sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
16,865 Commits 101 Branches 327 Tags
Commit Graph

1153 Commits

Author SHA1 Message Date
Andreas Steffen
ac134b470a testing: Added swanctl/dhcp-dynamic scenario 2016-02-03 12:10:59 +01:00
Thomas Egerer
beb4a07ea8 ikev1: Log successful authentication with signature scheme 
Output is now identical to that of the IKEv2 pubkey authenticator.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
 2016-02-01 15:58:53 +01:00
Tobias Brunner
4cfcbe97a4 testing: Don't attempt to start the daemon twice in ha/active-passive scenario 2016-02-01 10:51:12 +01:00
Andreas Steffen
67a38ac6f1 testing: Added swanctl/config-payload scenario 2016-01-14 06:31:28 +01:00
Andreas Steffen
e7b5171e43 testing: Use include statement in swanctl/rw-pubkey-keyid scenario 2016-01-14 01:44:17 +01:00
Andreas Steffen
2aa2b17d41 testing: swanctl/rw-pubkey-anon uses anonymous public keys in remote access scenario 2016-01-09 07:23:30 +01:00
Andreas Steffen
b83cef2412 testing: added swanctl scenarios net2net-pubkey, rw-pubkey-keyid and rw-dnssec 2016-01-09 07:23:30 +01:00
Andreas Steffen
bffbf2f5fd testing: Fixed description of swanctl/frags-iv4 scenario 2016-01-09 00:17:31 +01:00
Andreas Steffen
9db530493f testing: Change sql scenarios to swanctl 2016-01-03 06:28:48 +01:00
Tobias Brunner
1a79525559 testing: Fix some IKEv1 scenarios after listing DH groups for CHILD_SAs 2015-12-21 12:14:12 +01:00
Andreas Steffen
490ba67682 testing: Fixed description in swanctl/rw-ntru-bliss scenario 2015-12-18 15:24:59 +01:00
Andreas Steffen
76cbf1df34 testing: Added swanctl/rw-ntru-bliss scenario 2015-12-17 17:49:48 +01:00
Andreas Steffen
5e2b740a00 128 bit default security strength requires 3072 bit prime DH group 2015-12-14 10:39:40 +01:00
Andreas Steffen
36b6d400d2 testing: swanctl/rw-cert scenario tests password-protected RSA key 2015-12-12 17:12:44 +01:00
Andreas Steffen
4f7f2538c4 Upgraded IKE and ESP proposals in swanctl scenarios to consistent 128 bit security 2015-12-12 15:54:48 +01:00
Andreas Steffen
fad851e2d3 Use VICI 2.0 protocol version for certificate queries 2015-12-11 18:26:54 +01:00
Andreas Steffen
6aa7703122 testing: Converted tnc scenarios to swanctl 2015-12-11 18:26:54 +01:00
Tobias Brunner
ae37090e65 testing: Use expect-connection in swanctl scenarios 
Only in net2net-start do we have to use `sleep` to ensure the SA is
up when the tests are running.
 2015-12-11 18:26:53 +01:00
Andreas Steffen
cbc43f1b43 testing: Some more timing fixes 2015-12-01 14:51:23 +01:00
Andreas Steffen
dddb32329c testing: Updated expired mars.strongswan.org certificate 2015-11-26 09:55:28 +01:00
Andreas Steffen
1c1f713431 testing: Error messages of curl plugin have changed 2015-11-13 14:02:45 +01:00
Andreas Steffen
c4b9b7ef2c testing: Fixed another timing issue 2015-11-13 14:02:06 +01:00
Andreas Steffen
019c7c2310 testing: Check for leases in swanctl/ip-pool scenario 2015-11-11 08:43:43 +01:00
Andreas Steffen
946bc3a3f5 testing: Fixed some more timing issues 2015-11-10 16:54:38 +01:00
Tobias Brunner
10051b01e9 testing: Reduce runtime of all tests that use SQLite databases by storing them in ramfs 2015-11-09 15:18:39 +01:00
Tobias Brunner
3102da20a7 testing: tnc/tnccs-20-hcd-eap scenario does not use SWID IMV/strongTNC 2015-11-09 15:18:38 +01:00
Tobias Brunner
10fa70ee5c testing: Improve runtime of TNC tests by storing the SQLite DB in ramfs 
This saves about 50%-70% of the time needed for scenarios that use a DB.
 2015-11-09 15:18:38 +01:00
Tobias Brunner
f24ec20ebb testing: Fix test constraints in ikev2/rw-ntru-bliss scenario 
Changed with a88d958933ef ("Explicitly mention SHA2 algorithm in BLISS
OIDs and signature schemes").
 2015-11-09 15:18:38 +01:00
Andreas Steffen
529357f09a testing: Use sha3 plugin in ikev2/rw-cert scenario 2015-11-09 15:18:38 +01:00
Tobias Brunner
bde9fb6fa1 testing: Don't run redundant crypto tests in sql/rw-cert scenario 
They run in all other rw-cert scenarios but in the SQL version there is
no change in the loaded crypto plugins.
 2015-11-09 15:18:36 +01:00
Tobias Brunner
1091b3a636 testing: Fix CRL URIs in ipv6/net2net-ip4-in-ip6-ikev* scenarios 2015-11-09 15:18:36 +01:00
Tobias Brunner
bb66b4d56b testing: Speed up OCSP scenarios 
Don't make clients wait for the TCP connections to timeout by dropping
packets.  By rejecting them the OCSP requests fail immediately.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
0ee4a333a8 testing: Speed up ifdown calls in ikev2/mobike scenarios 
ifdown calls bind's rndc, which tries to access TCP port 953 on lo.
If these packets are dropped by the firewall we have to wait for the TCP
connections to time out, which takes quite a while.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
cbaafa03c7 testing: Avoid delays with ping by using -W and -i options 
With -W we reduce timeouts when we don't expect a response.  With -i the
interval between pings is reduced (mostly in case of auto=route where
the first ping yields no reply).
 2015-11-09 15:18:35 +01:00
Tobias Brunner
f519acd42f testing: Remove nearly all sleep calls from pretest and posttest scripts 
By consistently using the `expect-connection` helper we can avoid pretty
much all previously needed calls to sleep.
 2015-11-09 15:18:35 +01:00
Tobias Brunner
f36b6d49af testing: Adapt tests to retransmission settings and reduce DPD delay/timeout 2015-11-09 15:18:34 +01:00
Tobias Brunner
17816515d2 testing: Add libipsec/net2net-null scenario 2015-11-09 11:09:48 +01:00
Andreas Steffen
a98360a64c testing: BLISS CA uses SHA-3 in its CRL 2015-11-03 21:35:09 +01:00
Tobias Brunner
c6aa606a65 testing: Actually send an uncompressed packet in the ipv6/rw-compress-ikev2 scenario 
The default of 56 bytes already exceeds the threshold of 90 bytes (8 bytes
ICMP + 40 bytes IPv6 = 104 bytes).  By reducing the size we make sure the
packet is not compressed (40 + 8 + 40 = 88).

