diff options
93 files changed, 810 insertions, 2 deletions
diff --git a/regress/sbin/ipsecctl/Makefile b/regress/sbin/ipsecctl/Makefile index 4f1fb06c536..0f662305c16 100644 --- a/regress/sbin/ipsecctl/Makefile +++ b/regress/sbin/ipsecctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.22 2006/05/30 19:36:54 hshoexer Exp $ +# $OpenBSD: Makefile,v 1.23 2006/05/31 11:34:24 todd Exp $ # TARGETS # ipsec: feed ipsecNN.in through ipsecctl and check wether the output matches @@ -8,10 +8,16 @@ # ike: same as above, but for ike rules. IPSECTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 +IPSECTESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 40 41 42 43 44 +#IPSECTESTS+=39 TCPMD5TESTS=1 2 3 SATESTS=1 2 3 4 5 6 7 8 9 10 11 12 SAFAIL=1 -IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 +IPSECFAIL=1 2 +IKEFAIL=1 +IKETESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 +#IKETESTS+=16 17 18 19 20 21 22 23 24 +#IKETESTS+=25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 SHELL=/bin/sh @@ -49,6 +55,14 @@ safail${n}: ipsecctl -nv -f - 2>&1 | diff -u ${.CURDIR}/safail${n}.ok /dev/stdin .endfor +.for n in ${IPSECFAIL} +IPSECFAIL_TARGETS+=ipsecfail${n} + +ipsecfail${n}: + cat ${.CURDIR}/ipsecfail${n}.in | sed -e 's,DIR,${.CURDIR},g' | \ + ipsecctl -nv -f - 2>&1 | diff -u ${.CURDIR}/ipsecfail${n}.ok /dev/stdin +.endfor + .for n in ${IKETESTS} IKE_TARGETS+=ike${n} @@ -57,6 +71,14 @@ ike${n}: ipsecctl -nv -f - | diff -u ${.CURDIR}/ike${n}.ok /dev/stdin .endfor +.for n in ${IKEFAIL} +IKEFAIL_TARGETS+=ikefail${n} + +ikefail${n}: + cat ${.CURDIR}/ikefail${n}.in | sed -e 's,DIR,${.CURDIR},g' | \ + ipsecctl -nv -f - 2>&1 | diff -u ${.CURDIR}/ikefail${n}.ok /dev/stdin +.endfor + ipsec: ${IPSEC_TARGETS} REGRESS_TARGETS+=ipsec @@ -69,9 +91,15 @@ REGRESS_TARGETS+=sa safail: ${SAFAIL_TARGETS} REGRESS_TARGETS+=safail +ipsecfail: ${IPSECFAIL_TARGETS} +REGRESS_TARGETS+=ipsecfail + ike: ${IKE_TARGETS} REGRESS_TARGETS+=ike +ikefail: ${IKEFAIL_TARGETS} +REGRESS_TARGETS+=ikefail + alltests: ${REGRESS_TARGETS} .PHONY: ${REGRESS_TARGETS} diff --git a/regress/sbin/ipsecctl/ike15.in b/regress/sbin/ipsecctl/ike15.in new file mode 100644 index 00000000000..4470dc3b316 --- /dev/null +++ b/regress/sbin/ipsecctl/ike15.in @@ -0,0 +1,2 @@ +ike from 10.1.1.0/24 to 10.1.2.0/24 peer 3ffe::1 \ + srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de diff --git a/regress/sbin/ipsecctl/ike15.ok b/regress/sbin/ipsecctl/ike15.ok new file mode 100644 index 00000000000..5e69d1ec014 --- /dev/null +++ b/regress/sbin/ipsecctl/ike15.ok @@ -0,0 +1,26 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe::1]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=sharleena.as10.net force +C set [peer-3ffe::1]:Remote-ID=3ffe::1-ID force +C set [3ffe::1-ID]:ID-type=FQDN force +C set [3ffe::1-ID]:Name=faui31o.informatik.uni-erlangen.de force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force +C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-10.1.1.0/24]:Network=10.1.1.0 force +C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force +C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-10.1.2.0/24]:Network=10.1.2.0 force +C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24 diff --git a/regress/sbin/ipsecctl/ike16.in b/regress/sbin/ipsecctl/ike16.in new file mode 100644 index 00000000000..bd4e41639f8 --- /dev/null +++ b/regress/sbin/ipsecctl/ike16.in @@ -0,0 +1,8 @@ +ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 3ffe::29 \ + main auth hmac-sha1 enc 3des group modp3072 \ + quick auth hmac-sha1 enc 3des group modp3072 \ + srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de +ike esp from 3ffe::51 to 3ffe::29 \ + main auth hmac-sha1 enc aes group modp3072 \ + quick auth hmac-sha2-256 enc aes group modp3072 \ + srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de diff --git a/regress/sbin/ipsecctl/ike16.ok b/regress/sbin/ipsecctl/ike16.ok new file mode 100644 index 00000000000..b3e0098857d --- /dev/null +++ b/regress/sbin/ipsecctl/ike16.ok @@ -0,0 +1,50 @@ +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe::29]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=sharleena.as10.net force +C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force +C set [3ffe::29-ID]:ID-type=FQDN force +C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force +C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force +C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-10.1.1.0/24]:Network=10.1.1.0 force +C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force +C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-10.1.2.0/24]:Network=10.1.2.0 force +C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24 +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe::29]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=sharleena.as10.net force +C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force +C set [3ffe::29-ID]:ID-type=FQDN force +C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force +C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force +C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force +C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force +C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::51]:ID-type=IPV6_ADDR force +C set [lid-3ffe::51]:Address=3ffe::51 force +C set [rid-3ffe::29]:ID-type=IPV6_ADDR force +C set [rid-3ffe::29]:Address=3ffe::29 force +C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29 diff --git a/regress/sbin/ipsecctl/ike17.in b/regress/sbin/ipsecctl/ike17.in new file mode 100644 index 00000000000..60cc40a8538 --- /dev/null +++ b/regress/sbin/ipsecctl/ike17.in @@ -0,0 +1,2 @@ +ike from 10.1.1.0/24 to 10.1.2.0/24 peer 3ffe::29 +ike from 3ffe::51 to 3ffe::29 diff --git a/regress/sbin/ipsecctl/ike17.ok b/regress/sbin/ipsecctl/ike17.ok new file mode 100644 index 00000000000..242622d29d1 --- /dev/null +++ b/regress/sbin/ipsecctl/ike17.ok @@ -0,0 +1,38 @@ +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force +C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-10.1.1.0/24]:Network=10.1.1.0 force +C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force +C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-10.1.2.0/24]:Network=10.1.2.0 force +C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24 +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force +C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force +C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force +C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::51]:ID-type=IPV6_ADDR force +C set [lid-3ffe::51]:Address=3ffe::51 force +C set [rid-3ffe::29]:ID-type=IPV6_ADDR force +C set [rid-3ffe::29]:Address=3ffe::29 force +C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29 diff --git a/regress/sbin/ipsecctl/ike18.in b/regress/sbin/ipsecctl/ike18.in new file mode 100644 index 00000000000..7fabcbf797a --- /dev/null +++ b/regress/sbin/ipsecctl/ike18.in @@ -0,0 +1,2 @@ +ike passive from 10.1.2.0/24 to 10.1.1.0/24 peer 3ffe::51 +ike passive from 3ffe::29 to 3ffe::51 diff --git a/regress/sbin/ipsecctl/ike18.ok b/regress/sbin/ipsecctl/ike18.ok new file mode 100644 index 00000000000..0b7e7200e43 --- /dev/null +++ b/regress/sbin/ipsecctl/ike18.ok @@ -0,0 +1,38 @@ +C set [Phase 1]:3ffe::51=peer-3ffe::51 force +C set [peer-3ffe::51]:Phase=1 force +C set [peer-3ffe::51]:Address=3ffe::51 force +C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force +C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::51]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Phase=2 force +C set [IPsec-10.1.2.0/24-10.1.1.0/24]:ISAKMP-peer=peer-3ffe::51 force +C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Configuration=qm-10.1.2.0/24-10.1.1.0/24 force +C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Local-ID=lid-10.1.2.0/24 force +C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Remote-ID=rid-10.1.1.0/24 force +C set [qm-10.1.2.0/24-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-10.1.2.0/24-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-10.1.2.0/24]:Network=10.1.2.0 force +C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force +C set [rid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-10.1.1.0/24]:Network=10.1.1.0 force +C set [rid-10.1.1.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24 +C set [Phase 1]:3ffe::51=peer-3ffe::51 force +C set [peer-3ffe::51]:Phase=1 force +C set [peer-3ffe::51]:Address=3ffe::51 force +C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force +C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::51]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::29-3ffe::51]:Phase=2 force +C set [IPsec-3ffe::29-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force +C set [IPsec-3ffe::29-3ffe::51]:Configuration=qm-3ffe::29-3ffe::51 force +C set [IPsec-3ffe::29-3ffe::51]:Local-ID=lid-3ffe::29 force +C set [IPsec-3ffe::29-3ffe::51]:Remote-ID=rid-3ffe::51 force +C set [qm-3ffe::29-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::29-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::29]:ID-type=IPV6_ADDR force +C set [lid-3ffe::29]:Address=3ffe::29 force +C set [rid-3ffe::51]:ID-type=IPV6_ADDR force +C set [rid-3ffe::51]:Address=3ffe::51 force +C add [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51 diff --git a/regress/sbin/ipsecctl/ike19.in b/regress/sbin/ipsecctl/ike19.in new file mode 100644 index 00000000000..d4e3fdb1df8 --- /dev/null +++ b/regress/sbin/ipsecctl/ike19.in @@ -0,0 +1 @@ +ike from 1.1.1.1 to any peer 3ffe::1 diff --git a/regress/sbin/ipsecctl/ike19.ok b/regress/sbin/ipsecctl/ike19.ok new file mode 100644 index 00000000000..854aa89d9b9 --- /dev/null +++ b/regress/sbin/ipsecctl/ike19.ok @@ -0,0 +1,19 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force +C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-0.0.0.0/0]:Network=0.0.0.0 force +C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0 diff --git a/regress/sbin/ipsecctl/ike20.in b/regress/sbin/ipsecctl/ike20.in new file mode 100644 index 00000000000..c7f1d04ad70 --- /dev/null +++ b/regress/sbin/ipsecctl/ike20.in @@ -0,0 +1,2 @@ +ike from 1.1.1.1 to any local 192.168.3.2 peer 192.168.3.1 +ike from 1.1.1.1 to any peer 192.168.3.1 local 192.168.3.2 diff --git a/regress/sbin/ipsecctl/ike20.ok b/regress/sbin/ipsecctl/ike20.ok new file mode 100644 index 00000000000..960af35a974 --- /dev/null +++ b/regress/sbin/ipsecctl/ike20.ok @@ -0,0 +1,40 @@ +C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force +C set [peer-192.168.3.1]:Phase=1 force +C set [peer-192.168.3.1]:Address=192.168.3.1 force +C set [peer-192.168.3.1]:Local-address=192.168.3.2 force +C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force +C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-192.168.3.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force +C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-0.0.0.0/0]:Network=0.0.0.0 force +C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0 +C set [Phase 1]:192.168.3.1=peer-192.168.3.1 force +C set [peer-192.168.3.1]:Phase=1 force +C set [peer-192.168.3.1]:Address=192.168.3.1 force +C set [peer-192.168.3.1]:Local-address=192.168.3.2 force +C set [peer-192.168.3.1]:Configuration=mm-192.168.3.1 force +C set [mm-192.168.3.1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-192.168.3.1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Phase=2 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Configuration=qm-1.1.1.1-0.0.0.0/0 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Local-ID=lid-1.1.1.1 force +C set [IPsec-1.1.1.1-0.0.0.0/0]:Remote-ID=rid-0.0.0.0/0 force +C set [qm-1.1.1.1-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-1.1.1.1-0.0.0.0/0]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-1.1.1.1]:ID-type=IPV4_ADDR force +C set [lid-1.1.1.1]:Address=1.1.1.1 force +C set [rid-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-0.0.0.0/0]:Network=0.0.0.0 force +C set [rid-0.0.0.0/0]:Netmask=0.0.0.0 force +C add [Phase 2]:Connections=IPsec-1.1.1.1-0.0.0.0/0 diff --git a/regress/sbin/ipsecctl/ike21.in b/regress/sbin/ipsecctl/ike21.in new file mode 100644 index 00000000000..213c71e19fc --- /dev/null +++ b/regress/sbin/ipsecctl/ike21.in @@ -0,0 +1 @@ +ike from 3ffe::1 to 3ffe::2 diff --git a/regress/sbin/ipsecctl/ike21.ok b/regress/sbin/ipsecctl/ike21.ok new file mode 100644 index 00000000000..37519a126aa --- /dev/null +++ b/regress/sbin/ipsecctl/ike21.ok @@ -0,0 +1,18 @@ +C set [Phase 1]:3ffe::2=peer-3ffe::2 force +C set [peer-3ffe::2]:Phase=1 force +C set [peer-3ffe::2]:Address=3ffe::2 force +C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force +C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::2]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::1-3ffe::2]:Phase=2 force +C set [IPsec-3ffe::1-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force +C set [IPsec-3ffe::1-3ffe::2]:Configuration=qm-3ffe::1-3ffe::2 force +C set [IPsec-3ffe::1-3ffe::2]:Local-ID=lid-3ffe::1 force +C set [IPsec-3ffe::1-3ffe::2]:Remote-ID=rid-3ffe::2 force +C set [qm-3ffe::1-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::1-3ffe::2]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::1]:ID-type=IPV6_ADDR force +C set [lid-3ffe::1]:Address=3ffe::1 force +C set [rid-3ffe::2]:ID-type=IPV6_ADDR force +C set [rid-3ffe::2]:Address=3ffe::2 force +C add [Phase 2]:Connections=IPsec-3ffe::1-3ffe::2 diff --git a/regress/sbin/ipsecctl/ike22.in b/regress/sbin/ipsecctl/ike22.in new file