sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificates

Browse Source
This commit is contained in:
Andreas Steffen 2016-12-09 10:14:42 +01:00 committed by Tobias Brunner
parent f2eb367adc
commit 94ae1ac18e
28 changed files with 300 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB4jCCAZSgAwIBAgIBAzAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDExWhcNMjExMjA0MjI0MDExWjBbMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh
APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GIMIGFMB8GA1UdIwQY
MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u
Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAFBgMrZXADQQAC5ukfb9FmxhM5
ynVSrYUvCfii+zD7SjA+kFabRZ6tgoTWBBUONT31dwLpD0Aqe0z7SWLTXpeVVAl4
JbhZsPUD
-----END CERTIFICATE-----

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/daveCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB4DCCAZKgAwIBAgIBBDAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjIzODQwWhcNMjExMjA0MjIzODQwWjBaMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRwwGgYDVQQDDBNkYXZlQHN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
fYCNzyBpr3lne+kVB27q7O7TvMkERDB9kRnzNSx30hijgYcwgYQwHwYDVR0jBBgw
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
d2FuLm9yZzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
b3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmwwBQYDK2VwA0EAEG4SjQX49xhuMiyn
86uOCxDWy08KUQRBLoqan+cPfYDPgCbblpbmJOoCBtcUyzEYQ+L/gCQzwLAUZSbK
MEj7Dg==
-----END CERTIFICATE-----

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/moonCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww
BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX
8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA==
-----END CERTIFICATE-----

13
testing/hosts/winnetou/etc/openssl/ed25519/newcerts/sunCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn
HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW
gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh
bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0
cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG
AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq
8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA=
-----END CERTIFICATE-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/carolKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIJk9u+XHU+E8YNCuj/bTDVRHbWDk2NzCyrTFqtzWRAv8
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/daveKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIF17ReOyn64y7tmC11XyYzcALKmu9lkS0VnWSd0l54FX
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/moonKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/ed25519/newkeys/sunKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0
-----END PRIVATE KEY-----

BIN
testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519.crl Normal file
View File

Binary file not shown.

11
testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Cert.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
-----END CERTIFICATE-----

3
testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519Key.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIHb+63Ppcfc9m/E9EyoojCDUz6KcUmwTquU7sgpmctz0
-----END PRIVATE KEY-----

3
testing/hosts/winnetou/etc/openssl/generate-crl
View File

@ -63,3 +63,6 @@ cp strongswan_bliss.crl ${ROOT}
cd /etc/openssl/sha3-rsa
pki --signcrl --cacert strongswanCert.pem --cakey strongswanKey.pem --lifetime 30 --digest sha3_256 > strongswan-sha3-rsa.crl
cp strongswan-sha3-rsa.crl ${ROOT}
cd /etc/openssl/ed25519
pki --signcrl --cacert strongswan_ed25519Cert.pem --cakey strongswan_ed25519Key.pem --lifetime 30 > strongswan_ed25519.crl
cp strongswan_ed25519.crl ${ROOT}

2
testing/hosts/winnetou/etc/strongswan.conf
View File

@ -1,5 +1,5 @@
# strongswan.conf - strongSwan configuration file
pki {
load = random pem sha1 sha2 sha3 pkcs1 pem gmp mgf1 bliss x509
load = random pem sha1 sha2 sha3 pkcs1 pkcs8 pem gmp mgf1 bliss curve25519 x509
}

6
testing/tests/swanctl/net2net-ed25519/description.txt Executable file
View File

@ -0,0 +1,6 @@
A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
The authentication is based on <b>X.509 certificates</b> containing <b>Ed25519</b> keys.
Upon the successful establishment of the IPsec tunnel, the updown script automatically
inserts iptables-based firewall rules that let pass the tunneled traffic.
In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
pings client <b>bob</b> located behind gateway <b>sun</b>.

7
testing/tests/swanctl/net2net-ed25519/evaltest.dat Executable file
View File

@ -0,0 +1,7 @@
moon::cat /var/log/daemon.log::authentication of.*sun.strongswan.org.*with ED25519 successful::YES
sun:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ED25519 successful::YES
moon::swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[10.2.0.0/16]::YES
sun:: swanctl --list-sas --raw 2> /dev/null::gw-gw.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net-net.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.2.0.0/16] remote-ts=\[10.1.0.0/16]::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_.eq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES

22
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf Executable file
View File

@ -0,0 +1,22 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
charon {
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
start-scripts {
creds = /usr/local/sbin/swanctl --load-creds
conns = /usr/local/sbin/swanctl --load-conns
}
syslog {
auth {
default = 0
}
daemon {
default = 1
}
}
}

3
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/pkcs8/moonKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk
-----END PRIVATE KEY-----

33
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/swanctl.conf Executable file
View File

