Tobias Brunner
28649f6d91
libhydra: Remove empty unused library
2016-03-03 17:36:11 +01:00
Andreas Steffen
efefa0c6a1
testing: Added swanctl/shunt-policies-nat-rw
2016-02-28 22:25:50 +01:00
Andreas Steffen
13891e2a4f
testing: Some minor fixes in test scenarios
2016-02-28 22:25:21 +01:00
Andreas Steffen
68c9f0bb80
testing: Added swanctl/protoport-dual scenario
2016-02-28 14:33:48 +01:00
Andreas Steffen
ddf1fc7692
testing: converted af-alg scenarios to swanctl
2016-02-26 13:31:36 +01:00
Tobias Brunner
4625113b1a
testing: Use absolute path to the _updown script in SQL scenarios
...
/usr/local/sbin is not included in PATH set by the charon init script and
since the ipsec script is obsolete when using swanctl it makes sense to
change this anyway.
2016-02-17 12:00:20 +01:00
Andreas Steffen
963b080810
testing: Increased ping interval in ikev2/trap-any scenario
2016-02-16 18:21:19 +01:00
Andreas Steffen
726a45b2f2
Corrected the description of the swanctl/dhcp-dynamic scenario
2016-02-16 18:17:17 +01:00
Andreas Steffen
4d83c5b4a6
Fix of the mutual TNC measurement use case
...
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.
In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.
The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
2016-02-16 18:00:27 +01:00
Andreas Steffen
ac134b470a
testing: Added swanctl/dhcp-dynamic scenario
2016-02-03 12:10:59 +01:00
Thomas Egerer
beb4a07ea8
ikev1: Log successful authentication with signature scheme
...
Output is now identical to that of the IKEv2 pubkey authenticator.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
2016-02-01 15:58:53 +01:00
Tobias Brunner
4cfcbe97a4
testing: Don't attempt to start the daemon twice in ha/active-passive scenario
2016-02-01 10:51:12 +01:00
Andreas Steffen
67a38ac6f1
testing: Added swanctl/config-payload scenario
2016-01-14 06:31:28 +01:00
Andreas Steffen
e7b5171e43
testing: Use include statement in swanctl/rw-pubkey-keyid scenario
2016-01-14 01:44:17 +01:00
Andreas Steffen
2aa2b17d41
testing: swanctl/rw-pubkey-anon uses anonymous public keys in remote access scenario
2016-01-09 07:23:30 +01:00
Andreas Steffen
b83cef2412
testing: added swanctl scenarios net2net-pubkey, rw-pubkey-keyid and rw-dnssec
2016-01-09 07:23:30 +01:00
Andreas Steffen
bffbf2f5fd
testing: Fixed description of swanctl/frags-iv4 scenario
2016-01-09 00:17:31 +01:00
Andreas Steffen
9db530493f
testing: Change sql scenarios to swanctl
2016-01-03 06:28:48 +01:00
Tobias Brunner
1a79525559
testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs
2015-12-21 12:14:12 +01:00
Andreas Steffen
490ba67682
testing: Fixed description in swanctl/rw-ntru-bliss scenario
2015-12-18 15:24:59 +01:00
Andreas Steffen
9463350943
testing: swanctl is enabled by default
2015-12-18 15:22:29 +01:00
Andreas Steffen
76cbf1df34
testing: Added swanctl/rw-ntru-bliss scenario
2015-12-17 17:49:48 +01:00
Andreas Steffen
5e2b740a00
128 bit default security strength requires 3072 bit prime DH group
2015-12-14 10:39:40 +01:00
Andreas Steffen
36b6d400d2
testing: swanctl/rw-cert scenario tests password-protected RSA key
2015-12-12 17:12:44 +01:00
Andreas Steffen
4f7f2538c4
Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit security
2015-12-12 15:54:48 +01:00
Andreas Steffen
fad851e2d3
Use VICI 2.0 protocol version for certificate queries
2015-12-11 18:26:54 +01:00
Andreas Steffen
6789d79d46
testing: Added swanctl --list-algs output
2015-12-11 18:26:54 +01:00
Andreas Steffen
6aa7703122
testing: Converted tnc scenarios to swanctl
2015-12-11 18:26:54 +01:00
Tobias Brunner
74270c8c86
vici: Don't report memory usage via leak-detective
...
