diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2006-06-08 21:15:22 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2006-06-08 21:15:22 +0000 |
| commit | 255f9eeba5573317c7584e1780e8e9a0387fc503 (patch) | |
| tree | 46c26b52ce0bc36acfab0f17168d82c057de9898 /regress/sbin | |
| parent | 43fb126db761ce97537742dcf7bc1f01ccb6e78b (diff) | |
Add a transport mode specifier to ike rules. Tunnel mode remains the default.
"looks right" hshoexer@
Diffstat (limited to 'regress/sbin')
| -rw-r--r-- | regress/sbin/ipsecctl/Makefile | 4 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike46.in | 2 | ||||
| -rw-r--r-- | regress/sbin/ipsecctl/ike46.ok | 36 |
3 files changed, 40 insertions, 2 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile index 1ed8d4ade3c..cb1482532ff 100644 --- a/regress/sbin/ipsecctl/Makefile +++ b/regress/sbin/ipsecctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.30 2006/06/08 18:24:32 hshoexer Exp $ +# $OpenBSD: Makefile,v 1.31 2006/06/08 21:15:21 naddy Exp $ # TARGETS # ipsec: feed ipsecNN.in through ipsecctl and check wether the output matches @@ -18,7 +18,7 @@ IKEFAIL=1 3 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 IKETESTS+=16 17 18 19 20 21 22 23 IKETESTS+=29 30 31 32 33 34 35 36 37 38 39 40 -IKETESTS+=41 42 43 44 45 +IKETESTS+=41 42 43 44 45 46 SHELL=/bin/sh diff --git a/regress/sbin/ipsecctl/ike46.in b/regress/sbin/ipsecctl/ike46.in new file mode 100644 index 00000000000..e3f90f6c004 --- /dev/null +++ b/regress/sbin/ipsecctl/ike46.in @@ -0,0 +1,2 @@ +ike esp tunnel from 1.1.1.1 to 2.2.2.2 +ike esp transport from 1.1.1.1 to 2.2.2.2 diff --git a/regress/sbin/ipsecctl/ike46.ok b/regress/sbin/ipsecctl/ike46.ok new file mode 100644 index 00000000000..aab90ab162d --- /dev/null +++ b/regress/sbin/ipsecctl/ike46.ok @@ -0,0 +1,36 @@ +C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force +C set [peer-2.2.2.2]:Phase=1 force +C set [peer-2.2.2.2]:Address=2.2.2.2 force +C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force +C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force +C add [mm-2.2.2.2]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force +C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force +C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force +C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force +C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force +C set [rid-2.2.2.2]:Address=2.2.2.2 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2 +C set [Phase 1]:2.2.2.2=peer-2.2.2.2 force +C set [peer-2.2.2.2]:Phase=1 force +C set [peer-2.2.2.2]:Address=2.2.2.2 force +C set [peer-2.2.2.2]:Configuration=mm-2.2.2.2 force +C set [mm-2.2.2.2]:EXCHANGE_TYPE=ID_PROT force +C add [mm-2.2.2.2]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-2.2.2.2]:Phase=2 force +C set [IPsec-1.1.1.1-2.2.2.2]:ISAKMP-peer=peer-2.2.2.2 force +C set [IPsec-1.1.1.1-2.2.2.2]:Configuration=qm-1.1.1.1-2.2.2.2 force +C set [IPsec-1.1.1.1-2.2.2.2]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-2.2.2.2]:Remote-ID=rid-2.2.2.2 force +C set [qm-1.1.1.1-2.2.2.2]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-2.2.2.2]:Suites=QM-ESP-TRP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-2.2.2.2]:ID-type=IPV4_ADDR force +C set [rid-2.2.2.2]:Address=2.2.2.2 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-2.2.2.2 |