sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
15,677 Commits 101 Branches 327 Tags
Commit Graph

1556 Commits

Author SHA1 Message Date
Martin Willi
6f913def3c testing: Build with --enable-chapoly 2015-07-12 13:54:08 +02:00
Andreas Steffen
b8399a2edc testing: use a decent PSK 2015-05-30 16:56:41 +02:00
Andreas Steffen
1047d44b57 testing: Added ha/active-passive scenario 2015-05-30 16:48:17 +02:00
Tobias Brunner
13497e6cc1 testing: Include iperf and htop in base image 2015-05-22 13:30:10 +02:00
Tobias Brunner
682aab205e testing: Don't check parent dir (and subdirs) when downloading OpenSSL packages 2015-05-21 09:32:37 +02:00
Tobias Brunner
c077642cbd testing: Fix kernel download URL for kernel versions != 4.x 2015-05-19 17:00:06 +02:00
Tobias Brunner
966efbc10d testing: Fix URL to TNC@FHH project in scenario descriptions 2015-05-05 11:48:56 +02:00
Reto Buerki
41e9a261ac testing: Update TKM assert strings 2015-05-05 10:55:14 +02:00
Reto Buerki
3ff0edd804 testing: Update alog to version 0.3.1 2015-05-05 10:55:14 +02:00
Reto Buerki
2fc53e76f8 testing: Update tkm to version 0.1.2 2015-05-05 10:55:14 +02:00
Reto Buerki
3c13ff0a97 testing: Update tkm-rpc to version 0.2 2015-05-05 10:55:14 +02:00
Andreas Steffen
362e87e3e0 testing: Updated carol's certificate from research CA and dave's certificate from sales CA 2015-04-26 16:52:06 +02:00
Andreas Steffen
d04e47a9eb testing: Wait for DH crypto tests to complete 2015-04-26 11:51:49 +02:00
Andreas Steffen
79b5a33c11 imv_policy_manager: Added capability to execute an allow or block shell command string 2015-04-26 10:55:24 +02:00
Andreas Steffen
ce354443bf testing: Migration of KVM framework to Linux 4.x kernel 2015-04-25 18:05:00 +02:00
Andreas Steffen
883c11caa0 Added tnc/tnccs-20-fail-init and tnc/tnccs-20-fail-resp scenarios 2015-03-27 20:56:44 +01:00
Andreas Steffen
193e057509 Added configurations for 3.18 and 3.19 KMV guest kernels 2015-03-27 20:56:44 +01:00
Andreas Steffen
85aa509e84 Added tnc/tnccs-20-pt-tls scenario 2015-03-27 20:56:43 +01:00
Andreas Steffen
be04f90815 testing: added tnc/tnccs-20-mutual scenario 2015-03-23 23:01:13 +01:00
Tobias Brunner
3d964213f5 testing: Remove obsolete leftnexthop option from configs 2015-03-12 15:51:25 +01:00
Martin Willi
2b0f34a2ef testing: Don't check for exact IKEv1 fragment size 
Similar to 7a9c0d51, the exact packet size depends on many factors we don't
want to consider in this test case.
 2015-03-10 10:21:16 +01:00
Martin Willi
58c3e09918 testing: Fix active/passive role description in ha/both-active test case 2015-03-10 10:02:21 +01:00
Tobias Brunner
8b2af616ac testing: Update modified updown scripts to the latest template 
This avoids confusion and makes identifying the changes needed for each
scenario easier.
 2015-03-06 16:51:50 +01:00
Andreas Steffen
3fcb59b62a use SHA512 for moon's BLISS signature 2015-03-04 14:08:37 +01:00
Tobias Brunner
26ebe5fea8 testing: Test classic public key authentication in ikev2/net2net-cert scenario 2015-03-04 13:54:12 +01:00
Tobias Brunner
53217d70b0 testing: Disable signature authentication on dave in openssl-ikev2/ecdsa-certs scenario 2015-03-04 13:54:12 +01:00
Tobias Brunner
7a9c0d51f4 testing: Don't check for exact IKEv2 fragment size 
Because SHA-256 is now used for signatures the size of the two IKE_AUTH
messages changed.
 2015-03-04 13:54:10 +01:00
Tobias Brunner
4aa24d4c13 testing: Update test conditions because signature schemes are now logged 
RFC 7427 signature authentication is now used between strongSwan hosts
by default, which causes the actual signature schemes to get logged.
 2015-03-04 13:54:10 +01:00
Tobias Brunner
2f1b2d9183 testing: Add ikev2/rw-sig-auth scenario 2015-03-04 13:54:10 +01:00
Tobias Brunner
3b31245a0f testing: Add ikev2/net2net-cert-sha2 scenario 2015-03-04 13:54:10 +01:00
Andreas Steffen
c2aca9eed2 Implemented improved BLISS-B signature algorithm 2015-02-25 21:45:34 +01:00
Martin Willi
c10b2be967 testing: Add a forecast test case 2015-02-20 16:34:55 +01:00
Martin Willi
3748fc70a7 testing: Build forecast plugin 2015-02-20 16:34:55 +01:00
Martin Willi
9ed09d5f77 testing: Add a connmark plugin test 
In this test two hosts establish a transport mode connection from behind
moon. sun uses the connmark plugin to distinguish the flows.