@ -0,0 +1,33 @@
connections {
gw-gw {
local_addrs = 192.168.0.1
remote_addrs = 192.168.0.2
local {
auth = pubkey
certs = moonCert.pem
id = moon.strongswan.org
}
remote {
auth = pubkey
id = sun.strongswan.org
}
children {
net-net {
local_ts = 10.1.0.0/16
remote_ts = 10.2.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
rekey_time = 5400
rekey_bytes = 500000000
rekey_packets = 1000000
esp_proposals = aes128gcm128-curve25519
}
}
version = 2
mobike = no
reauth_time = 10800
proposals = aes128-sha256-curve25519
}
}

13
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509/moonCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw
FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww
BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX
8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA==
-----END CERTIFICATE-----

11
testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
-----END CERTIFICATE-----

22
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf Executable file
View File

@ -0,0 +1,22 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
}
charon {
load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
start-scripts {
creds = /usr/local/sbin/swanctl --load-creds
conns = /usr/local/sbin/swanctl --load-conns
}
syslog {
auth {
default = 0
}
daemon {
default = 1
}
}
}

3
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/pkcs8/sunKey.pem Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIF8vNpW9TVnEB+DzglbCjuZr+1u84dHRofgHoybGL9j0
-----END PRIVATE KEY-----

33
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/swanctl.conf Executable file
View File

@ -0,0 +1,33 @@
connections {
gw-gw {
local_addrs = 192.168.0.2
remote_addrs = 192.168.0.1
local {
auth = pubkey
certs = sunCert.pem
id = sun.strongswan.org
}
remote {
auth = pubkey
id = moon.strongswan.org
}
children {
net-net {
local_ts = 10.2.0.0/16
remote_ts = 10.1.0.0/16
updown = /usr/local/libexec/ipsec/_updown iptables
rekey_time = 5400
rekey_bytes = 500000000
rekey_packets = 1000000
esp_proposals = aes128gcm128-curve25519
}
}
version = 2
mobike = no
reauth_time = 10800
proposals = aes128-sha256-curve25519
}
}

13
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509/sunCert.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB8zCCAaWgAwIBAgIBAjAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDAyWhcNMjExMjA0MjI0MDAyWjBZMQswCQYD
VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
ZDI1NTE5MRswGQYDVQQDExJzdW4uc3Ryb25nc3dhbi5vcmcwKjAFBgMrZXADIQBn
HgUv3QIepihJpxydVVtgTsIqminFnbGSER5ReAaQ+qOBmzCBmDAfBgNVHSMEGDAW
gBQjTpKQCkiG9gVd/nmndgM6jnDY+DAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dh
bi5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0
cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VkMjU1MTkuY3JsMAUG
AytlcANBAC27Z6Q7/c21bPb3OfvbdnePhIpgGM3LVBL/0Pj9VOAtUec/Rv2rPNHq
8C1xtc/jMCsI/NdpXSZCeN0lQgf0mgA=
-----END CERTIFICATE-----

11
testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/swanctl/x509ca/strongswanCert.pem Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBljCCAUigAwIBAgIIBrMLy9hl4GQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNCMEAwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
MAUGAytlcANBAEimNd3OTwM42KM0D+E6nJMHbrGSLA1XAukJDH9w30tzkbQHxTSv
OPEN02ar1L30xfYVySJhV9i5cE8QkhThcAQ=
-----END CERTIFICATE-----

7
testing/tests/swanctl/net2net-ed25519/posttest.dat Executable file
View File

@ -0,0 +1,7 @@
moon::swanctl --terminate --ike gw-gw 2> /dev/null
moon::service charon stop 2> /dev/null
sun::service charon stop 2> /dev/null
moon::iptables-restore < /etc/iptables.flush
sun::iptables-restore < /etc/iptables.flush
moon::rm /etc/swanctl/pkcs8/*
sun::rm /etc/swanctl/pkcs8/*

9
testing/tests/swanctl/net2net-ed25519/pretest.dat Executable file
View File

@ -0,0 +1,9 @@
moon::rm /etc/swanctl/rsa/moonKey.pem
sun::rm /etc/swanctl/rsa/sunKey.pem
moon::iptables-restore < /etc/iptables.rules
sun::iptables-restore < /etc/iptables.rules
moon::service charon start 2> /dev/null
sun::service charon start 2> /dev/null
moon::expect-connection gw-gw
sun::expect-connection gw-gw
moon::swanctl --initiate --child net-net 2> /dev/null

25
testing/tests/swanctl/net2net-ed25519/test.conf Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
#
# This configuration file provides information on the
# guest instances used for this test
# All guest instances that are required for this test
#
VIRTHOSTS="alice moon winnetou sun bob"
# Corresponding block diagram
#
DIAGRAM="a-m-w-s-b.png"
# Guest instances on which tcpdump is to be started
#
TCPDUMPHOSTS="sun"
# Guest instances on which IPsec is started
# Used for IPsec logging purposes
#
IPSECHOSTS="moon sun"
# charon controlled by swanctl
#
SWANCTL=1