This slowed down the `swanctl --stats` calls in the test scenarios
significantly, with not much added value.
2015-12-11 18:26:53 +01:00
Tobias Brunner
ae37090e65
testing: Use expect-connection in swanctl scenarios
...
Only in net2net-start do we have to use `sleep` to ensure the SA is
up when the tests are running.
2015-12-11 18:26:53 +01:00
Tobias Brunner
b77e25c381
testing: The expect-connection helper may use swanctl to check for connections
...
Depending on the plugin configuration in the test scenario either
`ipsec statusall` or `swanctl --list-conns` is used to check for a named
connection.
2015-12-11 18:26:53 +01:00
Andreas Steffen
cbc43f1b43
testing: Some more timing fixes
2015-12-01 14:51:23 +01:00
Andreas Steffen
dddb32329c
testing: Updated expired mars.strongswan.org certificate
2015-11-26 09:55:28 +01:00
Andreas Steffen
1c1f713431
testing: Error messages of curl plugin have changed
2015-11-13 14:02:45 +01:00
Andreas Steffen
c4b9b7ef2c
testing: Fixed another timing issue
2015-11-13 14:02:06 +01:00
Andreas Steffen
019c7c2310
testing: Check for leases in swanctl/ip-pool scenario
2015-11-11 08:43:43 +01:00
Andreas Steffen
946bc3a3f5
testing: Fixed some more timing issues
2015-11-10 16:54:38 +01:00
Tobias Brunner
10051b01e9
testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs
2015-11-09 15:18:39 +01:00
Tobias Brunner
3102da20a7
testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNC
2015-11-09 15:18:38 +01:00
Tobias Brunner
e873cb5a28
testing: Add test config to create and remove a directory for DBs stored in ramfs
2015-11-09 15:18:38 +01:00
Tobias Brunner
10fa70ee5c
testing: Improve runtime of TNC tests by storing the SQLite DB in ramfs
...
This saves about 50%-70% of the time needed for scenarios that use a DB.
2015-11-09 15:18:38 +01:00
Tobias Brunner
f24ec20ebb
testing: Fix test constraints in ikev2/rw-ntru-bliss scenario
...
Changed with a88d958933
("Explicitly mention SHA2 algorithm in BLISS
OIDs and signature schemes").
2015-11-09 15:18:38 +01:00
Andreas Steffen
529357f09a
testing: Use sha3 plugin in ikev2/rw-cert scenario
2015-11-09 15:18:38 +01:00
Tobias Brunner
bcad0f761f
testing: Report the actual strongSwan and kernel versions
2015-11-09 15:18:37 +01:00
Tobias Brunner
5a919312b3
testing: Record strongSwan version when building from tarball
2015-11-09 15:18:37 +01:00
Tobias Brunner
aee35392d1
testing: Record strongSwan version when building from source tree
2015-11-09 15:18:37 +01:00
Tobias Brunner
d4908c06c1
testing: Report time required for all scenarios on test overview page
2015-11-09 15:18:37 +01:00
Tobias Brunner
f7234e5e9f
testing: Remove old SWID tags when building from repository
...
This fixes the TNC-PDP scenarios.
2015-11-09 15:18:36 +01:00
Tobias Brunner
e22a663129
testing: Don't log anything to the console if auth.log or daemon.log do not exist
2015-11-09 15:18:36 +01:00
Tobias Brunner
12f08e07e1
testing: Simplify fetching of swanctl --list-* output
2015-11-09 15:18:36 +01:00