Implement net2net-initiator integration test

2025-12-15 00:00:26 -05:00 · 2013-01-28 10:40:36 +01:00 · 2013-01-28 10:40:36 +01:00 · 847d320950
commit 847d320950
parent d8b2064a34
9 changed files with 104 additions and 0 deletions
--- a/testing/tests/tkm/net2net-initiator/description.txt
+++ b/testing/tests/tkm/net2net-initiator/description.txt
@ -0,0 +1,5 @@
+A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b>
+is set up. The host <b>moon</b> uses the Trusted Key Manager (TKM) and is the
+initiator of the tunnel connection. The authentication is based on X.509
+certificates. In order to test the tunnel, client <b>alice</b> behind gateway
+<b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
--- a/testing/tests/tkm/net2net-initiator/evaltest.dat
+++ b/testing/tests/tkm/net2net-initiator/evaltest.dat
@ -0,0 +1,12 @@
+moon::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TUNNEL::YES
+sun::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_req=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+moon::cat /tmp/tkm.log::RSA private key '/etc/tkm/moonKey.der' loaded::YES
+moon::cat /tmp/tkm.log::Adding policy \[ 1, 10.1.0.0/16 > 192.168.0.1 <=> 192.168.0.2 < 10.2.0.0/16 \]::YES
+moon::cat /tmp/tkm.log::Checked CA certificate of CC context 1::YES
+moon::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES
+moon::cat /tmp/tkm.log::Adding SA \[ 1, 10.1.0.0/16 > 192.168.0.1 <=> 192.168.0.2 < 10.2.0.0/16, SPI_in.*, SPI_out.*, soft 30, hard 60 \]::YES
--- a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/moonKey.der
+++ b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/moonKey.der
--- a/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/tkm.conf
+++ b/testing/tests/tkm/net2net-initiator/hosts/moon/etc/tkm/tkm.conf
@ -0,0 +1,23 @@
+<tkmconfig>
+    <local_identity id="1">
+        <identity>moon.strongswan.org</identity>
+        <certificate>moonCert.pem</certificate>
+    </local_identity>
+    <policy id="1">
+        <mode>tunnel</mode>
+        <local>
+            <identity_id>1</identity_id>
+            <ip>192.168.0.1</ip>
+            <net mask="16">10.1.0.0</net>
+        </local>
+        <remote>
+            <identity>sun.strongswan.org</identity>
+            <ip>192.168.0.2</ip>
+            <net mask="16">10.2.0.0</net>
+        </remote>
+        <lifetime>
+            <soft>30</soft>
+            <hard>60</hard>
+        </lifetime>
+    </policy>
+</tkmconfig>
--- a/testing/tests/tkm/net2net-initiator/hosts/sun/etc/ipsec.conf
+++ b/testing/tests/tkm/net2net-initiator/hosts/sun/etc/ipsec.conf
@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+
+conn net-net
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=sun.strongswan.org
+	leftsubnet=10.2.0.0/16
+	right=PH_IP_MOON
+	rightid=moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	ike=aes256-sha512-modp4096!
+	esp=aes256-sha512-modp4096!
+	auto=add
--- a/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown
+  multiple_authentication = no
+}
--- a/testing/tests/tkm/net2net-initiator/posttest.dat
+++ b/testing/tests/tkm/net2net-initiator/posttest.dat
@ -0,0 +1,4 @@
+moon::DAEMON_NAME=charon-tkm ipsec stop
+moon::killall tkm_keymanager
+moon::rm -f /tmp/tkm.rpc.ike /tmp/tkm.rpc.ees /tmp/tkm.log
+sun::ipsec stop
--- a/testing/tests/tkm/net2net-initiator/pretest.dat
+++ b/testing/tests/tkm/net2net-initiator/pretest.dat
@ -0,0 +1,10 @@
+moon::rm /etc/ipsec.secrets
+moon::tkm_cfgtool -c /etc/tkm/tkm.conf -i /etc/ipsec.conf -t /etc/tkm/tkm.bin -s /usr/local/share/tkm/tkmconfig.xsd
+moon::cat /etc/ipsec.conf
+moon::tkm_keymanager -c /etc/tkm/tkm.bin -k /etc/tkm/moonKey.der -r /etc/tkm/strongswanCert.der >/tmp/tkm.log 2>&1 &
+moon::expect-file /tmp/tkm.rpc.ike
+moon::DAEMON_NAME=charon-tkm ipsec start
+sun::ipsec start
+sun::expect-connection net-net
+moon::DAEMON_NAME=charon-tkm expect-connection conn1
+moon::DAEMON_NAME=charon-tkm ipsec up conn1
--- a/testing/tests/tkm/net2net-initiator/test.conf
+++ b/testing/tests/tkm/net2net-initiator/test.conf
@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"