mode 100644 index 00000000000..ddc4a19e1a7 --- /dev/null +++ b/regress/sbin/ipsecctl/ike22.in @@ -0,0 +1 @@ +ike from 10.1.1.0/24 to 10.1.2.0/24 peer 3ffe::1 diff --git a/regress/sbin/ipsecctl/ike22.ok b/regress/sbin/ipsecctl/ike22.ok new file mode 100644 index 00000000000..bd769d1ac59 --- /dev/null +++ b/regress/sbin/ipsecctl/ike22.ok @@ -0,0 +1,20 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force +C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force +C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-10.1.1.0/24]:Network=10.1.1.0 force +C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force +C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-10.1.2.0/24]:Network=10.1.2.0 force +C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-10.1.1.0/24-10.1.2.0/24 diff --git a/regress/sbin/ipsecctl/ike23.in b/regress/sbin/ipsecctl/ike23.in new file mode 100644 index 00000000000..2b129c8f2fe --- /dev/null +++ b/regress/sbin/ipsecctl/ike23.in @@ -0,0 +1,2 @@ +ike from 3ffe::51 to 3ffe::29 \ + srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de diff --git a/regress/sbin/ipsecctl/ike23.ok b/regress/sbin/ipsecctl/ike23.ok new file mode 100644 index 00000000000..6e87e0a8d8d --- /dev/null +++ b/regress/sbin/ipsecctl/ike23.ok @@ -0,0 +1,24 @@ +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe::29]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=sharleena.as10.net force +C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force +C set [3ffe::29-ID]:ID-type=FQDN force +C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force +C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force +C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force +C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force +C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::51]:ID-type=IPV6_ADDR force +C set [lid-3ffe::51]:Address=3ffe::51 force +C set [rid-3ffe::29]:ID-type=IPV6_ADDR force +C set [rid-3ffe::29]:Address=3ffe::29 force +C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29 diff --git a/regress/sbin/ipsecctl/ike29.in b/regress/sbin/ipsecctl/ike29.in new file mode 100644 index 00000000000..d3f6c5b81a6 --- /dev/null +++ b/regress/sbin/ipsecctl/ike29.in @@ -0,0 +1 @@ +ike dynamic esp from 3ffe:3::/64 to 3ffe:4::/64 peer 3ffe:2::1 srcid noname.my.domain diff --git a/regress/sbin/ipsecctl/ike29.ok b/regress/sbin/ipsecctl/ike29.ok new file mode 100644 index 00000000000..1cd78d69812 --- /dev/null +++ b/regress/sbin/ipsecctl/ike29.ok @@ -0,0 +1,25 @@ +C set [General]:Check-interval=30 force +C set [General]:DPD-check-interval=5 force +C set [Phase 1]:3ffe:2::1=peer-3ffe:2::1 force +C set [peer-3ffe:2::1]:Phase=1 force +C set [peer-3ffe:2::1]:Address=3ffe:2::1 force +C set [peer-3ffe:2::1]:Configuration=mm-3ffe:2::1 force +C set [mm-3ffe:2::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe:2::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe:2::1]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=noname.my.domain force +C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Phase=2 force +C set [IPsec-3ffe:3::/64-3ffe:4::/64]:ISAKMP-peer=peer-3ffe:2::1 force +C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Configuration=qm-3ffe:3::/64-3ffe:4::/64 force +C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Local-ID=lid-3ffe:3::/64 force +C set [IPsec-3ffe:3::/64-3ffe:4::/64]:Remote-ID=rid-3ffe:4::/64 force +C set [qm-3ffe:3::/64-3ffe:4::/64]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe:3::/64-3ffe:4::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe:3::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [lid-3ffe:3::/64]:Network=3ffe:3:: force +C set [lid-3ffe:3::/64]:Netmask=255.255.255.255 force +C set [rid-3ffe:4::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [rid-3ffe:4::/64]:Network=3ffe:4:: force +C set [rid-3ffe:4::/64]:Netmask=255.255.255.255 force +C add [Phase 2]:Connections=IPsec-3ffe:3::/64-3ffe:4::/64 diff --git a/regress/sbin/ipsecctl/ike30.in b/regress/sbin/ipsecctl/ike30.in new file mode 100644 index 00000000000..c09a378cdf9 --- /dev/null +++ b/regress/sbin/ipsecctl/ike30.in @@ -0,0 +1 @@ +ike esp proto etherip from 3ffe::1 to 3ffe::2 diff --git a/regress/sbin/ipsecctl/ike30.ok b/regress/sbin/ipsecctl/ike30.ok new file mode 100644 index 00000000000..4e31e8b6fdc --- /dev/null +++ b/regress/sbin/ipsecctl/ike30.ok @@ -0,0 +1,20 @@ +C set [Phase 1]:3ffe::2=peer-3ffe::2 force +C set [peer-3ffe::2]:Phase=1 force +C set [peer-3ffe::2]:Address=3ffe::2 force +C set [peer-3ffe::2]:Configuration=mm-3ffe::2 force +C set [mm-3ffe::2]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::2]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::1-3ffe::2]:Phase=2 force +C set [IPsec-3ffe::1-3ffe::2]:ISAKMP-peer=peer-3ffe::2 force +C set [IPsec-3ffe::1-3ffe::2]:Configuration=qm-3ffe::1-3ffe::2 force +C set [IPsec-3ffe::1-3ffe::2]:Local-ID=lid-3ffe::1 force +C set [IPsec-3ffe::1-3ffe::2]:Remote-ID=rid-3ffe::2 force +C set [qm-3ffe::1-3ffe::2]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::1-3ffe::2]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::1]:ID-type=IPV6_ADDR force +C set [lid-3ffe::1]:Address=3ffe::1 force +C set [rid-3ffe::2]:ID-type=IPV6_ADDR force +C set [rid-3ffe::2]:Address=3ffe::2 force +C set [lid-3ffe::1]:Protocol=97 force +C set [rid-3ffe::2]:Protocol=97 force +C add [Phase 2]:Connections=IPsec-3ffe::1-3ffe::2 diff --git a/regress/sbin/ipsecctl/ike31.in b/regress/sbin/ipsecctl/ike31.in new file mode 100644 index 00000000000..c818df63fbd --- /dev/null +++ b/regress/sbin/ipsecctl/ike31.in @@ -0,0 +1 @@ +ike from 3ffe:2::1 to any peer 3ffe::1 diff --git a/regress/sbin/ipsecctl/ike31.ok b/regress/sbin/ipsecctl/ike31.ok new file mode 100644 index 00000000000..46c7bdb7e8f --- /dev/null +++ b/regress/sbin/ipsecctl/ike31.ok @@ -0,0 +1,19 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe:2::1-::/0]:Phase=2 force +C set [IPsec-3ffe:2::1-::/0]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-3ffe:2::1-::/0]:Configuration=qm-3ffe:2::1-::/0 force +C set [IPsec-3ffe:2::1-::/0]:Local-ID=lid-3ffe:2::1 force +C set [IPsec-3ffe:2::1-::/0]:Remote-ID=rid-::/0 force +C set [qm-3ffe:2::1-::/0]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe:2::1-::/0]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe:2::1]:ID-type=IPV6_ADDR force +C set [lid-3ffe:2::1]:Address=3ffe:2::1 force +C set [rid-::/0]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-::/0]:Network=0.0.0.0 force +C set [rid-::/0]:Netmask=0.0.0.0 force +C add [Phase 2]:Connections=IPsec-3ffe:2::1-::/0 diff --git a/regress/sbin/ipsecctl/ike32.in b/regress/sbin/ipsecctl/ike32.in new file mode 100644 index 00000000000..8ad27e31ef7 --- /dev/null +++ b/regress/sbin/ipsecctl/ike32.in @@ -0,0 +1 @@ +ike from 3ffe::1/24 to 10.1.2.0/24 peer 3ffe::1 diff --git a/regress/sbin/ipsecctl/ike32.ok b/regress/sbin/ipsecctl/ike32.ok new file mode 100644 index 00000000000..a7981fb0a90 --- /dev/null +++ b/regress/sbin/ipsecctl/ike32.ok @@ -0,0 +1,20 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Phase=2 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Configuration=qm-3ffe::1/24-10.1.2.0/24 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Local-ID=lid-3ffe::1/24 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force +C set [qm-3ffe::1/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::1/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force +C set [lid-3ffe::1/24]:Network=3ffe::1 force +C set [lid-3ffe::1/24]:Netmask=255.255.255.0 force +C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-10.1.2.0/24]:Network=10.1.2.0 force +C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-3ffe::1/24-10.1.2.0/24 diff --git a/regress/sbin/ipsecctl/ike33.in b/regress/sbin/ipsecctl/ike33.in new file mode 100644 index 00000000000..db240853665 --- /dev/null +++ b/regress/sbin/ipsecctl/ike33.in @@ -0,0 +1 @@ +ike from 10.1.2.0/24 to 3ffe::1/24 peer 3ffe::1 diff --git a/regress/sbin/ipsecctl/ike33.ok b/regress/sbin/ipsecctl/ike33.ok new file mode 100644 index 00000000000..40089d0be3a --- /dev/null +++ b/regress/sbin/ipsecctl/ike33.ok @@ -0,0 +1,20 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Phase=2 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Configuration=qm-10.1.2.0/24-3ffe::1/24 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Local-ID=lid-10.1.2.0/24 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Remote-ID=rid-3ffe::1/24 force +C set [qm-10.1.2.0/24-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-10.1.2.0/24-3ffe::1/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-10.1.2.0/24]:Network=10.1.2.0 force +C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force +C set [rid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force +C set [rid-3ffe::1/24]:Network=3ffe::1 force +C set [rid-3ffe::1/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-10.1.2.0/24-3ffe::1/24 diff --git a/regress/sbin/ipsecctl/ike34.in b/regress/sbin/ipsecctl/ike34.in new file mode 100644 index 00000000000..a0375f0c14c --- /dev/null +++ b/regress/sbin/ipsecctl/ike34.in @@ -0,0 +1 @@ +ike from 3ffe::1/24 to 10.1.2.0/24 peer 1.2.3.4 diff --git a/regress/sbin/ipsecctl/ike34.ok b/regress/sbin/ipsecctl/ike34.ok new file mode 100644 index 00000000000..45c129ad0db --- /dev/null +++ b/regress/sbin/ipsecctl/ike34.ok @@ -0,0 +1,20 @@ +C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force +C set [peer-1.2.3.4]:Phase=1 force +C set [peer-1.2.3.4]:Address=1.2.3.4 force +C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force +C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.2.3.4]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Phase=2 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:ISAKMP-peer=peer-1.2.3.4 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Configuration=qm-3ffe::1/24-10.1.2.0/24 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Local-ID=lid-3ffe::1/24 force +C set [IPsec-3ffe::1/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force +C set [qm-3ffe::1/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::1/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force +C set [lid-3ffe::1/24]:Network=3ffe::1 force +C set [lid-3ffe::1/24]:Netmask=255.255.255.0 force +C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [rid-10.1.2.0/24]:Network=10.1.2.0 force +C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-3ffe::1/24-10.1.2.0/24 diff --git a/regress/sbin/ipsecctl/ike35.in b/regress/sbin/ipsecctl/ike35.in new file mode 100644 index 00000000000..ff23b4ad183 --- /dev/null +++ b/regress/sbin/ipsecctl/ike35.in @@ -0,0 +1 @@ +ike from 10.1.2.0/24 to 3ffe::1/24 peer 1.2.3.4 diff --git a/regress/sbin/ipsecctl/ike35.ok b/regress/sbin/ipsecctl/ike35.ok new file mode 100644 index 00000000000..147cb9fa6ff --- /dev/null +++ b/regress/sbin/ipsecctl/ike35.ok @@ -0,0 +1,20 @@ +C set [Phase 1]:1.2.3.4=peer-1.2.3.4 force +C set [peer-1.2.3.4]:Phase=1 force +C set [peer-1.2.3.4]:Address=1.2.3.4 force +C set [peer-1.2.3.4]:Configuration=mm-1.2.3.4 force +C set [mm-1.2.3.4]:EXCHANGE_TYPE=ID_PROT force +C add [mm-1.2.3.4]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Phase=2 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:ISAKMP-peer=peer-1.2.3.4 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Configuration=qm-10.1.2.0/24-3ffe::1/24 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Local-ID=lid-10.1.2.0/24 force +C set [IPsec-10.1.2.0/24-3ffe::1/24]:Remote-ID=rid-3ffe::1/24 force +C set [qm-10.1.2.0/24-3ffe::1/24]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-10.1.2.0/24-3ffe::1/24]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force +C set [lid-10.1.2.0/24]:Network=10.1.2.0 force +C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force +C set [rid-3ffe::1/24]:ID-type=IPV6_ADDR_SUBNET force +C set [rid-3ffe::1/24]:Network=3ffe::1 force +C set [rid-3ffe::1/24]:Netmask=255.255.255.0 force +C add [Phase 2]:Connections=IPsec-10.1.2.0/24-3ffe::1/24 diff --git a/regress/sbin/ipsecctl/ike36.in b/regress/sbin/ipsecctl/ike36.in new file mode 100644 index 00000000000..ae00f247248 --- /dev/null +++ b/regress/sbin/ipsecctl/ike36.in @@ -0,0 +1 @@ +ike from 3ffe::3 to 3ffe::4 peer 3ffe::1 diff --git a/regress/sbin/ipsecctl/ike36.ok b/regress/sbin/ipsecctl/ike36.ok new file mode 100644 index 00000000000..1336ed16326 --- /dev/null +++ b/regress/sbin/ipsecctl/ike36.ok @@ -0,0 +1,18 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::3-3ffe::4]:Phase=2 force +C set [IPsec-3ffe::3-3ffe::4]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-3ffe::3-3ffe::4]:Configuration=qm-3ffe::3-3ffe::4 force +C set [IPsec-3ffe::3-3ffe::4]:Local-ID=lid-3ffe::3 force +C set [IPsec-3ffe::3-3ffe::4]:Remote-ID=rid-3ffe::4 force +C set [qm-3ffe::3-3ffe::4]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::3-3ffe::4]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::3]:ID-type=IPV6_ADDR force +C set [lid-3ffe::3]:Address=3ffe::3 force +C set [rid-3ffe::4]:ID-type=IPV6_ADDR force +C set [rid-3ffe::4]:Address=3ffe::4 force +C add [Phase 2]:Connections=IPsec-3ffe::3-3ffe::4 diff --git a/regress/sbin/ipsecctl/ike37.in b/regress/sbin/ipsecctl/ike37.in new file mode 100644 index 00000000000..dad86107c50 --- /dev/null +++ b/regress/sbin/ipsecctl/ike37.in @@ -0,0 +1,2 @@ +ike from 3ffe:1::/64 to 3ffe:2::/64 peer 3ffe::1 \ + srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de diff --git a/regress/sbin/ipsecctl/ike37.ok b/regress/sbin/ipsecctl/ike37.ok