From dc8ad57aa93dab8810a4240dc2fd2987b52ffe09 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Thu, 14 Sep 2006 06:39:14 +0000 Subject: [PATCH] two new test scenarios --- .../tests/ikev2/net2net-route/description.txt | 6 +++++ .../tests/ikev2/net2net-route/evaltest.dat | 6 +++++ .../net2net-route/hosts/moon/etc/ipsec.conf | 23 ++++++++++++++++++ .../net2net-route/hosts/sun/etc/ipsec.conf | 22 +++++++++++++++++ .../tests/ikev2/net2net-route/posttest.dat | 2 ++ testing/tests/ikev2/net2net-route/pretest.dat | 6 +++++ testing/tests/ikev2/net2net-route/test.conf | 21 ++++++++++++++++ .../tests/ikev2/net2net-start/description.txt | 5 ++++ .../tests/ikev2/net2net-start/evaltest.dat | 5 ++++ .../net2net-start/hosts/moon/etc/ipsec.conf | 24 +++++++++++++++++++ .../net2net-start/hosts/sun/etc/ipsec.conf | 22 +++++++++++++++++ .../tests/ikev2/net2net-start/posttest.dat | 2 ++ testing/tests/ikev2/net2net-start/pretest.dat | 6 +++++ testing/tests/ikev2/net2net-start/test.conf | 21 ++++++++++++++++ 14 files changed, 171 insertions(+) create mode 100644 testing/tests/ikev2/net2net-route/description.txt create mode 100644 testing/tests/ikev2/net2net-route/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-route/posttest.dat create mode 100644 testing/tests/ikev2/net2net-route/pretest.dat create mode 100644 testing/tests/ikev2/net2net-route/test.conf create mode 100644 testing/tests/ikev2/net2net-start/description.txt create mode 100644 testing/tests/ikev2/net2net-start/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-start/posttest.dat create mode 100644 testing/tests/ikev2/net2net-start/pretest.dat create mode 100644 testing/tests/ikev2/net2net-start/test.conf diff --git a/testing/tests/ikev2/net2net-route/description.txt b/testing/tests/ikev2/net2net-route/description.txt new file mode 100644 index 0000000000..7bd102e8b9 --- /dev/null +++ b/testing/tests/ikev2/net2net-route/description.txt @@ -0,0 +1,6 @@ +A tunnel that will connect the subnets behind the gateways moon +and sun, respectively, is preconfigured by installing a %trap eroute +on gateway moon by means of the setting auto=route in ipsec.conf. +A subsequent ping issued by client alice behind gateway moon to +bob located behind gateway sun triggers the %trap eroute and +leads to the automatic establishment of the subnet-to-subnet tunnel. diff --git a/testing/tests/ikev2/net2net-route/evaltest.dat b/testing/tests/ikev2/net2net-route/evaltest.dat new file mode 100644 index 0000000000..a7a7e01d81 --- /dev/null +++ b/testing/tests/ikev2/net2net-route/evaltest.dat @@ -0,0 +1,6 @@ +moon::cat /var/log/auth.log::acquiring CHILD_SA.*IKE_SA setup needed::YES +moon::ipsec statusall::net-net.*INSTALLED::YES +sun::ipsec statusall::net-net.*INSTALLED::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf new file mode 100755 index 0000000000..f456049fcd --- /dev/null +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + leftnexthop=%direct + keyexchange=ikev2 + +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + right=PH_IP_SUN + rightsubnet=10.2.0.0/16 + rightid=@sun.strongswan.org + auto=route diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf new file mode 100755 index 0000000000..32697a87a9 --- /dev/null +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + keyexchange=ikev2 + auto=add diff --git a/testing/tests/ikev2/net2net-route/posttest.dat b/testing/tests/ikev2/net2net-route/posttest.dat new file mode 100644 index 0000000000..dff181797e --- /dev/null +++ b/testing/tests/ikev2/net2net-route/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +sun::ipsec stop diff --git a/testing/tests/ikev2/net2net-route/pretest.dat b/testing/tests/ikev2/net2net-route/pretest.dat new file mode 100644 index 0000000000..2665f4df60 --- /dev/null +++ b/testing/tests/ikev2/net2net-route/pretest.dat @@ -0,0 +1,6 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +sun::echo 1 > /proc/sys/net/ipv4/ip_forward +moon::ipsec start +sun::ipsec start +moon::sleep 2 +alice::ping -c 10 PH_IP_BOB diff --git a/testing/tests/ikev2/net2net-route/test.conf b/testing/tests/ikev2/net2net-route/test.conf new file mode 100644 index 0000000000..d9a61590fd --- /dev/null +++ b/testing/tests/ikev2/net2net-route/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev2/net2net-start/description.txt b/testing/tests/ikev2/net2net-start/description.txt new file mode 100644 index 0000000000..b2b897cb40 --- /dev/null +++ b/testing/tests/ikev2/net2net-start/description.txt @@ -0,0 +1,5 @@ +A tunnel connecting the subnets behind the gateways moon and sun, +respectively, is automatically established by means of the setting +auto=start in ipsec.conf. The connection is tested by client alice +behind gateway moon pinging the client bob located behind +gateway sun. diff --git a/testing/tests/ikev2/net2net-start/evaltest.dat b/testing/tests/ikev2/net2net-start/evaltest.dat new file mode 100644 index 0000000000..244dec5bff --- /dev/null +++ b/testing/tests/ikev2/net2net-start/evaltest.dat @@ -0,0 +1,5 @@ +moon::ipsec statusall::net-net.*INSTALLED::YES +sun::ipsec statusall::net-net.*INSTALLED::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf new file mode 100755 index 0000000000..66c77fdfef --- /dev/null +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + leftnexthop=%direct + keyexchange=ikev2 + +conn net-net + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + right=PH_IP_SUN + rightsubnet=10.2.0.0/16 + rightid=@sun.strongswan.org + auto=start diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf new file mode 100755 index 0000000000..32697a87a9 --- /dev/null +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf @@ -0,0 +1,22 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + keyexchange=ikev2 + auto=add diff --git a/testing/tests/ikev2/net2net-start/posttest.dat b/testing/tests/ikev2/net2net-start/posttest.dat new file mode 100644 index 0000000000..dff181797e --- /dev/null +++ b/testing/tests/ikev2/net2net-start/posttest.dat @@ -0,0 +1,2 @@ +moon::ipsec stop +sun::ipsec stop diff --git a/testing/tests/ikev2/net2net-start/pretest.dat b/testing/tests/ikev2/net2net-start/pretest.dat new file mode 100644 index 0000000000..334465b8f0 --- /dev/null +++ b/testing/tests/ikev2/net2net-start/pretest.dat @@ -0,0 +1,6 @@ +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +sun::echo 1 > /proc/sys/net/ipv4/ip_forward +sun::ipsec start +sun::sleep 2 +moon::ipsec start +alice::sleep 3 diff --git a/testing/tests/ikev2/net2net-start/test.conf b/testing/tests/ikev2/net2net-start/test.conf new file mode 100644 index 0000000000..d9a61590fd --- /dev/null +++ b/testing/tests/ikev2/net2net-start/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun"