test evaluation of host2host-transport-nat
...
As we now reuse the reqid for identical SAs, the behavior changes for
transport connections to multiple peers behind the same NAT. Instead of
rejecting the SA, we now have two valid SAs active. For the reverse path,
however, sun sends traffic always over the newer SA, resembling the behavior
before we introduced explicit SA conflicts for different reqids.
2015-02-20 13:34:58 +01:00
050556bf59
testing: Be a little more flexible in testing for established CHILD_SA modes
...
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
2015-02-20 13:34:58 +01:00
b1ff437bbc
testing: Add a test scenario for make-before-break reauth using a virtual IP
2015-02-20 13:34:58 +01:00
ae3fdf2603
testing: Add a test scenario for make-before-break reauth without a virtual IP
2015-02-20 13:34:57 +01:00
65566c37ca
testing: Add tkm xfrmproxy-expire test
...
This test asserts that the handling of XFRM expire messages from the
kernel are handled correctly by the xfrm-proxy and the Esa Event Service
(EES) in charon-tkm.
2015-02-20 13:34:54 +01:00
03409ac7a0
testing: Assert ees acquire messages in xfrmproxy tests
2015-02-20 13:34:54 +01:00
8fce649d9a
testing: Assert proper ESA deletion
...
Extend the tkm/host2host-initiator testcase by asserting proper ESA
deletion after connection shutdown.
2015-02-20 13:34:52 +01:00
5028644943
Updated RFC3779 certificates
2014-12-28 12:53:16 +01:00
ac0cb2d363
Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario
2014-12-12 13:55:03 +01:00
c44f481ae0
Updated BLISS scenario keys and certificates to new format
2014-12-12 12:00:20 +01:00
9b01a061ec
Increased check size du to INITIAL_CONTACT notify
2014-11-29 14:57:41 +01:00
c02ebf1ecd
Renewed expired certificates
2014-11-29 14:51:18 +01:00
43d9247599
Created ikev2/rw-ntru-bliss scenario
2014-11-29 14:51:18 +01:00
0de4ba58ce
testing: Update tkm/multiple-clients/evaltest.dat
...
Since the CC context is now properly reset in the bus listener plugin,
the second connection from host dave re-uses the first CC ID. Adjust
the expect string on gateway sun accordingly.
2014-10-31 13:49:40 +01:00
a521ef3b8e
Increased fragment size to 1400 in ipv6/net2net-ikev1 scenario
2014-10-18 14:05:53 +02:00
09b46cdb6a
Enabled IKEv2 fragmentation in ipv6/net2net-ikev2 scenario
2014-10-18 14:05:18 +02:00
504bcf71b5
testing: Enable nat table for iptables on 3.17 kernels
2014-10-13 15:48:55 +02:00
cb5ad2ba3d
testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID Inventory attribute
2014-10-11 15:01:21 +02:00
a5e6a479d4
Added KVM config for 3.16 and 3.17 kernels
2014-10-11 14:50:08 +02:00
83efded313
testing: Ensure no guest is running when modifying images
...
Sometimes guests are not stopped properly. If images are then modified
they will be corrupted.
2014-10-10 19:03:50 +02:00
b7b2f9379d
testing: Enable virtio console for guests
...
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729 .
2014-10-10 19:03:28 +02:00
1836c1845b
testing: Add ikev2/net2net-fragmentation scenario
2014-10-10 09:33:23 +02:00
144b40e07c
testing: Update ikev1/net2net-fragmentation scenario
2014-10-10 09:32:42 +02:00
89e953797d
testing: Don't check for the actual number of SWID tags in PDP scenarios
...
The number of SWID tags varies depending on the base image, but lets
assume the number is in the hundreds.
2014-10-07 12:18:36 +02:00
8f9016b1e2
testing: Make TNC scenarios agnostic to the actual Debian version
...
The scenarios will work with new or old base images as long as the version
in use is included as product in the master data (src/libimcv/imv/data.sql).
2014-10-07 12:18:25 +02:00
93fac61da5
testing: Make TKM related build recipes future-proof
...
The tkm scenarios recently failed due to a segmentation fault on my host
because I had an old build of the tkm library already built in the build
directory. Because the stamp file was not versioned the new release was
never checked out or built and charon-tkm was linked against the old
version causing a segmentation fault during key derivation.
2014-10-07 10:47:06 +02:00
100c1a4bf1
testing: Updated certificates and keys in sql scenarios
2014-10-06 09:42:58 +02:00
73af3a1b04
Updated revoked certificate in ikev2/ocsp-revoked scenario
2014-10-05 21:33:35 +02:00
006518e859
The critical-extension scenarios need the old private keys
2014-10-05 20:58:03 +02:00
Andreas Steffen