This is an example that shows how one can terminate L2TP/IPsec connections
from two hosts behind the same NAT. For simplification of the test, we use
an SSH connection instead, but this works for any connection initiated flow
that conntrack can track.
 2015-02-20 16:34:54 +01:00
Martin Willi
15f392d9ed testing: Build strongSwan with the connmark plugin 2015-02-20 16:34:54 +01:00
Martin Willi
f3a419e9c4 testing: Install iptables-dev to guest images 2015-02-20 16:34:54 +01:00
Martin Willi
f27fb58ae0 testing: Update description and test evaluation of host2host-transport-nat 
As we now reuse the reqid for identical SAs, the behavior changes for
transport connections to multiple peers behind the same NAT. Instead of
rejecting the SA, we now have two valid SAs active. For the reverse path,
however, sun sends traffic always over the newer SA, resembling the behavior
before we introduced explicit SA conflicts for different reqids.
 2015-02-20 13:34:58 +01:00
Martin Willi
050556bf59 testing: Be a little more flexible in testing for established CHILD_SA modes 
As we now print the reqid parameter in the CHILD_SA details, adapt the grep
to still match the CHILD_SA mode and protocol.
 2015-02-20 13:34:58 +01:00
Martin Willi
b1ff437bbc testing: Add a test scenario for make-before-break reauth using a virtual IP 2015-02-20 13:34:58 +01:00
Martin Willi
ae3fdf2603 testing: Add a test scenario for make-before-break reauth without a virtual IP 2015-02-20 13:34:57 +01:00
Reto Buerki
65566c37ca testing: Add tkm xfrmproxy-expire test 
This test asserts that the handling of XFRM expire messages from the
kernel are handled correctly by the xfrm-proxy and the Esa Event Service
(EES) in charon-tkm.
 2015-02-20 13:34:54 +01:00
Reto Buerki
03409ac7a0 testing: Assert ees acquire messages in xfrmproxy tests 2015-02-20 13:34:54 +01:00
Reto Buerki
8fce649d9a testing: Assert proper ESA deletion 
Extend the tkm/host2host-initiator testcase by asserting proper ESA
deletion after connection shutdown.
 2015-02-20 13:34:52 +01:00
Andreas Steffen
5028644943 Updated RFC3779 certificates 2014-12-28 12:53:16 +01:00
Andreas Steffen
ac0cb2d363 Updated BLISS CA certificate in ikev2/rw-ntru-bliss scenario 2014-12-12 13:55:03 +01:00
Andreas Steffen
c44f481ae0 Updated BLISS scenario keys and certificates to new format 2014-12-12 12:00:20 +01:00
Andreas Steffen
9b01a061ec Increased check size du to INITIAL_CONTACT notify 2014-11-29 14:57:41 +01:00
Andreas Steffen
c02ebf1ecd Renewed expired certificates 2014-11-29 14:51:18 +01:00
Andreas Steffen
43d9247599 Created ikev2/rw-ntru-bliss scenario 2014-11-29 14:51:18 +01:00
Reto Buerki
0de4ba58ce testing: Update tkm/multiple-clients/evaltest.dat 
Since the CC context is now properly reset in the bus listener plugin,
the second connection from host dave re-uses the first CC ID. Adjust
the expect string on gateway sun accordingly.
 2014-10-31 13:49:40 +01:00