sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
15,044 Commits 101 Branches 327 Tags
Commit Graph

1476 Commits

Author SHA1 Message Date
Andreas Steffen
b9522f9d64 swanctl: Do not display rekey times for shunts 2016-05-05 14:53:22 +02:00
Andreas Steffen
ff4e01dab5 testing: Use reauthentication and set CHILD_SA rekey time, bytes and packets limits 2016-05-04 18:13:52 +02:00
Andreas Steffen
87381a55a9 testing: uses xauth_id in swanctl/xauth-rsa scenario 2016-05-04 18:13:52 +02:00
Andreas Steffen
278497f2ba testing: Use absolute path of imv_policy_manager 2016-04-26 17:15:37 +02:00
Andreas Steffen
b85422b90c testing: -D and -u options in sfdisk are not supported any more 2016-04-26 17:15:37 +02:00
Andreas Steffen
029d3a0ce6 testing: updated testing.conf 2016-04-24 13:36:31 +02:00
Andreas Steffen
0ff486f507 testing: Added swanctl/rw-multi-ciphers-ikev1 scenario 2016-04-12 18:50:58 +02:00
Andreas Steffen
d3edc8aa0f testing: Added swanctl/manual_prio scenario 2016-04-09 16:51:02 +02:00
Tobias Brunner
638b4638e3 testing: Add swanctl/net2net-gw scenario 2016-04-09 16:51:00 +02:00
Tobias Brunner
ea3a4d3f72 testing: List conntrack table on sun in ikev2/host2host-transport-connmark scenario 2016-04-06 14:01:18 +02:00
Tobias Brunner
aa65b8c147 testing: Version bump to 5.4.0 
References #1382.
 2016-04-06 11:17:40 +02:00
Tobias Brunner
76397efa21 testing: Disable leak detective when generating CRLs 
GnuTLS, which can get loaded by the curl plugin, does not properly cleanup
some allocated memory when deinitializing.  This causes invalid frees if
leak detective is active.  Other invalid frees are related to time
conversions (tzset).

References #1382.
 2016-04-06 11:16:59 +02:00
Tobias Brunner
a9f9598ed0 testing: Updated updown scripts in libipsec scenarios to latest version 2016-03-23 14:13:07 +01:00
Andreas Steffen
90ef7e8af6 Updated swanctl/rw-psk-ikev1 scenario 2016-03-10 13:59:37 +01:00
Tobias Brunner
dc57c1b817 testing: Add ikev2/reauth-mbb-revoked scenario 2016-03-10 11:07:15 +01:00
Tobias Brunner
d163aa5eaf testing: Generate a CRL that has moon's actual certificate revoked 2016-03-10 11:07:15 +01:00
Andreas Steffen
c2523355a4 testing: Added swanctl/mult-auth-rsa-eap-sim-id scenario 2016-03-06 19:09:03 +01:00
Andreas Steffen
70ff382e41 testing: Added swanctl/xauth-rsa scenario 2016-03-06 12:28:55 +01:00
Andreas Steffen
07b0eac4b1 testing: attr-sql is a charon plugin 2016-03-05 15:53:22 +01:00
Andreas Steffen
26d2011b14 testing: Added swanctl/rw-psk-ikev1 scenario 2016-03-05 13:50:41 +01:00
Andreas Steffen
1989c7a381 testing: Include IKE port information in evaltests 2016-03-05 13:44:06 +01:00
Tobias Brunner
f80e910cce testing: Add ikev2/redirect-active scenario 2016-03-04 16:03:00 +01:00
Andreas Steffen
ba919f393d testing: Added swanctl/protoport-range scenario 2016-03-04 09:52:34 +01:00
Tobias Brunner
28649f6d91 libhydra: Remove empty unused library 2016-03-03 17:36:11 +01:00
Andreas Steffen
efefa0c6a1 testing: Added swanctl/shunt-policies-nat-rw 2016-02-28 22:25:50 +01:00
Andreas Steffen
13891e2a4f testing: Some minor fixes in test scenarios 2016-02-28 22:25:21 +01:00
Andreas Steffen
68c9f0bb80 testing: Added swanctl/protoport-dual scenario 2016-02-28 14:33:48 +01:00
Andreas Steffen
ddf1fc7692 testing: converted af-alg scenarios to swanctl 2016-02-26 13:31:36 +01:00
Tobias Brunner
4625113b1a testing: Use absolute path to the _updown script in SQL scenarios 
/usr/local/sbin is not included in PATH set by the charon init script and
since the ipsec script is obsolete when using swanctl it makes sense to
change this anyway.
 2016-02-17 12:00:20 +01:00
Andreas Steffen
963b080810 testing: Increased ping interval in ikev2/trap-any scenario 2016-02-16 18:21:19 +01:00
Andreas Steffen
726a45b2f2 Corrected the description of the swanctl/dhcp-dynamic scenario 2016-02-16 18:17:17 +01:00
Andreas Steffen
4d83c5b4a6 Fix of the mutual TNC measurement use case 
If the IKEv2 initiator acting as a TNC server receives invalid TNC measurements
from the IKEv2 responder acting as a TNC clienti, the exchange of PB-TNC batches
is continued until the IKEv2 responder acting as a TNC server has also finished
its TNC measurements.

