diff options
author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2009-01-20 14:40:37 +0000 |
---|---|---|
committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2009-01-20 14:40:37 +0000 |
commit | c4b9588de5dcd467af1d793af16475da12b4800b (patch) | |
tree | 1a42e8860c92e4e16eb9a292b463352829204512 /regress | |
parent | 66729e2a843c8e9110bf23a513cfbf95d3e04087 (diff) |
Regression tests for source flow NAT support.
OK hshoexer@, markus@.
Diffstat (limited to 'regress')
-rw-r--r-- | regress/sbin/ipsecctl/Makefile | 6 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike61.in | 4 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ike61.ok | 230 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ikefail13.in | 2 | ||||
-rw-r--r-- | regress/sbin/ipsecctl/ikefail13.ok | 2 |
5 files changed, 241 insertions, 3 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile index 0153dc7698e..4fce7c55f97 100644 --- a/regress/sbin/ipsecctl/Makefile +++ b/regress/sbin/ipsecctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.52 2008/12/22 14:08:45 hshoexer Exp $ +# $OpenBSD: Makefile,v 1.53 2009/01/20 14:40:36 mpf Exp $ # you can update the *.ok files with: make -i | patch # TARGETS @@ -15,11 +15,11 @@ TCPMD5TESTS=1 2 3 SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 SAFAIL=1 2 IPSECFAIL=1 2 3 -IKEFAIL=1 3 4 5 6 8 9 10 11 12 +IKEFAIL=1 3 4 5 6 8 9 10 11 12 13 IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 IKETESTS+=16 17 18 19 20 21 22 23 IKETESTS+=29 30 31 32 33 34 35 36 37 38 39 40 -IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 +IKETESTS+=41 42 43 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 IKEDELTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 IKEDELTESTS+=16 17 18 19 20 21 22 23 diff --git a/regress/sbin/ipsecctl/ike61.in b/regress/sbin/ipsecctl/ike61.in new file mode 100644 index 00000000000..ebfe9b4bce8 --- /dev/null +++ b/regress/sbin/ipsecctl/ike61.in @@ -0,0 +1,4 @@ +FROM="{ 2.2.2.0/24 (5.5.5.0/24), 3.3.3.0/24, 4.4.4.0/24 (6.6.6.0/24) }" +TO="{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }" +ike from $FROM to $TO peer 1.1.1.1 +ike passive from 3ffe:1::/64 (affe:1::/64) to 3ffe:2::/64 peer 3ffe::51 diff --git a/regress/sbin/ipsecctl/ike61.ok b/regress/sbin/ipsecctl/ike61.ok new file mode 100644 index 00000000000..0960408fb5d --- /dev/null +++ b/regress/sbin/ipsecctl/ike61.ok @@ -0,0 +1,230 @@ +FROM = "{ 2.2.2.0/24 (5.5.5.0/24), 3.3.3.0/24, 4.4.4.0/24 (6.6.6.0/24) }" +TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }" +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force +C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force +C set [from-2.2.2.0/24-to-5.5.5.0/24]:Local-ID=from-2.2.2.0/24 force +C set [from-2.2.2.0/24-to-5.5.5.0/24]:NAT-ID=nat-5.5.5.0/24 force +C set [from-2.2.2.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force +C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-2.2.2.0/24]:Network=2.2.2.0 force +C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force +C set [nat-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [nat-5.5.5.0/24]:Network=5.5.5.0 force +C set [nat-5.5.5.0/24]:Netmask=255.255.255.0 force +C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-5.5.5.0/24]:Network=5.5.5.0 force +C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force +C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force +C set [from-2.2.2.0/24-to-6.6.6.0/24]:Local-ID=from-2.2.2.0/24 force +C set [from-2.2.2.0/24-to-6.6.6.0/24]:NAT-ID=nat-5.5.5.0/24 force +C set [from-2.2.2.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force +C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-2.2.2.0/24]:Network=2.2.2.0 force +C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force +C set [nat-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [nat-5.5.5.0/24]:Network=5.5.5.0 force +C set [nat-5.5.5.0/24]:Netmask=255.255.255.0 force +C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-6.6.6.0/24]:Network=6.6.6.0 force +C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force +C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force +C set [from-2.2.2.0/24-to-7.7.7.0/24]:Local-ID=from-2.2.2.0/24 force +C set [from-2.2.2.0/24-to-7.7.7.0/24]:NAT-ID=nat-5.5.5.0/24 force +C set [from-2.2.2.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force +C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-2.2.2.0/24]:Network=2.2.2.0 force +C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force +C set [nat-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [nat-5.5.5.0/24]:Network=5.5.5.0 force +C set [nat-5.5.5.0/24]:Netmask=255.255.255.0 force +C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-7.7.7.0/24]:Network=7.7.7.0 force +C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force +C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force +C set [from-3.3.3.0/24-to-5.5.5.0/24]:Local-ID=from-3.3.3.0/24 force +C set [from-3.3.3.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force +C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-3.3.3.0/24]:Network=3.3.3.0 force +C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-5.5.5.0/24]:Network=5.5.5.0 force +C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force +C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force +C set [from-3.3.3.0/24-to-6.6.6.0/24]:Local-ID=from-3.3.3.0/24 force +C set [from-3.3.3.