sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
15,677 Commits 101 Branches 327 Tags
Commit Graph

1556 Commits

Author SHA1 Message Date
Andreas Steffen
1989c7a381 testing: Include IKE port information in evaltests 2016-03-05 13:44:06 +01:00
Tobias Brunner
f80e910cce testing: Add ikev2/redirect-active scenario 2016-03-04 16:03:00 +01:00
Andreas Steffen
ba919f393d testing: Added swanctl/protoport-range scenario 2016-03-04 09:52:34 +01:00
Tobias Brunner
28649f6d91 libhydra: Remove empty unused library 2016-03-03 17:36:11 +01:00
Andreas Steffen
efefa0c6a1 testing: Added swanctl/shunt-policies-nat-rw 2016-02-28 22:25:50 +01:00
Andreas Steffen
13891e2a4f testing: Some minor fixes in test scenarios 2016-02-28 22:25:21 +01:00
Andreas Steffen
68c9f0bb80 testing: Added swanctl/protoport-dual scenario 2016-02-28 14:33:48 +01:00
Andreas Steffen
ddf1fc7692 testing: converted af-alg scenarios to swanctl 2016-02-26 13:31:36 +01:00
Tobias Brunner
4625113b1a testing: Use absolute path to the _updown script in SQL scenarios 
/usr/local/sbin is not included in PATH set by the charon init script and
since the ipsec script is obsolete when using swanctl it makes sense to
change this anyway.
 2016-02-17 12:00:20 +01:00
Andreas Steffen
963b080810 testing: Increased ping interval in ikev2/trap-any scenario 2016-02-16 18:21:19 +01:00
Andreas Steffen
726a45b2f2 Corrected the description of the swanctl/dhcp-dynamic scenario 2016-02-16 18:17:17 +01:00
Andreas Steffen
4d83c5b4a6 Fix of the mutual TNC measurement use case 
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.

In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.

The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
 2016-02-16 18:00:27 +01:00
Andreas Steffen
ac134b470a testing: Added swanctl/dhcp-dynamic scenario 2016-02-03 12:10:59 +01:00
Thomas Egerer
beb4a07ea8 ikev1: Log successful authentication with signature scheme 
Output is now identical to that of the IKEv2 pubkey authenticator.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-02-01 15:58:53 +01:00
Tobias Brunner
4cfcbe97a4 testing: Don't attempt to start the daemon twice in ha/active-passive scenario 2016-02-01 10:51:12 +01:00
Andreas Steffen
67a38ac6f1 testing: Added swanctl/config-payload scenario 2016-01-14 06:31:28 +01:00
Andreas Steffen
e7b5171e43 testing: Use include statement in swanctl/rw-pubkey-keyid scenario 2016-01-14 01:44:17 +01:00
Andreas Steffen
2aa2b17d41 testing: swanctl/rw-pubkey-anon uses anonymous public keys in remote access scenario 2016-01-09 07:23:30 +01:00
Andreas Steffen
b83cef2412 testing: added swanctl scenarios net2net-pubkey, rw-pubkey-keyid and rw-dnssec 2016-01-09 07:23:30 +01:00
Andreas Steffen
bffbf2f5fd testing: Fixed description of swanctl/frags-iv4 scenario 2016-01-09 00:17:31 +01:00
Andreas Steffen
9db530493f testing: Change sql scenarios to swanctl 2016-01-03 06:28:48 +01:00
Tobias Brunner
1a79525559 testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs 2015-12-21 12:14:12 +01:00
Andreas Steffen
490ba67682 testing: Fixed description in swanctl/rw-ntru-bliss scenario 2015-12-18 15:24:59 +01:00
Andreas Steffen
9463350943 testing: swanctl is enabled by default 2015-12-18 15:22:29 +01:00
Andreas Steffen
76cbf1df34 testing: Added swanctl/rw-ntru-bliss scenario 2015-12-17 17:49:48 +01:00
Andreas Steffen
5e2b740a00 128 bit default security strength requires 3072 bit prime DH group 2015-12-14 10:39:40 +01:00
Andreas Steffen
36b6d400d2 testing: swanctl/rw-cert scenario tests password-protected RSA key 2015-12-12 17:12:44 +01:00
Andreas Steffen
4f7f2538c4 Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit security 2015-12-12 15:54:48 +01:00
Andreas Steffen
fad851e2d3 Use VICI 2.0 protocol version for certificate queries 2015-12-11 18:26:54 +01:00
Andreas Steffen
6789d79d46 testing: Added swanctl --list-algs output 2015-12-11 18:26:54 +01:00
Andreas Steffen
6aa7703122 testing: Converted tnc scenarios to swanctl 2015-12-11 18:26:54 +01:00
Tobias Brunner
74270c8c86 vici: Don't report memory usage via leak-detective 
This slowed down the `swanctl --stats` calls in the test scenarios
significantly, with not much added value.
 2015-12-11 18:26:53 +01:00
Tobias Brunner
ae37090e65 testing: Use expect-connection in swanctl scenarios 
Only in net2net-start do we have to use `sleep` to ensure the SA is
up when the tests are running.
 2015-12-11 18:26:53 +01:00
Tobias Brunner
b77e25c381 testing: The expect-connection helper may use swanctl to check for connections 
Depending on the plugin configuration in the test scenario either
`ipsec statusall` or `swanctl --list-conns` is used to check for a named
connection.
 2015-12-11 18:26:53 +01:00
Andreas Steffen
cbc43f1b43 testing: Some more timing fixes 2015-12-01 14:51:23 +01:00
Andreas Steffen
dddb32329c testing: Updated expired mars.strongswan.org certificate 2015-11-26 09:55:28 +01:00
Andreas Steffen
1c1f713431 testing: Error messages of curl plugin have changed 2015-11-13 14:02:45 +01:00
Andreas Steffen
c4b9b7ef2c testing: Fixed another timing issue 2015-11-13 14:02:06 +01:00
Andreas Steffen
019c7c2310 testing: Check for leases in swanctl/ip-pool scenario 2015-11-11 08:43:43 +01:00
Andreas Steffen
946bc3a3f5 testing: Fixed some more timing issues 2015-11-10 16:54:38 +01:00
Tobias Brunner
10051b01e9 testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs 2015-11-09 15:18:39 +01:00
Tobias Brunner
3102da20a7 testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNC 2015-11-09 15:18:38 +01:00
Tobias Brunner
e873cb5a28 testing: Add test config to create and remove a directory for DBs stored in ramfs 2015-11-09 15:18:38 +01:00
Tobias Brunner
10fa70ee5c testing: Improve runtime of TNC tests by storing the SQLite DB in ramfs 
This saves about 50%-70% of the time needed for scenarios that use a DB.
 2015-11-09 15:18:38 +01:00
Tobias Brunner
f24ec20ebb testing: Fix test constraints in ikev2/rw-ntru-bliss scenario 
Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS
OIDs and signature schemes").
 2015-11-09 15:18:38 +01:00
Andreas Steffen
529357f09a testing: Use sha3 plugin in ikev2/rw-cert scenario 2015-11-09 15:18:38 +01:00
Tobias Brunner
bcad0f761f testing: Report the actual strongSwan and kernel versions 2015-11-09 15:18:37 +01:00
Tobias Brunner
5a919312b3 testing: Record strongSwan version when building from tarball 2015-11-09 15:18:37 +01:00
Tobias Brunner
aee35392d1 testing: Record strongSwan version when building from source tree 2015-11-09 15:18:37 +01:00
Tobias Brunner
d4908c06c1 testing: Report time required for all scenarios on test overview page 2015-11-09 15:18:37 +01:00