new file mode 100644 index 00000000000..7ad638ee1b4 --- /dev/null +++ b/regress/sbin/ipsecctl/ike37.ok @@ -0,0 +1,26 @@ +C set [Phase 1]:3ffe::1=peer-3ffe::1 force +C set [peer-3ffe::1]:Phase=1 force +C set [peer-3ffe::1]:Address=3ffe::1 force +C set [peer-3ffe::1]:Configuration=mm-3ffe::1 force +C set [mm-3ffe::1]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::1]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe::1]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=sharleena.as10.net force +C set [peer-3ffe::1]:Remote-ID=3ffe::1-ID force +C set [3ffe::1-ID]:ID-type=FQDN force +C set [3ffe::1-ID]:Name=faui31o.informatik.uni-erlangen.de force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::1 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force +C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [lid-3ffe:1::/64]:Network=3ffe:1:: force +C set [lid-3ffe:1::/64]:Netmask=255.255.255.255 force +C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [rid-3ffe:2::/64]:Network=3ffe:2:: force +C set [rid-3ffe:2::/64]:Netmask=255.255.255.255 force +C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64 diff --git a/regress/sbin/ipsecctl/ike38.in b/regress/sbin/ipsecctl/ike38.in new file mode 100644 index 00000000000..2f0968bc08b --- /dev/null +++ b/regress/sbin/ipsecctl/ike38.in @@ -0,0 +1,9 @@ +ike esp from 3ffe:1::/64 to 3ffe:2::/64 peer 3ffe::29 \ + main auth hmac-sha1 enc 3des group modp3072 \ + quick auth hmac-sha1 enc 3des group modp3072 \ + srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de +ike esp from 3ffe::51 to 3ffe::29 \ + main auth hmac-sha1 enc aes group modp3072 \ + quick auth hmac-sha2-256 enc aes group modp3072 \ + srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de + diff --git a/regress/sbin/ipsecctl/ike38.ok b/regress/sbin/ipsecctl/ike38.ok new file mode 100644 index 00000000000..9f8e3987a89 --- /dev/null +++ b/regress/sbin/ipsecctl/ike38.ok @@ -0,0 +1,50 @@ +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=3DES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe::29]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=sharleena.as10.net force +C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force +C set [3ffe::29-ID]:ID-type=FQDN force +C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force +C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-3DES-SHA-PFS-GRP15-SUITE force +C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [lid-3ffe:1::/64]:Network=3ffe:1:: force +C set [lid-3ffe:1::/64]:Netmask=255.255.255.255 force +C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [rid-3ffe:2::/64]:Network=3ffe:2:: force +C set [rid-3ffe:2::/64]:Netmask=255.255.255.255 force +C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64 +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [peer-3ffe::29]:ID=local-ID force +C set [local-ID]:ID-type=FQDN force +C set [local-ID]:Name=sharleena.as10.net force +C set [peer-3ffe::29]:Remote-ID=3ffe::29-ID force +C set [3ffe::29-ID]:ID-type=FQDN force +C set [3ffe::29-ID]:Name=faui31o.informatik.uni-erlangen.de force +C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force +C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force +C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force +C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::51]:ID-type=IPV6_ADDR force +C set [lid-3ffe::51]:Address=3ffe::51 force +C set [rid-3ffe::29]:ID-type=IPV6_ADDR force +C set [rid-3ffe::29]:Address=3ffe::29 force +C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29 diff --git a/regress/sbin/ipsecctl/ike39.in b/regress/sbin/ipsecctl/ike39.in new file mode 100644 index 00000000000..b1c9c036f45 --- /dev/null +++ b/regress/sbin/ipsecctl/ike39.in @@ -0,0 +1,2 @@ +ike from 3ffe:1::/64 to 3ffe:2::/64 peer 3ffe::29 +ike from 3ffe::51 to 3ffe::29 diff --git a/regress/sbin/ipsecctl/ike39.ok b/regress/sbin/ipsecctl/ike39.ok new file mode 100644 index 00000000000..0c29945db02 --- /dev/null +++ b/regress/sbin/ipsecctl/ike39.ok @@ -0,0 +1,38 @@ +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force +C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [lid-3ffe:1::/64]:Network=3ffe:1:: force +C set [lid-3ffe:1::/64]:Netmask=255.255.255.255 force +C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [rid-3ffe:2::/64]:Network=3ffe:2:: force +C set [rid-3ffe:2::/64]:Netmask=255.255.255.255 force +C add [Phase 2]:Connections=IPsec-3ffe:1::/64-3ffe:2::/64 +C set [Phase 1]:3ffe::29=peer-3ffe::29 force +C set [peer-3ffe::29]:Phase=1 force +C set [peer-3ffe::29]:Address=3ffe::29 force +C set [peer-3ffe::29]:Configuration=mm-3ffe::29 force +C set [mm-3ffe::29]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::29]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::51-3ffe::29]:Phase=2 force +C set [IPsec-3ffe::51-3ffe::29]:ISAKMP-peer=peer-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Configuration=qm-3ffe::51-3ffe::29 force +C set [IPsec-3ffe::51-3ffe::29]:Local-ID=lid-3ffe::51 force +C set [IPsec-3ffe::51-3ffe::29]:Remote-ID=rid-3ffe::29 force +C set [qm-3ffe::51-3ffe::29]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::51-3ffe::29]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::51]:ID-type=IPV6_ADDR force +C set [lid-3ffe::51]:Address=3ffe::51 force +C set [rid-3ffe::29]:ID-type=IPV6_ADDR force +C set [rid-3ffe::29]:Address=3ffe::29 force +C add [Phase 2]:Connections=IPsec-3ffe::51-3ffe::29 diff --git a/regress/sbin/ipsecctl/ike40.in b/regress/sbin/ipsecctl/ike40.in new file mode 100644 index 00000000000..a9d288e7b80 --- /dev/null +++ b/regress/sbin/ipsecctl/ike40.in @@ -0,0 +1,2 @@ +ike passive from 3ffe:1::/64 to 3ffe:2::/64 peer 3ffe::51 +ike passive from 3ffe::29 to 3ffe::51 diff --git a/regress/sbin/ipsecctl/ike40.ok b/regress/sbin/ipsecctl/ike40.ok new file mode 100644 index 00000000000..2df6a5e8590 --- /dev/null +++ b/regress/sbin/ipsecctl/ike40.ok @@ -0,0 +1,38 @@ +C set [Phase 1]:3ffe::51=peer-3ffe::51 force +C set [peer-3ffe::51]:Phase=1 force +C set [peer-3ffe::51]:Address=3ffe::51 force +C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force +C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::51]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Phase=2 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:ISAKMP-peer=peer-3ffe::51 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Configuration=qm-3ffe:1::/64-3ffe:2::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Local-ID=lid-3ffe:1::/64 force +C set [IPsec-3ffe:1::/64-3ffe:2::/64]:Remote-ID=rid-3ffe:2::/64 force +C set [qm-3ffe:1::/64-3ffe:2::/64]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe:1::/64-3ffe:2::/64]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe:1::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [lid-3ffe:1::/64]:Network=3ffe:1:: force +C set [lid-3ffe:1::/64]:Netmask=255.255.255.255 force +C set [rid-3ffe:2::/64]:ID-type=IPV6_ADDR_SUBNET force +C set [rid-3ffe:2::/64]:Network=3ffe:2:: force +C set [rid-3ffe:2::/64]:Netmask=255.255.255.255 force +C add [Phase 2]:Passive-Connections=IPsec-3ffe:1::/64-3ffe:2::/64 +C set [Phase 1]:3ffe::51=peer-3ffe::51 force +C set [peer-3ffe::51]:Phase=1 force +C set [peer-3ffe::51]:Address=3ffe::51 force +C set [peer-3ffe::51]:Configuration=mm-3ffe::51 force +C set [mm-3ffe::51]:EXCHANGE_TYPE=ID_PROT force +C add [mm-3ffe::51]:Transforms=AES-SHA-GRP15-RSA_SIG force +C set [IPsec-3ffe::29-3ffe::51]:Phase=2 force +C set [IPsec-3ffe::29-3ffe::51]:ISAKMP-peer=peer-3ffe::51 force +C set [IPsec-3ffe::29-3ffe::51]:Configuration=qm-3ffe::29-3ffe::51 force +C set [IPsec-3ffe::29-3ffe::51]:Local-ID=lid-3ffe::29 force +C set [IPsec-3ffe::29-3ffe::51]:Remote-ID=rid-3ffe::51 force +C set [qm-3ffe::29-3ffe::51]:EXCHANGE_TYPE=QUICK_MODE force +C set [qm-3ffe::29-3ffe::51]:Suites=QM-ESP-AES-SHA2-256-PFS-GRP15-SUITE force +C set [lid-3ffe::29]:ID-type=IPV6_ADDR force +C set [lid-3ffe::29]:Address=3ffe::29 force +C set [rid-3ffe::51]:ID-type=IPV6_ADDR force +C set [rid-3ffe::51]:Address=3ffe::51 force +C add [Phase 2]:Passive-Connections=IPsec-3ffe::29-3ffe::51 diff --git a/regress/sbin/ipsecctl/ikefail1.in b/regress/sbin/ipsecctl/ikefail1.in new file mode 100644 index 00000000000..bf4708d61ae --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail1.in @@ -0,0 +1 @@ +ike esp from 3ffe::1 to 1.1.1.1 diff --git a/regress/sbin/ipsecctl/ikefail1.ok b/regress/sbin/ipsecctl/ikefail1.ok new file mode 100644 index 00000000000..250d9f5726c --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail1.ok @@ -0,0 +1,2 @@ +stdin: 1: rule expands to no valid combination +ipsecctl: Syntax error in config file: ipsec rules not loaded diff --git a/regress/sbin/ipsecctl/ikefail2.in b/regress/sbin/ipsecctl/ikefail2.in new file mode 100644 index 00000000000..204fde1ed38 --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail2.in @@ -0,0 +1,2 @@ +ike from 3ffe::1 to any local 3ffe:3::2 peer 192.168.3.1 +ike from 3ffe::1 to any peer 3ffe:3::1 local 3ffe:3::2 diff --git a/regress/sbin/ipsecctl/ikefail2.ok b/regress/sbin/ipsecctl/ikefail2.ok new file mode 100644 index 00000000000..07eff6466ef --- /dev/null +++ b/regress/sbin/ipsecctl/ikefail2.ok @@ -0,0 +1,3 @@ +stdin: 1: src and dst addresses do not match +stdin: 2: src and dst addresses do not match +ipsecctl: Syntax error in config file: ipsec rules not loaded diff --git a/regress/sbin/ipsecctl/ipsec25.in b/regress/sbin/ipsecctl/ipsec25.in new file mode 100644 index 00000000000..09f71fe327d --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec25.in @@ -0,0 +1 @@ +flow from 3ffe::1 to 3ffe::2 diff --git a/regress/sbin/ipsecctl/ipsec25.ok b/regress/sbin/ipsecctl/ipsec25.ok new file mode 100644 index 00000000000..5ec14100134 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec25.ok @@ -0,0 +1,2 @@ +flow esp out from 3ffe::1 to 3ffe::2 peer 3ffe::2 type require +flow esp in from 3ffe::2 to 3ffe::1 peer 3ffe::2 type require diff --git a/regress/sbin/ipsecctl/ipsec26.in b/regress/sbin/ipsecctl/ipsec26.in new file mode 100644 index 00000000000..0745de15753 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec26.in @@ -0,0 +1,3 @@ +flow ah from 3ffe:1::1 to 3ffe:3::/24 peer 3ffe:2::1 \ + srcid host1.one.net \ + dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec26.ok b/regress/sbin/ipsecctl/ipsec26.ok new file mode 100644 index 00000000000..a168f06a77a --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec26.ok @@ -0,0 +1,2 @@ +flow ah out from 3ffe:1::1 to 3ffe:3::/24 peer 3ffe:2::1 srcid host1.one.net dstid host2.two.net type require +flow ah in from 3ffe:3::/24 to 3ffe:1::1 peer 3ffe:2::1 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec27.in b/regress/sbin/ipsecctl/ipsec27.in new file mode 100644 index 00000000000..8db230ebb82 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec27.in @@ -0,0 +1 @@ +flow ah from 3ffe::1 to 3ffe::2 srcid host1.one.net dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec27.ok b/regress/sbin/ipsecctl/ipsec27.ok new file mode 100644 index 00000000000..4b19ead6de0 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec27.ok @@ -0,0 +1,2 @@ +flow ah out from 3ffe::1 to 3ffe::2 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require +flow ah in from 3ffe::2 to 3ffe::1 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec28.in b/regress/sbin/ipsecctl/ipsec28.in new file mode 100644 index 00000000000..18cb2c9310d --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec28.in @@ -0,0 +1 @@ +flow ah from 3ffe::1 to 3ffe::2 diff --git a/regress/sbin/ipsecctl/ipsec28.ok b/regress/sbin/ipsecctl/ipsec28.ok new file mode 100644 index 00000000000..3d6c5cfc5d9 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec28.ok @@ -0,0 +1,2 @@ +flow ah out from 3ffe::1 to 3ffe::2 peer 3ffe::2 type require +flow ah in from 3ffe::2 to 3ffe::1 peer 3ffe::2 type require diff --git a/regress/sbin/ipsecctl/ipsec29.in b/regress/sbin/ipsecctl/ipsec29.in new file mode 100644 index 00000000000..e8fd843793a --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec29.in @@ -0,0 +1,6 @@ +flow esp out from 3ffe:1::/16 to 3ffe:2::/24 peer 3ffe::2 \ + srcid host1.one.net \ + dstid host2.two.net +flow esp in from 3ffe:1::/24 to 3ffe:2::/16 peer 3ffe::2 \ + srcid host1.one.net \ + dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec29.ok b/regress/sbin/ipsecctl/ipsec29.ok new file mode 100644 index 00000000000..d0409c7e521 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec29.ok @@ -0,0 +1,2 @@ +flow esp out from 3ffe:1::/16 to 3ffe:2::/24 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require +flow esp in from 3ffe:1::/24 to 3ffe:2::/16 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec30.in b/regress/sbin/ipsecctl/ipsec30.in new file mode 100644 index 00000000000..a25d79902e6 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec30.in @@ -0,0 +1,3 @@ +flow esp from 3ffe:1::/16 to 3ffe:3::/24 peer 3ffe::2 \ + srcid host1.one.net \ + dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec30.ok b/regress/sbin/ipsecctl/ipsec30.ok new file mode 100644 index 00000000000..9aeb0fa8a43 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec30.ok @@ -0,0 +1,2 @@ +flow esp out from 3ffe:1::/16 to 3ffe:3::/24 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require +flow esp in from 3ffe:3::/24 to 3ffe:1::/16 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec31.in b/regress/sbin/ipsecctl/ipsec31.in new file mode 100644 index 00000000000..1f2c089394a --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec31.in @@ -0,0 +1,3 @@ +flow esp from 3ffe:1::1 to 3ffe:3::/64 peer 3ffe:2::1 \ + srcid host1.one.net \ + dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec31.ok b/regress/sbin/ipsecctl/ipsec31.ok new file mode 100644 index 00000000000..6812f6f429e --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec31.ok @@ -0,0 +1,2 @@ +flow esp out from 3ffe:1::1 to 3ffe:3::/64 peer 3ffe:2::1 srcid host1.one.net dstid host2.two.net type require +flow esp in from 3ffe:3::/64 to 3ffe:1::1 peer 3ffe:2::1 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec32.in b/regress/sbin/ipsecctl/ipsec32.in new file mode 100644 index 00000000000..daf471754c7 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec32.in @@ -0,0 +1,3 @@ +flow ah from 3ffe:4::/16 to 3ff3:3::/24 peer 3ffe::2 \ + srcid host1.one.net \ + dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec32.ok b/regress/sbin/ipsecctl/ipsec32.ok new file mode 100644 index 00000000000..de29916cf18 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec32.ok @@ -0,0 +1,2 @@ +flow ah out from 3ffe:4::/16 to 3ff3:3::/24 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require +flow ah in from 3ff3:3::/24 to 3ffe:4::/16 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec33.in b/regress/sbin/ipsecctl/ipsec33.in new file mode 100644 index 00000000000..3a41dc084de --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec33.in @@ -0,0 +1,6 @@ +flow ah out from 3ffe:4::/16 to 3ffe:3::/24 peer 3ffe::2 \ + srcid host1.one.net \ + dstid host2.two.net +flow ah in from 3ffe:3::/24 to 3ffe:4::/16 peer 3ffe::2 \ + srcid host1.one.net \ + dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec33.ok b/regress/sbin/ipsecctl/ipsec33.ok new file mode 100644 index 00000000000..eb626f3beb0 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec33.ok @@ -0,0 +1,2 @@ +flow ah out from 3ffe:4::/16 to 3ffe:3::/24 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require +flow ah in from 3ffe:3::/24 to 3ffe:4::/16 peer 3ffe::2 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec34.in b/regress/sbin/ipsecctl/ipsec34.in new file mode 100644 index 00000000000..550d73a5251 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec34.in @@ -0,0 +1,14 @@ +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type use +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type use +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type require +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type require +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type acquire +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type acquire +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type dontacq +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type dontacq +flow esp out from 3ffe::3 to 3ffe::2 type bypass +flow esp in from 3ffe::2 to 3ffe::3 type bypass +flow esp out from 3ffe::3 to 3ffe::2 type deny +flow esp in from 3ffe::2 to 3ffe::3 type deny diff --git a/regress/sbin/ipsecctl/ipsec34.ok b/regress/sbin/ipsecctl/ipsec34.ok new file mode 100644 index 00000000000..229f2b04dfa --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec34.ok @@ -0,0 +1,14 @@ +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type require +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type require +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type use +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type use +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type require +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type require +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type acquire +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type acquire +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type dontacq +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type dontacq +flow esp out from 3ffe::3 to 3ffe::2 type bypass +flow esp in from 3ffe::2 to 3ffe::3 type bypass +flow esp out from 3ffe::3 to 3ffe::2 type deny +flow esp in from 3ffe::2 to 3ffe::3 type deny diff --git a/regress/sbin/ipsecctl/ipsec35.in b/regress/sbin/ipsecctl/ipsec35.in new file mode 100644 index 00000000000..e39a067f986 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec35.in @@ -0,0 +1 @@ +flow ipip out from :: to 3ffe:2::/24 peer 3ffe::1 diff --git a/regress/sbin/ipsecctl/ipsec35.ok b/regress/sbin/ipsecctl/ipsec35.ok new file mode 100644 index 00000000000..a95fc504494 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec35.ok @@ -0,0 +1 @@ +flow ipip out from :: to 3ffe:2::/24 peer 3ffe::1 type require diff --git a/regress/sbin/ipsecctl/ipsec36.in b/regress/sbin/ipsecctl/ipsec36.in new file mode 100644 index 00000000000..1bdaea71aca --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec36.in @@ -0,0 +1,2 @@ +flow esp from 3ffe:1::0/24 to 3ffe:2::/24 local 3ffe::1 peer 3ffe:100::1 +flow esp from 3ffe:1::0/24 to 3ffe:2::/24 peer 3ffe:100::1 local 3ffe::1 diff --git a/regress/sbin/ipsecctl/ipsec36.ok b/regress/sbin/ipsecctl/ipsec36.ok new file mode 100644 index 00000000000..9b02f0d2586 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec36.ok @@ -0,0 +1,4 @@ +flow esp out from 3ffe:1::/24 to 3ffe:2::/24 local 3ffe::1 peer 3ffe:100::1 type require +flow esp in from 3ffe:2::/24 to 3ffe:1::/24 local 3ffe::1 peer 3ffe:100::1 type require +flow esp out from 3ffe:1::/24 to 3ffe:2::/24 local 3ffe::1 peer 3ffe:100::1 type require +flow esp in from 3ffe:2::/24 to 3ffe:1::/24 local 3ffe::1 peer 3ffe:100::1 type require diff --git a/regress/sbin/ipsecctl/ipsec37.in b/regress/sbin/ipsecctl/ipsec37.in new file mode 100644 index 00000000000..1eefa3cea2c --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec37.in @@ -0,0 +1,5 @@ +a="3ffe:1::/24" +b="3ffe:2::/24" +l="3ffe::1" +p="3ffe:100::1" +flow esp from $a to $b local $l peer $p diff --git a/regress/sbin/ipsecctl/ipsec37.ok b/regress/sbin/ipsecctl/ipsec37.ok new file mode 100644 index 00000000000..9c0d83559ae --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec37.ok @@ -0,0 +1,6 @@ +a = "3ffe:1::/24" +b = "3ffe:2::/24" +l = "3ffe::1" +p = "3ffe:100::1" +flow esp out from 3ffe:1::/24 to 3ffe:2::/24 local 3ffe::1 peer 3ffe:100::1 type require +flow esp in from 3ffe:2::/24 to 3ffe:1::/24 local 3ffe::1 peer 3ffe:100::1 type require diff --git a/regress/sbin/ipsecctl/ipsec38.in b/regress/sbin/ipsecctl/ipsec38.in new file mode 100644 index 00000000000..7cc417a03ac --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec38.in @@ -0,0 +1 @@ +flow in from 3ffe:3::/24 to 3ffe:3::/24 type bypass diff --git a/regress/sbin/ipsecctl/ipsec38.ok b/regress/sbin/ipsecctl/ipsec38.ok new file mode 100644 index 00000000000..f7edb8de6d3 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec38.ok @@ -0,0 +1 @@ +flow esp in from 3ffe:3::/24 to 3ffe:3::/24 type bypass diff --git a/regress/sbin/ipsecctl/ipsec39.in b/regress/sbin/ipsecctl/ipsec39.in new file mode 100644 index 00000000000..fbe81ee3247 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec39.in @@ -0,0 +1 @@ +flow in from any to 3ffe:3::/24 type deny diff --git a/regress/sbin/ipsecctl/ipsec39.ok b/regress/sbin/ipsecctl/ipsec39.ok new file mode 100644 index 00000000000..331f92c49ed --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec39.ok @@ -0,0 +1 @@ +flow esp in from 0.0.0.0/0 to 3ffe:3::/24 type deny diff --git a/regress/sbin/ipsecctl/ipsec40.in b/regress/sbin/ipsecctl/ipsec40.in new file mode 100644 index 00000000000..d622820e13e --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec40.in @@ -0,0 +1,2 @@ +flow esp proto etherip from 3ffe:1::1 to 3ffe:1::2 +flow esp proto 97 from 3ffe:2::1 to 3ffe:3::1 diff --git a/regress/sbin/ipsecctl/ipsec40.ok b/regress/sbin/ipsecctl/ipsec40.ok new file mode 100644 index 00000000000..253aa3914d9 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec40.ok @@ -0,0 +1,4 @@ +flow esp out proto etherip from 3ffe:1::1 to 3ffe:1::2 peer 3ffe:1::2 type require +flow esp in proto etherip from 3ffe:1::2 to 3ffe:1::1 peer 3ffe:1::2 type require +flow esp out proto etherip from 3ffe:2::1 to 3ffe:3::1 peer 3ffe:3::1 type require +flow esp in proto etherip from 3ffe:3::1 to 3ffe:2::1 peer 3ffe:3::1 type require diff --git a/regress/sbin/ipsecctl/ipsec41.in b/regress/sbin/ipsecctl/ipsec41.in new file mode 100644 index 00000000000..f8b21d7c947 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec41.in @@ -0,0 +1,7 @@ +flow esp from 3ffe::3 to 3ffe::2 peer 3ffe::3 +flow esp from 3ffe::3 to 3ffe::2 peer 3ffe::3 type use +flow esp from 3ffe::3 to 3ffe::2 peer 3ffe::3 type require +flow esp from 3ffe::3 to 3ffe::2 peer 3ffe::3 type acquire +flow esp from 3ffe::3 to 3ffe::2 peer 3ffe::3 type dontacq +flow esp from 3ffe::3 to 3ffe::2 type bypass +flow esp from 3ffe::3 to 3ffe::2 type deny diff --git a/regress/sbin/ipsecctl/ipsec41.ok b/regress/sbin/ipsecctl/ipsec41.ok new file mode 100644 index 00000000000..229f2b04dfa --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec41.ok @@ -0,0 +1,14 @@ +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type require +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type require +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type use +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type use +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type require +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type require +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type acquire +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type acquire +flow esp out from 3ffe::3 to 3ffe::2 peer 3ffe::3 type dontacq +flow esp in from 3ffe::2 to 3ffe::3 peer 3ffe::3 type dontacq +flow esp out from 3ffe::3 to 3ffe::2 type bypass +flow esp in from 3ffe::2 to 3ffe::3 type bypass +flow esp out from 3ffe::3 to 3ffe::2 type deny +flow esp in from 3ffe::2 to 3ffe::3 type deny diff --git a/regress/sbin/ipsecctl/ipsec42.in b/regress/sbin/ipsecctl/ipsec42.in new file mode 100644 index 00000000000..5dd087d373d --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec42.in @@ -0,0 +1 @@ +flow esp from 3ffe:1::1 to 3ffe:2::1 diff --git a/regress/sbin/ipsecctl/ipsec42.ok b/regress/sbin/ipsecctl/ipsec42.ok new file mode 100644 index 00000000000..23b5f1bbbaa --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec42.ok @@ -0,0 +1,2 @@ +flow esp out from 3ffe:1::1 to 3ffe:2::1 peer 3ffe:2::1 type require +flow esp in from 3ffe:2::1 to 3ffe:1::1 peer 3ffe:2::1 type require diff --git a/regress/sbin/ipsecctl/ipsec43.in b/regress/sbin/ipsecctl/ipsec43.in new file mode 100644 index 00000000000..5fd71bd8af4 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec43.in @@ -0,0 +1 @@ +flow esp from 3ffe:1::1 to 3ffe:2::2 srcid host1.one.net dstid host2.two.net diff --git a/regress/sbin/ipsecctl/ipsec43.ok b/regress/sbin/ipsecctl/ipsec43.ok new file mode 100644 index 00000000000..d3a7f77aa3c --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec43.ok @@ -0,0 +1,2 @@ +flow esp out from 3ffe:1::1 to 3ffe:2::2 peer 3ffe:2::2 srcid host1.one.net dstid host2.two.net type require +flow esp in from 3ffe:2::2 to 3ffe:1::1 peer 3ffe:2::2 srcid host1.one.net dstid host2.two.net type require diff --git a/regress/sbin/ipsecctl/ipsec44.in b/regress/sbin/ipsecctl/ipsec44.in new file mode 100644 index 00000000000..9c16b19481a --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec44.in @@ -0,0 +1 @@ +flow esp from 3ffe:1::1 to 3ffe:3::/64 peer 3ffe:2::1 diff --git a/regress/sbin/ipsecctl/ipsec44.ok b/regress/sbin/ipsecctl/ipsec44.ok new file mode 100644 index 00000000000..94c64d5b81e --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec44.ok @@ -0,0 +1,2 @@ +flow esp out from 3ffe:1::1 to 3ffe:3::/64 peer 3ffe:2::1 type require +flow esp in from 3ffe:3::/64 to 3ffe:1::1 peer 3ffe:2::1 type require diff --git a/regress/sbin/ipsecctl/ipsec50.in b/regress/sbin/ipsecctl/ipsec50.in new file mode 100644 index 00000000000..abf4df1b51d --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec50.in @@ -0,0 +1 @@ +flow ah from 3ffe::1 to 3ffe:3::/24 peer 3ffe::2 diff --git a/regress/sbin/ipsecctl/ipsec50.ok b/regress/sbin/ipsecctl/ipsec50.ok new file mode 100644 index 00000000000..f3d7fc71331 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsec50.ok @@ -0,0 +1,2 @@ +flow ah out from 3ffe::1 to 3ffe:3::/24 peer 3ffe::2 type require +flow ah in from 3ffe:3::/24 to 3ffe::1 peer 3ffe::2 type require diff --git a/regress/sbin/ipsecctl/ipsecfail1.in b/regress/sbin/ipsecctl/ipsecfail1.in new file mode 100644 index 00000000000..d66603ff651 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsecfail1.in @@ -0,0 +1 @@ +flow esp from 3ffe:2::1 to any peer 3ffe::2 diff --git a/regress/sbin/ipsecctl/ipsecfail1.ok b/regress/sbin/ipsecctl/ipsecfail1.ok new file mode 100644 index 00000000000..250d9f5726c --- /dev/null +++ b/regress/sbin/ipsecctl/ipsecfail1.ok @@ -0,0 +1,2 @@ +stdin: 1: rule expands to no valid combination +ipsecctl: Syntax error in config file: ipsec rules not loaded diff --git a/regress/sbin/ipsecctl/ipsecfail2.in b/regress/sbin/ipsecctl/ipsecfail2.in new file mode 100644 index 00000000000..df5904574b9 --- /dev/null +++ b/regress/sbin/ipsecctl/ipsecfail2.in @@ -0,0 +1 @@ +flow from 3ffe::1 to 1.1.1.1 diff --git a/regress/sbin/ipsecctl/ipsecfail2.ok b/regress/sbin/ipsecctl/ipsecfail2.ok new file mode 100644 index 00000000000..250d9f5726c --- /dev/null +++ b/regress/sbin/ipsecctl/ipsecfail2.ok @@ -0,0 +1,2 @@ +stdin: 1: rule expands to no valid combination +ipsecctl: Syntax error in config file: ipsec rules not loaded |