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force +C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-3.3.3.0/24]:Network=3.3.3.0 force +C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-6.6.6.0/24]:Network=6.6.6.0 force +C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force +C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force +C set [from-3.3.3.0/24-to-7.7.7.0/24]:Local-ID=from-3.3.3.0/24 force +C set [from-3.3.3.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force +C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-3.3.3.0/24]:Network=3.3.3.0 force +C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force +C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-7.7.7.0/24]:Network=7.7.7.0 force +C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force +C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force +C set [from-4.4.4.0/24-to-5.5.5.0/24]:Local-ID=from-4.4.4.0/24 force +C set [from-4.4.4.0/24-to-5.5.5.0/24]:NAT-ID=nat-6.6.6.0/24 force +C set [from-4.4.4.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force +C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-4.4.4.0/24]:Network=4.4.4.0 force +C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force +C set [nat-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [nat-6.6.6.0/24]:Network=6.6.6.0 force +C set [nat-6.6.6.0/24]:Netmask=255.255.255.0 force +C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-5.5.5.0/24]:Network=5.5.5.0 force +C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force +C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force +C set [from-4.4.4.0/24-to-6.6.6.0/24]:Local-ID=from-4.4.4.0/24 force +C set [from-4.4.4.0/24-to-6.6.6.0/24]:NAT-ID=nat-6.6.6.0/24 force +C set [from-4.4.4.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force +C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-4.4.4.0/24]:Network=4.4.4.0 force +C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force +C set [nat-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [nat-6.6.6.0/24]:Network=6.6.6.0 force +C set [nat-6.6.6.0/24]:Netmask=255.255.255.0 force +C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-6.6.6.0/24]:Network=6.6.6.0 force +C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24 +C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force +C set [peer-1.1.1.1]:Phase=1 force +C set [peer-1.1.1.1]:Address=1.1.1.1 force +C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force +C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-1.1.1.1]:Transforms=AES-SHA-RSA_SIG force +C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force +C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force +C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force +C set [from-4.4.4.0/24-to-7.7.7.0/24]:Local-ID=from-4.4.4.0/24 force +C set [from-4.4.4.0/24-to-7.7.7.0/24]:NAT-ID=nat-6.6.6.0/24 force +C set [from-4.4.4.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force +C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [from-4.4.4.0/24]:Network=4.4.4.0 force +C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force +C set [nat-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [nat-6.6.6.0/24]:Network=6.6.6.0 force +C set [nat-6.6.6.0/24]:Netmask=255.255.255.0 force +C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [to-7.7.7.0/24]:Network=7.7.7.0 force +C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24 +C set [Phase 1]:3ffe::51=peer-3ffe::51 force +C set [peer-3ffe::51]:Phase=1 force +C set [peer-3ffe::51]:Address=3ffe::51 force +C set [peer-3ffe::51]:Configuration=phase1-peer-3ffe::51 force +C set [phase1-peer-3ffe::51]:EXCHANGE_TYPE=ID_PROT force +C add [phase1-peer-3ffe::51]:Transforms=AES-SHA-RSA_SIG force +C set [from-3ffe:1::/64-to-3ffe:2::/64]:Phase=2 force +C set [from-3ffe:1::/64-to-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force +C set [from-3ffe:1::/64-to-3ffe:2::/64]:Configuration=phase2-from-3ffe:1::/64-to-3ffe:2::/64 force +C set [from-3ffe:1::/64-to-3ffe:2::/64]:Local-ID=from-3ffe:1::/64 force +C set [from-3ffe:1::/64-to-3ffe:2::/64]:NAT-ID=nat-affe:1::/64 force +C set [from-3ffe:1::/64-to-3ffe:2::/64]:Remote-ID=to-3ffe:2::/64 force +C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force +C set [phase2-from-3ffe:1::/64-to-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force +C set [from-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [from-3ffe:1::/64]:Network=3ffe:1:: force +C set [from-3ffe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force +C set [nat-affe:1::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [nat-affe:1::/64]:Network=affe:1:: force +C set [nat-affe:1::/64]:Netmask=ffff:ffff:ffff:ffff:: force +C set [to-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [to-3ffe:2::/64]:Network=3ffe:2:: force +C set [to-3ffe:2::/64]:Netmask=ffff:ffff:ffff:ffff:: force +C add [Phase 2]:Passive-Connections=from-3ffe:1::/64-to-3ffe:2::/64 diff --git a/regress/sbin/ipsecctl/ikefail13.in b/regress/sbin/ipsecctl/ikefail13.in new file mode 100644 index 00000000000..c6b2385ca4f --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail13.in @@ -0,0 +1,2 @@ +# invalid NAT flow combinations +ike from 192.168.1.0/24 (1::2/24) to 172.16.0.0/12 peer 5.5.5.5 diff --git a/regress/sbin/ipsecctl/ikefail13.ok b/regress/sbin/ipsecctl/ikefail13.ok new file mode 100644 index 00000000000..8a9aeec7194 --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail13.ok @@ -0,0 +1,2 @@ +stdin: 2: Flow NAT address family mismatch +ipsecctl: Syntax error in config file: ipsec rules not loaded |