added the ikev2/any-interface scenario

testing/tests/ikev2/any-interface/description.txt

@@ -0,0 +1,8 @@
+By setting <b>left=%any</b> this scenario tests the ability of the IKEv2 daemon
+to automatically determine its own IP address of an IPsec SA to be established.
+This is achieved by finding a route via the correct network interface to the remote IPsec peer.
+<p>
+The hosts <b>moon</b> and <b>bob</b> act as initiators by setting <b>auto=route</b>
+whereas the hosts <b>alice</b> and <b>sun</b> act as responders by setting <b>auto=add</b>.
+Pings from <b>moon</b> to <b>alice</b> and <b>sun</b> as well as a ping from <b>bob</b>
+to <b>sun</b> set up three compressed IPsec Transport Mode connections.

testing/tests/ikev2/any-interface/evaltest.dat

@@ -0,0 +1,14 @@
+moon::cat /var/log/daemon.log::creating acquire job for CHILD_SA::YES
+bob::cat /var/log/daemon.log::creating acquire job for CHILD_SA::YES
+moon::ipsec statusall::alice.*INSTALLED, TRANSPORT::YES
+moon::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
+alice::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
+sun::ipsec statusall::remote.*INSTALLED, TRANSPORT::YES
+bob::ipsec statusall::sun.*INSTALLED, TRANSPORT::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+bob::tcpdump::IP bob.strongswan.org > sun1.strongswan.org: ESP::YES
+bob::tcpdump::IP sun1.strongswan.org > bob.strongswan.org: ESP::YES
+

testing/tests/ikev2/any-interface/hosts/alice/etc/ipsec.conf

@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=clear
+	dpddelay=10
+	left=%any
+	leftcert=aliceCert.pem
+
+conn remote
+	right=%any
+	auto=add

testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf

@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}

testing/tests/ikev2/any-interface/hosts/bob/etc/ipsec.conf

@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=hold
+	dpddelay=10
+	left=%any
+	leftcert=bobCert.pem
+
+conn sun 
+	right=PH_IP_SUN1
+	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	auto=route

testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf

@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}

testing/tests/ikev2/any-interface/hosts/moon/etc/ipsec.conf

@@ -0,0 +1,30 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=hold
+	dpddelay=10
+	left=%any
+	leftcert=moonCert.pem
+
+conn alice
+	right=PH_IP_ALICE
+	rightid="C=CH, O=Linux strongSwan, OU=Sales, CN=alice@strongswan.org"
+	auto=route
+
+conn sun 
+	right=PH_IP_SUN
+	rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org"
+	auto=route

testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf

@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}

testing/tests/ikev2/any-interface/hosts/sun/etc/ipsec.conf

@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+	type=transport
+	compress=yes
+	dpdaction=clear
+	dpddelay=10
+	left=%any
+	leftcert=sunCert.pem
+
+conn remote
+	right=%any
+	auto=add

testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf

@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke
+}

testing/tests/ikev2/any-interface/posttest.dat

@@ -0,0 +1,6 @@
+alice::ipsec stop
+moon::ipsec stop
+sun::ipsec stop
+bob::ipsec stop
+winnetou::ip route del 10.1.0.0/16 via PH_IP_MOON
+winnetou::ip route del 10.2.0.0/16 via PH_IP_SUN

testing/tests/ikev2/any-interface/pretest.dat

@@ -0,0 +1,12 @@
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+sun::echo 1 > /proc/sys/net/ipv4/ip_forward
+winnetou::ip route add 10.1.0.0/16 via PH_IP_MOON
+winnetou::ip route add 10.2.0.0/16 via PH_IP_SUN
+alice::ipsec start
+moon::ipsec start
+sun::ipsec start
+bob::ipsec start
+moon::sleep 2 
+moon::ping -n -c 3 -s 8184 -p deadbeef PH_IP_ALICE
+moon::ping -n -c 3 -s 8184 -p deadbeef PH_IP_SUN
+bob::ping -n -c 3 -s 8184 -p deadbeef PH_IP_SUN1

testing/tests/ikev2/any-interface/test.conf

@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice sun bob"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon sun bob"