In the past if these measurements in the other direction were correct
the IKEv2 responder acting as EAP server declared the IKEv2 EAP authentication
successful and the IPsec connection was established even though the TNC
measurement verification on the EAP peer side failed.

The fix adds an "allow" group membership on each endpoint if the corresponding
TNC measurements of the peer are successful. By requiring a "allow" group
membership in the IKEv2 connection definition the IPsec connection succeeds
only if the TNC measurements on both sides are valid.
 2016-02-16 18:00:27 +01:00
Andreas Steffen
ac134b470a testing: Added swanctl/dhcp-dynamic scenario 2016-02-03 12:10:59 +01:00
Thomas Egerer
beb4a07ea8 ikev1: Log successful authentication with signature scheme 
Output is now identical to that of the IKEv2 pubkey authenticator.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-02-01 15:58:53 +01:00
Tobias Brunner
4cfcbe97a4 testing: Don't attempt to start the daemon twice in ha/active-passive scenario 2016-02-01 10:51:12 +01:00
Andreas Steffen
67a38ac6f1 testing: Added swanctl/config-payload scenario 2016-01-14 06:31:28 +01:00
Andreas Steffen
e7b5171e43 testing: Use include statement in swanctl/rw-pubkey-keyid scenario 2016-01-14 01:44:17 +01:00
Andreas Steffen
2aa2b17d41 testing: swanctl/rw-pubkey-anon uses anonymous public keys in remote access scenario 2016-01-09 07:23:30 +01:00
Andreas Steffen
b83cef2412 testing: added swanctl scenarios net2net-pubkey, rw-pubkey-keyid and rw-dnssec 2016-01-09 07:23:30 +01:00
Andreas Steffen
bffbf2f5fd testing: Fixed description of swanctl/frags-iv4 scenario 2016-01-09 00:17:31 +01:00
Andreas Steffen
9db530493f testing: Change sql scenarios to swanctl 2016-01-03 06:28:48 +01:00
Tobias Brunner
1a79525559 testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs 2015-12-21 12:14:12 +01:00
Andreas Steffen
490ba67682 testing: Fixed description in swanctl/rw-ntru-bliss scenario 2015-12-18 15:24:59 +01:00
Andreas Steffen
9463350943 testing: swanctl is enabled by default 2015-12-18 15:22:29 +01:00
Andreas Steffen
76cbf1df34 testing: Added swanctl/rw-ntru-bliss scenario 2015-12-17 17:49:48 +01:00
Andreas Steffen
5e2b740a00 128 bit default security strength requires 3072 bit prime DH group 2015-12-14 10:39:40 +01:00
Andreas Steffen
36b6d400d2 testing: swanctl/rw-cert scenario tests password-protected RSA key 2015-12-12 17:12:44 +01:00
Andreas Steffen
4f7f2538c4 Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit security 2015-12-12 15:54:48 +01:00
Andreas Steffen
fad851e2d3 Use VICI 2.0 protocol version for certificate queries 2015-12-11 18:26:54 +01:00
Andreas Steffen
6789d79d46 testing: Added swanctl --list-algs output 2015-12-11 18:26:54 +01:00