sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
19,469 Commits 101 Branches 327 Tags
Commit Graph

584 Commits

Author SHA1 Message Date
Andreas Steffen
07b0eac4b1 testing: attr-sql is a charon plugin 2016-03-05 15:53:22 +01:00
Tobias Brunner
f80e910cce testing: Add ikev2/redirect-active scenario 2016-03-04 16:03:00 +01:00
Tobias Brunner
28649f6d91 libhydra: Remove empty unused library 2016-03-03 17:36:11 +01:00
Andreas Steffen
963b080810 testing: Increased ping interval in ikev2/trap-any scenario 2016-02-16 18:21:19 +01:00
Andreas Steffen
5e2b740a00 128 bit default security strength requires 3072 bit prime DH group 2015-12-14 10:39:40 +01:00
Andreas Steffen
cbc43f1b43 testing: Some more timing fixes 2015-12-01 14:51:23 +01:00
Andreas Steffen
1c1f713431 testing: Error messages of curl plugin have changed 2015-11-13 14:02:45 +01:00
Andreas Steffen
946bc3a3f5 testing: Fixed some more timing issues 2015-11-10 16:54:38 +01:00
Tobias Brunner
10051b01e9 testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs 2015-11-09 15:18:39 +01:00
Tobias Brunner
f24ec20ebb testing: Fix test constraints in ikev2/rw-ntru-bliss scenario 
Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS
OIDs and signature schemes").
 2015-11-09 15:18:38 +01:00
Andreas Steffen
529357f09a testing: Use sha3 plugin in ikev2/rw-cert scenario 2015-11-09 15:18:38 +01:00
Tobias Brunner
bb66b4d56b testing: Speed up OCSP scenarios 
Don't make clients wait for the TCP connections to timeout by dropping
packets.  By rejecting them the OCSP requests fail immediately.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
0ee4a333a8 testing: Speed up ifdown calls in ikev2/mobike scenarios 
ifdown calls bind's rndc, which tries to access TCP port 953 on lo.
If these packets are dropped by the firewall we have to wait for the TCP
connections to time out, which takes quite a while.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
cbaafa03c7 testing: Avoid delays with ping by using -W and -i options 
With -W we reduce timeouts when we don't expect a response.  With -i the
interval between pings is reduced (mostly in case of auto=route where
the first ping yields no reply).
 2015-11-09 15:18:35 +01:00
Tobias Brunner
f519acd42f testing: Remove nearly all sleep calls from pretest and posttest scripts 
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
f36b6d49af testing: Adapt tests to retransmission settings and reduce DPD delay/timeout 2015-11-09 15:18:34 +01:00
Andreas Steffen
a98360a64c testing: BLISS CA uses SHA-3 in its CRL 2015-11-03 21:35:09 +01:00
Andreas Steffen
2b5c543051 testing: added ikev2/alg-chacha20poly1305 scenario 2015-09-01 17:30:15 +02:00
Tobias Brunner
e9ea7e6fb7 testing: Updated environment variable documentation in updown scripts 2015-08-31 11:00:05 +02:00
Tobias Brunner
efb4b9440a testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario 2015-08-21 11:37:23 +02:00
Tobias Brunner
161d75f403 testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario 2015-08-21 11:17:25 +02:00
Tobias Brunner
18943c1f1b testing: Print triplets.dat files of clients in EAP-SIM scenarios 
References #1078.
 2015-08-21 11:16:56 +02:00
Tobias Brunner
bb1d9e454d testing: Add ikev2/trap-any scenario 2015-08-19 11:34:25 +02:00
Andreas Steffen
fbcac07043 testing: Regenerated BLISS certificates due to oracle changes 2015-07-27 22:09:08 +02:00
Andreas Steffen
aaeb524cea testing: Updated loop ca certificates 2015-07-22 17:11:00 +02:00
Andreas Steffen
362e87e3e0 testing: Updated carol's certificate from research CA and dave's certificate from sales CA 2015-04-26 16:52:06 +02:00
Andreas Steffen
d04e47a9eb testing: Wait for DH crypto tests to complete 2015-04-26 11:51:49 +02:00
Tobias Brunner
3d964213f5 testing: Remove obsolete leftnexthop option from configs 2015-03-12 15:51:25 +01:00
Tobias Brunner
8b2af616ac testing: Update modified updown scripts to the latest template 
This avoids confusion and makes identifying the changes needed for each
scenario easier.
 2015-03-06 16:51:50 +01:00
Andreas Steffen
3fcb59b62a use SHA512 for moon's BLISS signature 2015-03-04 14:08:37 +01:00
Tobias Brunner
26ebe5fea8 testing: Test classic public key authentication in ikev2/net2net-cert scenario 2015-03-04 13:54:12 +01:00
Tobias Brunner
7a9c0d51f4 testing: Don't check for exact IKEv2 fragment size 
Because SHA-256 is now used for signatures the size of the two IKE_AUTH
messages changed.
 2015-03-04 13:54:10 +01:00
Tobias Brunner
4aa24d4c13 testing: Update test conditions because signature schemes are now logged 
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
 2015-03-04 13:54:10 +01:00
Tobias Brunner
2f1b2d9183 testing: Add ikev2/rw-sig-auth scenario 2015-03-04 13:54:10 +01:00
Tobias Brunner
3b31245a0f testing: Add ikev2/net2net-cert-sha2 scenario 2015-03-04 13:54:10 +01:00
Andreas Steffen
c2aca9eed2 Implemented improved BLISS-B signature algorithm 2015-02-25 21:45:34 +01:00
Martin Willi
c10b2be967 testing: Add a forecast test case 2015-02-20 16:34:55 +01:00
Martin Willi
9ed09d5f77 testing: Add a connmark plugin test 
In this test two hosts establish a transport mode connection from behind
moon. sun uses the connmark plugin to distinguish the flows.

