sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
14,572 Commits 101 Branches 327 Tags
Commit Graph

971 Commits

Author SHA1 Message Date
Martin Willi
c10b2be967 testing: Add a forecast test case 2015-02-20 16:34:55 +01:00
Martin Willi
9ed09d5f77 testing: Add a connmark plugin test 
In this test two hosts establish a transport mode connection from behind
moon. sun uses the connmark plugin to distinguish the flows.

This is an example that shows how one can terminate L2TP/IPsec connections
from two hosts behind the same NAT. For simplification of the test, we use
an SSH connection instead, but this works for any connection initiated flow
that conntrack can track.
 2015-02-20 16:34:54 +01:00
Martin Willi
f27fb58ae0 testing: Update description and test evaluation of host2host-transport-nat 
As we now reuse the reqid for identical SAs, the behavior changes for
transport connections to multiple peers behind the same NAT. Instead of
rejecting the SA, we now have two valid SAs active. For the reverse path,
however, sun sends traffic always over the newer SA, resembling the behavior
before we introduced explicit SA conflicts for different reqids.
 2015-02-20 13:34:58 +01:00
Martin Willi
050556bf59 testing: Be a little more flexible in testing for established CHILD_SA modes 
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
 2015-02-20 13:34:58 +01:00
Martin Willi
b1ff437bbc testing: Add a test scenario for make-before-break reauth using a virtual IP 2015-02-20 13:34:58 +01:00
Martin Willi
ae3fdf2603 testing: Add a test scenario for make-before-break reauth without a virtual IP 2015-02-20 13:34:57 +01:00
Reto Buerki
65566c37ca testing: Add tkm xfrmproxy-expire test 
This test asserts that the handling of XFRM expire messages from the
kernel are handled correctly by the xfrm-proxy and the Esa Event Service
(EES) in charon-tkm.
 2015-02-20 13:34:54 +01:00
Reto Buerki
03409ac7a0 testing: Assert ees acquire messages in xfrmproxy tests 2015-02-20 13:34:54 +01:00
Reto Buerki
8fce649d9a testing: Assert proper ESA deletion 
Extend the tkm/host2host-initiator testcase by asserting proper ESA
deletion after connection shutdown.
 2015-02-20 13:34:52 +01:00
Andreas Steffen
5028644943 Updated RFC3779 certificates 2014-12-28 12:53:16 +01:00
Andreas Steffen
ac0cb2d363 Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario 2014-12-12 13:55:03 +01:00
Andreas Steffen
c44f481ae0 Updated BLISS scenario keys and certificates to new format 2014-12-12 12:00:20 +01:00
Andreas Steffen
9b01a061ec Increased check size du to INITIAL_CONTACT notify 2014-11-29 14:57:41 +01:00
Andreas Steffen
c02ebf1ecd Renewed expired certificates 2014-11-29 14:51:18 +01:00
Andreas Steffen
43d9247599 Created ikev2/rw-ntru-bliss scenario 2014-11-29 14:51:18 +01:00
Reto Buerki
0de4ba58ce testing: Update tkm/multiple-clients/evaltest.dat 
Since the CC context is now properly reset in the bus listener plugin,
the second connection from host dave re-uses the first CC ID. Adjust
the expect string on gateway sun accordingly.
 2014-10-31 13:49:40 +01:00
Andreas Steffen
a521ef3b8e Increased fragment size to 1400 in ipv6/net2net-ikev1 scenario 2014-10-18 14:05:53 +02:00
Andreas Steffen
09b46cdb6a Enabled IKEv2 fragmentation in ipv6/net2net-ikev2 scenario 2014-10-18 14:05:18 +02:00
Andreas Steffen
cb5ad2ba3d testing: Lower batch size to demonstrated segmetation of TCG/SWID Tag ID Inventory attribute 2014-10-11 15:01:21 +02:00
Tobias Brunner
1836c1845b testing: Add ikev2/net2net-fragmentation scenario 2014-10-10 09:33:23 +02:00
Tobias Brunner
144b40e07c testing: Update ikev1/net2net-fragmentation scenario 2014-10-10 09:32:42 +02:00
Tobias Brunner
89e953797d testing: Don't check for the actual number of SWID tags in PDP scenarios 
The number of SWID tags varies depending on the base image, but lets
assume the number is in the hundreds.
 2014-10-07 12:18:36 +02:00
Tobias Brunner
8f9016b1e2 testing: Make TNC scenarios agnostic to the actual Debian version 
The scenarios will work with new or old base images as long as the version
in use is included as product in the master data (src/libimcv/imv/data.sql).
 2014-10-07 12:18:25 +02:00
Andreas Steffen
100c1a4bf1 testing: Updated certificates and keys in sql scenarios 2014-10-06 09:42:58 +02:00
Andreas Steffen
73af3a1b04 Updated revoked certificate in ikev2/ocsp-revoked scenario 2014-10-05 21:33:35 +02:00
Andreas Steffen
006518e859 The critical-extension scenarios need the old private keys 2014-10-05 20:58:03 +02:00
Tobias Brunner
12e9ed12ec testing: Wait a bit in swanctl scenarios before interacting with the daemon 2014-10-03 12:44:14 +02:00
Tobias Brunner
722a8a177e testing: Make sure the whitelist plugin is ready before configuring it 2014-10-03 12:44:14 +02:00
Tobias Brunner
09f1fb82f9 testing: Update PKCS#12 containers 2014-10-03 12:44:13 +02:00
Tobias Brunner
079c797421 testing: Update PKCS#8 keys 2014-10-03 12:44:13 +02:00
Tobias Brunner
9f5fd7899e testing: Update public keys in DNSSEC scenarios 
The tests are successful even if the public keys are not stored locally,
but an additional DNS query is required to fetch them.
 2014-10-03 12:44:13 +02:00
Tobias Brunner
2c7ad260f9 testing: Update carols certificate in several test cases 2014-10-03 12:44:13 +02:00
Martin Willi
7ab320def3 testing: Add some notes about how to reissue attribute certificates 2014-10-03 12:31:01 +02:00
Martin Willi
16469e8474 testing: Reissue attribute certificates for the new holder certificates 
Due to the expired and reissued holder certificates of carol and dave, new
attribute certificates are required to match the holder certificates serial in
the ikev2/acert-{cached,fallback,inline} tests.
 2014-10-03 12:28:11 +02:00
Martin Willi
44b6a34d43 configure: Load fetcher plugins after crypto base plugins 
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.

We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
 2014-09-24 17:34:54 +02:00
Reto Buerki
e0d59e10f8 testing: Update certs and keys in tkm tests 
References #705.
 2014-09-17 17:08:35 +02:00
Andreas Steffen
51da5b920b Generated new test certificates 2014-08-28 21:34:40 +02:00
Tobias Brunner
be41910e19 testing: Add sql/shunt-policies-nat-rw scenario 2014-06-26 18:13:26 +02:00
Tobias Brunner
73211f9b74 testing: Add pfkey/shunt-policies-nat-rw scenario 2014-06-26 18:13:26 +02:00
Tobias Brunner
945e1df738 testing: Remove obsolete shunt-policies scenarios 2014-06-26 18:12:00 +02:00
Andreas Steffen
75598e5053 Updated description of TNC scenarios concerning RFC 7171 PT-EAP support 2014-06-26 09:47:03 +02:00
Andreas Steffen
21aebe3781 Removed django.db from swid scenarios 2014-06-26 09:45:54 +02:00
Tobias Brunner
2ef6f57456 testing: Add ikev2/shunt-policies-nat-rw scenario 2014-06-19 14:23:07 +02:00
Tobias Brunner
d93987ce24 testing: Remove ikev2/shunt-policies scenario 
This scenario doesn't really apply anymore (especially its use of drop
policies).
 2014-06-19 14:23:07 +02:00
Andreas Steffen
d345f0b75d Added swanctl/net2net-route scenario 2014-06-18 14:57:33 +02:00
Andreas Steffen
3f5f0b8940 Added swanctl/net2net-start scenario 2014-06-18 14:35:59 +02:00
Andreas Steffen
4402bae77d Minor changes in swanctl scenarios 2014-06-18 14:35:36 +02:00
Andreas Steffen
39d6469d76 Added swanctl/rw-psk-fqdn and swanctl/rw-psk-ipv4 scenarios 2014-06-14 15:40:23 +02:00
Andreas Steffen
3eb22f1f00 Single-line --raw mode simplifies evaltest of swanctl scenarios 2014-06-14 15:40:23 +02:00
Andreas Steffen
12d618e280 Added swanctl/ip-pool-db scenario 2014-06-11 18:12:35 +02:00