updated ikev1/xauth-psk-mode-config scenario to support xauth plugin

2025-10-06 00:00:47 -04:00 · 2010-05-18 22:56:42 +02:00 · 2010-05-18 22:56:42 +02:00 · 1fe5d973cb
commit 1fe5d973cb
parent 17adc8d074
11 changed files with 16 additions and 21 deletions
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/description.txt
@ -2,8 +2,8 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>
 The authentication is based on Pre-Shared Keys (<b>PSK</b>)
 followed by extended authentication (<b>XAUTH</b>) of <b>carol</b> and <b>dave</b>
 based on user names and passwords. Next <b>carol</b> and <b>dave</b> request a
-<b>virtual IP</b> via the IKE Mode Config protocol by using the
-<b>leftsourceip=%modeconfig</b> parameter.
+<b>virtual IP</b> via the IKE Mode Config protocol by using the <b>leftsourceip=%modeconfig</b>
+parameter. The virtual IP addresses are registered under the users' XAUTH identity. 
 <p>
 Upon the successful establishment of the IPsec tunnel, leftfirewall=yes automatically
 inserts iptables-based firewall rules that let pass the tunneled traffic.
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/evaltest.dat
@ -1,11 +1,9 @@
 carol::cat /var/log/auth.log::extended authentication was successful::YES
 dave::cat /var/log/auth.log::extended authentication was successful::YES
-moon::cat /var/log/auth.log::carol.*extended authentication was successful::YES
-moon::cat /var/log/auth.log::dave.*extended authentication was successful::YES
+moon::ipsec leases rw 10.3.0.1::carol::YES
+moon::ipsec leases rw 10.3.0.2::dave::YES
 carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
 dave::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::carol.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec status::dave.*STATE_QUICK_R2.*IPsec SA established::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.conf
@ -21,4 +21,5 @@ conn home
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
+	xauth_identity=carol
 	auto=add
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/ipsec.secrets
@ -6,4 +6,4 @@ carol@strongswan.org @moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21

 carol@strongswan.org @sun.strongswan.org :  PSK 0sR64pR6y0S5d6d8rNhUIM7aPbdjND4st5

-: XAUTH carol "4iChxLT3" 
+carol : XAUTH "4iChxLT3" 
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/carol/etc/strongswan.conf
@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file

 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random
+  load = sha1 sha2 md5 aes des hmac gmp random xauth
 }

 # pluto uses optimized DH exponent sizes (RFC 3526)
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.conf
@ -21,4 +21,5 @@ conn home
 	right=PH_IP_MOON
 	rightid=@moon.strongswan.org
 	rightsubnet=10.1.0.0/16
+	xauth_identity=dave
 	auto=add
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/ipsec.secrets
@ -2,4 +2,4 @@

 : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL

-: XAUTH dave "ryftzG4A" 
+dave : XAUTH "ryftzG4A" 
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/dave/etc/strongswan.conf
@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file

 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random
+  load = sha1 sha2 md5 aes des hmac gmp random xauth
 }

 # pluto uses optimized DH exponent sizes (RFC 3526)
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.conf
@ -13,17 +13,12 @@ conn %default
 	keyingtries=1
 	authby=xauthpsk
 	xauth=server
+
+conn rw
 	left=PH_IP_MOON
 	leftid=@moon.strongswan.org
 	leftsubnet=10.1.0.0/16
 	leftfirewall=yes
 	right=%any
+	rightsourceip=10.3.0.0/24
 	auto=add
-
-conn carol
-	rightid=carol@strongswan.org
-	rightsourceip=PH_IP_CAROL1
-
-conn dave
-	rightid=dave@strongswan.org
-	rightsourceip=PH_IP_DAVE1
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/ipsec.secrets
@ -2,6 +2,6 @@

@moon.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL

-: XAUTH carol "4iChxLT3"
+carol : XAUTH "4iChxLT3"

-: XAUTH dave  "ryftzG4A"
+dave  : XAUTH "ryftzG4A"
--- a/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/xauth-id-psk-mode-config/hosts/moon/etc/strongswan.conf
@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file

 pluto {
-  load = sha1 sha2 md5 aes des hmac gmp random
+  load = sha1 sha2 md5 aes des hmac gmp random xauth
 }

 # pluto uses optimized DH exponent sizes (RFC 3526)