-
Notifications
You must be signed in to change notification settings - Fork 225
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
testing: added first openbsd interop test interop-ikev2-openbsd-01
This replaces an old stub test case. Signed-off-by: Paul Wouters <pwouters@redhat.com>
- Loading branch information
1 parent
c8f2494
commit 5fad89b
Showing
8 changed files
with
76 additions
and
72 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,3 @@ | ||
Basic pluto with IKEv2 using PSK with libreswan on the initiator (west), and openbsd on the responder. | ||
|
||
This is not meant (yet) to run automatically | ||
|
||
opnbsd must have the iked package installed (openiked) | ||
|
||
On openbsd, this will look like: | ||
|
||
openbsd# ipsecctl -s all | ||
FLOWS: | ||
flow esp in from 192.0.1.0/24 to 192.0.2.0/24 peer 192.1.2.45 srcid FQDN/east dstid FQDN/west type use | ||
flow esp out from 192.0.2.0/24 to 192.0.1.0/24 peer 192.1.2.45 srcid FQDN/east dstid FQDN/west type require | ||
flow esp out from ::/0 to ::/0 type deny | ||
|
||
SAD: | ||
esp tunnel from 192.1.2.45 to 192.1.2.23 spi 0x351977b3 auth hmac-sha2-256 enc aes-256 | ||
esp tunnel from 192.1.2.23 to 192.1.2.45 spi 0x531511aa auth hmac-sha2-256 enc aes-256 | ||
|
||
|
||
note it seems openbsd does not properly support an ipv4 and ipv6 tunnel using the same IKE SA | ||
openbsd must have the iked package installed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
# check output on openbsd end | ||
test -f /sbin/ipsecctl && ipsecctl -s all | ||
test -f /sbin/ipsecctl && ipsecctl -s all | sort | ||
../bin/check-for-core.sh | ||
if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi | ||
: ==== end ==== |
File renamed without changes.
37 changes: 37 additions & 0 deletions
37
testing/pluto/interop-ikev2-openbsd-01/openbsde.console.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# note swan-prep does not yet supprt iked | ||
# note swan-prep does not yet supprtoes not yet supprt iked | ||
openbsde # | ||
#/testing/guestbin/swan-prep | ||
#/testing/guestbin/swan-prep | ||
openbsde # | ||
cp openbsde.conf /etc/iked.conf | ||
cp openbsde.conf /etc/iked.conf | ||
openbsde # | ||
chmod 600 /etc/iked.conf | ||
chmod 600 /etc/iked.conf | ||
openbsde # | ||
/sbin/iked | ||
/sbin/iked | ||
openbsde # | ||
echo "initdone" | ||
echo "initdone" | ||
initdone | ||
openbsde # | ||
# check output on openbsd end | ||
# check output on openbsd end | ||
openbsde # | ||
test -f /sbin/ipsecctl && ipsecctl -s all | sort | ||
test -f /sbin/ipsecctl && ipsecctl -cctl && ipsecctl -s all | sort | ||
FLOWS: | ||
SAD: | ||
esp tunnel from 192.1.2.23 to 192.1.2.45 spi 0xSPISPI auth hmac-sha2-256 enc aes-256 | ||
esp tunnel from 192.1.2.45 to 192.1.2.23 spi 0xSPISPI auth hmac-sha2-256 enc aes-256 | ||
flow esp in from 192.0.1.0/24 to 192.0.2.0/24 peer 192.1.2.45 srcid FQDN/east dstid FQDN/west type require | ||
flow esp out from 192.0.2.0/24 to 192.0.1.0/24 peer 192.1.2.45 srcid FQDN/east dstid FQDN/west type require | ||
openbsde # | ||
../bin/check-for-core.sh | ||
../bin/check-for-core.sh | ||
openbsde # | ||
if [ -f /sbin/ausearch ]; then ausearch -r -m avc -ts recent ; fi | ||
if [ -f /sbin/ausearch ]; then auseaarch ]; then ausearch -r -m avc -ts recent ; fi | ||
|
2 changes: 1 addition & 1 deletion
2
...luto/interop-ikev2-openbsd-01/eastinit.sh → .../interop-ikev2-openbsd-01/openbsdeinit.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
# note swan-prep does not yet supprt iked | ||
#/testing/guestbin/swan-prep | ||
cp east.conf /etc/iked.conf | ||
cp openbsde.conf /etc/iked.conf | ||
chmod 600 /etc/iked.conf | ||
/sbin/iked | ||
echo "initdone" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/sh | ||
|
||
. ../../default-testparams.sh | ||
OPENBSDE_CONSOLE_FIXUPS="$REF_CONSOLE_FIXUPS openbsd.sed" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters