src - OpenBSD base system

diff options


context:
space:
mode:

author	Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org>	2005-09-05 08:49:53 +0000
committer	Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org>	2005-09-05 08:49:53 +0000
commit	087cdb6508b39352d66582b671c4aa8df110c136 (patch)
tree	0943a93776388bc3bd1ae7c362741076ee290c90 /regress/sbin
parent	fd311cf2f2be1b57301856ad9430c95537e7ab01 (diff)

regression tests for isakmp/ike

Diffstat (limited to 'regress/sbin')

-rw-r--r--

regress/sbin/ipsecctl/ike1.in

-rw-r--r--

regress/sbin/ipsecctl/ike1.ok

-rw-r--r--

regress/sbin/ipsecctl/ike2.in

-rw-r--r--

regress/sbin/ipsecctl/ike2.ok

-rw-r--r--

regress/sbin/ipsecctl/ike3.in

-rw-r--r--

regress/sbin/ipsecctl/ike3.ok

-rw-r--r--

regress/sbin/ipsecctl/ike4.in

-rw-r--r--

regress/sbin/ipsecctl/ike4.ok

-rw-r--r--

regress/sbin/ipsecctl/ike5.in

-rw-r--r--

regress/sbin/ipsecctl/ike5.ok

-rw-r--r--

regress/sbin/ipsecctl/ike6.in

-rw-r--r--

regress/sbin/ipsecctl/ike6.ok

-rw-r--r--

regress/sbin/ipsecctl/ike7.in

-rw-r--r--

regress/sbin/ipsecctl/ike7.ok

14 files changed, 206 insertions, 0 deletions

diff --git a/regress/sbin/ipsecctl/ike1.in b/regress/sbin/ipsecctl/ike1.in
new file mode 100644
index 00000000000..c627e0e9f7d
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike1.in

@@ -0,0 +1 @@

+ike from 131.188.33.51 to 131.188.33.29

diff --git a/regress/sbin/ipsecctl/ike1.ok b/regress/sbin/ipsecctl/ike1.ok
new file mode 100644
index 00000000000..428815b3f94
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike1.ok

@@ -0,0 +1,15 @@

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force

+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force

+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force

+C set [lid-131.188.33.51]:Address=131.188.33.51 force

+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force

+C set [rid-131.188.33.29]:Address=131.188.33.29 force

+t IPsec-131.188.33.51-131.188.33.29

+c IPsec-131.188.33.51-131.188.33.29

diff --git a/regress/sbin/ipsecctl/ike2.in b/regress/sbin/ipsecctl/ike2.in
new file mode 100644
index 00000000000..8e67139c336
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike2.in

@@ -0,0 +1 @@

+ike from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29

diff --git a/regress/sbin/ipsecctl/ike2.ok b/regress/sbin/ipsecctl/ike2.ok
new file mode 100644
index 00000000000..8e7b78b2a3a
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike2.ok

@@ -0,0 +1,17 @@

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force

+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force

+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force

+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force

+t IPsec-10.1.1.0/24-10.1.2.0/24

+c IPsec-10.1.1.0/24-10.1.2.0/24

diff --git a/regress/sbin/ipsecctl/ike3.in b/regress/sbin/ipsecctl/ike3.in
new file mode 100644
index 00000000000..4dec756edfb
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike3.in

@@ -0,0 +1,2 @@

+ike from 131.188.33.51 to 131.188.33.29 \

+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de

diff --git a/regress/sbin/ipsecctl/ike3.ok b/regress/sbin/ipsecctl/ike3.ok
new file mode 100644
index 00000000000..934da8754e9
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike3.ok

@@ -0,0 +1,21 @@

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [peer-131.188.33.29]:ID=local-ID force

+C set [local-ID]:ID-type=FQDN force

+C set [local-ID]:Name=sharleena.as10.net force

+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force

+C set [131.188.33.29-ID]:ID-type=FQDN force

+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force

+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force

+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force

+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force

+C set [lid-131.188.33.51]:Address=131.188.33.51 force

+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force

+C set [rid-131.188.33.29]:Address=131.188.33.29 force

+t IPsec-131.188.33.51-131.188.33.29

+c IPsec-131.188.33.51-131.188.33.29

diff --git a/regress/sbin/ipsecctl/ike4.in b/regress/sbin/ipsecctl/ike4.in
new file mode 100644
index 00000000000..3bd0446aaa7
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike4.in

@@ -0,0 +1,2 @@

+ike from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29 \

+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de

diff --git a/regress/sbin/ipsecctl/ike4.ok b/regress/sbin/ipsecctl/ike4.ok
new file mode 100644
index 00000000000..b4a9fb8da43
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike4.ok

@@ -0,0 +1,23 @@

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [peer-131.188.33.29]:ID=local-ID force

+C set [local-ID]:ID-type=FQDN force

+C set [local-ID]:Name=sharleena.as10.net force

+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force

+C set [131.188.33.29-ID]:ID-type=FQDN force

+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force

+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force

+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force

+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force

+t IPsec-10.1.1.0/24-10.1.2.0/24

+c IPsec-10.1.1.0/24-10.1.2.0/24

diff --git a/regress/sbin/ipsecctl/ike5.in b/regress/sbin/ipsecctl/ike5.in
new file mode 100644
index 00000000000..b46ddc016a7
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike5.in

@@ -0,0 +1,8 @@

+ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29 \

+ main auth sha1 enc 3des \

+ quick auth hmac-sha1 enc 3des \

+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de

+ike esp from 131.188.33.51 to 131.188.33.29 \

+ main auth sha1 enc aes \

+ quick auth hmac-sha2-256 enc aes \

+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de

diff --git a/regress/sbin/ipsecctl/ike5.ok b/regress/sbin/ipsecctl/ike5.ok
new file mode 100644
index 00000000000..4eaef03431b
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike5.ok

@@ -0,0 +1,50 @@

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force

+C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force

+C add [mm-131.188.33.29]:Transforms=3DES-SHA-RSA_SIG

+C set [peer-131.188.33.29]:ID=local-ID force

+C set [local-ID]:ID-type=FQDN force

+C set [local-ID]:Name=sharleena.as10.net force

+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force

+C set [131.188.33.29-ID]:ID-type=FQDN force

+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-SUITE force

+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force

+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force

+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force

+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force

+t IPsec-10.1.1.0/24-10.1.2.0/24

+c IPsec-10.1.1.0/24-10.1.2.0/24

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force

+C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force

+C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG

+C set [peer-131.188.33.29]:ID=local-ID force

+C set [local-ID]:ID-type=FQDN force

+C set [local-ID]:Name=sharleena.as10.net force

+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force

+C set [131.188.33.29-ID]:ID-type=FQDN force

+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force

+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force

+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force

+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force

+C set [lid-131.188.33.51]:Address=131.188.33.51 force

+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force

+C set [rid-131.188.33.29]:Address=131.188.33.29 force

+t IPsec-131.188.33.51-131.188.33.29

+c IPsec-131.188.33.51-131.188.33.29

diff --git a/regress/sbin/ipsecctl/ike6.in b/regress/sbin/ipsecctl/ike6.in
new file mode 100644
index 00000000000..9ae17618490
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike6.in

@@ -0,0 +1,2 @@

+ike from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29

+ike from 131.188.33.51 to 131.188.33.29

diff --git a/regress/sbin/ipsecctl/ike6.ok b/regress/sbin/ipsecctl/ike6.ok
new file mode 100644
index 00000000000..938fa5334b7
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike6.ok

@@ -0,0 +1,32 @@

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force

+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force

+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force

+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force

+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force

+t IPsec-10.1.1.0/24-10.1.2.0/24

+c IPsec-10.1.1.0/24-10.1.2.0/24

+C set [peer-131.188.33.29]:Phase=1 force

+C set [peer-131.188.33.29]:Address=131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force

+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force

+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force

+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force

+C set [lid-131.188.33.51]:Address=131.188.33.51 force

+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force

+C set [rid-131.188.33.29]:Address=131.188.33.29 force

+t IPsec-131.188.33.51-131.188.33.29

+c IPsec-131.188.33.51-131.188.33.29

diff --git a/regress/sbin/ipsecctl/ike7.in b/regress/sbin/ipsecctl/ike7.in
new file mode 100644
index 00000000000..90197b85e6c
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike7.in

@@ -0,0 +1,2 @@

+ike passive from 10.1.2.0/24 to 10.1.1.0/24 peer 131.188.33.51

+ike passive from 131.188.33.29 to 131.188.33.51

diff --git a/regress/sbin/ipsecctl/ike7.ok b/regress/sbin/ipsecctl/ike7.ok
new file mode 100644
index 00000000000..c2c19614781
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike7.ok

@@ -0,0 +1,30 @@

+C set [peer-131.188.33.51]:Phase=1 force

+C set [peer-131.188.33.51]:Address=131.188.33.51 force

+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Phase=2 force

+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force

+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Configuration=qm-10.1.2.0/24-10.1.1.0/24 force

+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Local-ID=lid-10.1.2.0/24 force

+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Remote-ID=rid-10.1.1.0/24 force

+C set [qm-10.1.2.0/24-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-10.1.2.0/24-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [lid-10.1.2.0/24]:Network=10.1.2.0 force

+C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force

+C set [rid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force

+C set [rid-10.1.1.0/24]:Network=10.1.1.0 force

+C set [rid-10.1.1.0/24]:Netmask=255.255.255.0 force

+C add [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24

+C set [peer-131.188.33.51]:Phase=1 force

+C set [peer-131.188.33.51]:Address=131.188.33.51 force

+C set [IPsec-131.188.33.29-131.188.33.51]:Phase=2 force

+C set [IPsec-131.188.33.29-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force

+C set [IPsec-131.188.33.29-131.188.33.51]:Configuration=qm-131.188.33.29-131.188.33.51 force

+C set [IPsec-131.188.33.29-131.188.33.51]:Local-ID=lid-131.188.33.29 force

+C set [IPsec-131.188.33.29-131.188.33.51]:Remote-ID=rid-131.188.33.51 force

+C set [qm-131.188.33.29-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE force

+C set [qm-131.188.33.29-131.188.33.51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force

+C set [lid-131.188.33.29]:ID-type=IPV4_ADDR force

+C set [lid-131.188.33.29]:Address=131.188.33.29 force

+C set [rid-131.188.33.51]:ID-type=IPV4_ADDR force

+C set [rid-131.188.33.51]:Address=131.188.33.51 force

+C add [Phase 2]:Passive-Connections=IPsec-131.188.33.29-131.188.33.51