This is an example that shows how one can terminate L2TP/IPsec connections
from two hosts behind the same NAT. For simplification of the test, we use
an SSH connection instead, but this works for any connection initiated flow
that conntrack can track.
 2015-02-20 16:34:54 +01:00
Martin Willi
f27fb58ae0 testing: Update description and test evaluation of host2host-transport-nat 
As we now reuse the reqid for identical SAs, the behavior changes for
transport connections to multiple peers behind the same NAT. Instead of
rejecting the SA, we now have two valid SAs active. For the reverse path,
however, sun sends traffic always over the newer SA, resembling the behavior
before we introduced explicit SA conflicts for different reqids.
 2015-02-20 13:34:58 +01:00
Martin Willi
050556bf59 testing: Be a little more flexible in testing for established CHILD_SA modes 
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
 2015-02-20 13:34:58 +01:00
Martin Willi
b1ff437bbc testing: Add a test scenario for make-before-break reauth using a virtual IP 2015-02-20 13:34:58 +01:00
Martin Willi
ae3fdf2603 testing: Add a test scenario for make-before-break reauth without a virtual IP 2015-02-20 13:34:57 +01:00
Andreas Steffen
5028644943 Updated RFC3779 certificates 2014-12-28 12:53:16 +01:00
Andreas Steffen
ac0cb2d363 Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario 2014-12-12 13:55:03 +01:00
Andreas Steffen
c44f481ae0 Updated BLISS scenario keys and certificates to new format 2014-12-12 12:00:20 +01:00
Andreas Steffen
c02ebf1ecd Renewed expired certificates 2014-11-29 14:51:18 +01:00
Andreas Steffen
43d9247599 Created ikev2/rw-ntru-bliss scenario 2014-11-29 14:51:18 +01:00
Tobias Brunner
1836c1845b testing: Add ikev2/net2net-fragmentation scenario 2014-10-10 09:33:23 +02:00
Andreas Steffen
73af3a1b04 Updated revoked certificate in ikev2/ocsp-revoked scenario 2014-10-05 21:33:35 +02:00
Andreas Steffen
006518e859 The critical-extension scenarios need the old private keys 2014-10-05 20:58:03 +02:00