This also fixes a strange failure of this scenario due to the recently
added post-test `ip xfrm state` check.  The kernel stores a reference to
the used SAs on the inbound skbuffs and since these are garbage collected
it could take a while until all references to an SA disappear and the SA
is finally destroyed.  But while SAs might not get destroyed immediately
when we delete them, they are actually marked as dead and therefore won't
show up in `ip xfrm state`.  However, that's not the case for the tunnel
SAs the kernel attaches to IPComp SAs, which we don't explicitly delete,
and which aren't modified by the kernel until the IPComp SA is destroyed.
So what happened when the last ping unintentionally got compressed is that
the skbuff had a reference to the IPComp SA and therefore the tunnel SA.
This skbuff often was destroyed after the `ip xfrm state` check ran and
because the tunnel SA would still get reported the test case failed.
 2015-10-06 15:48:55 +02:00
Andreas Steffen
2b5c543051 testing: added ikev2/alg-chacha20poly1305 scenario 2015-09-01 17:30:15 +02:00
Tobias Brunner
e9ea7e6fb7 testing: Updated environment variable documentation in updown scripts 2015-08-31 11:00:05 +02:00
Andreas Steffen
cdb61c3e88 Added some spaces in swanctl.conf 2015-08-25 15:10:13 +02:00
Tobias Brunner
8923621280 testing: Fix typo in p2pnat/behind-same-nat scenario 2015-08-21 17:48:37 +02:00
Tobias Brunner
efb4b9440a testing: Add missing sim_files file to ikev2/rw-eap-sim-radius scenario 2015-08-21 11:37:23 +02:00
Tobias Brunner
161d75f403 testing: alice is RADIUS server in the ikev2/rw-eap-sim-radius scenario 2015-08-21 11:17:25 +02:00
Tobias Brunner
18943c1f1b testing: Print triplets.dat files of clients in EAP-SIM scenarios 
References #1078.
 2015-08-21 11:16:56 +02:00
Tobias Brunner
bb1d9e454d testing: Add ikev2/trap-any scenario 2015-08-19 11:34:25 +02:00
Andreas Steffen
5f60c55919 Extend HCD attribute data for tnc/tnccs-20-hcd-eap scenario 2015-08-18 21:25:39 +02:00
Andreas Steffen
b19ef52d51 Added reason string support to HCD IMV 2015-08-18 21:25:39 +02:00
Andreas Steffen
627e4b9659 Fixed patches format delimited by CR/LF 2015-08-18 21:25:39 +02:00