summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--regress/sbin/ipsecctl/ike1.in1
-rw-r--r--regress/sbin/ipsecctl/ike1.ok15
-rw-r--r--regress/sbin/ipsecctl/ike2.in1
-rw-r--r--regress/sbin/ipsecctl/ike2.ok17
-rw-r--r--regress/sbin/ipsecctl/ike3.in2
-rw-r--r--regress/sbin/ipsecctl/ike3.ok21
-rw-r--r--regress/sbin/ipsecctl/ike4.in2
-rw-r--r--regress/sbin/ipsecctl/ike4.ok23
-rw-r--r--regress/sbin/ipsecctl/ike5.in8
-rw-r--r--regress/sbin/ipsecctl/ike5.ok50
-rw-r--r--regress/sbin/ipsecctl/ike6.in2
-rw-r--r--regress/sbin/ipsecctl/ike6.ok32
-rw-r--r--regress/sbin/ipsecctl/ike7.in2
-rw-r--r--regress/sbin/ipsecctl/ike7.ok30
14 files changed, 206 insertions, 0 deletions
diff --git a/regress/sbin/ipsecctl/ike1.in b/regress/sbin/ipsecctl/ike1.in
new file mode 100644
index 00000000000..c627e0e9f7d
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike1.in
@@ -0,0 +1 @@
+ike from 131.188.33.51 to 131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike1.ok b/regress/sbin/ipsecctl/ike1.ok
new file mode 100644
index 00000000000..428815b3f94
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike1.ok
@@ -0,0 +1,15 @@
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [lid-131.188.33.51]:Address=131.188.33.51 force
+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [rid-131.188.33.29]:Address=131.188.33.29 force
+t IPsec-131.188.33.51-131.188.33.29
+c IPsec-131.188.33.51-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike2.in b/regress/sbin/ipsecctl/ike2.in
new file mode 100644
index 00000000000..8e67139c336
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike2.in
@@ -0,0 +1 @@
+ike from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike2.ok b/regress/sbin/ipsecctl/ike2.ok
new file mode 100644
index 00000000000..8e7b78b2a3a
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike2.ok
@@ -0,0 +1,17 @@
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
+t IPsec-10.1.1.0/24-10.1.2.0/24
+c IPsec-10.1.1.0/24-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike3.in b/regress/sbin/ipsecctl/ike3.in
new file mode 100644
index 00000000000..4dec756edfb
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike3.in
@@ -0,0 +1,2 @@
+ike from 131.188.33.51 to 131.188.33.29 \
+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de
diff --git a/regress/sbin/ipsecctl/ike3.ok b/regress/sbin/ipsecctl/ike3.ok
new file mode 100644
index 00000000000..934da8754e9
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike3.ok
@@ -0,0 +1,21 @@
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [peer-131.188.33.29]:ID=local-ID force
+C set [local-ID]:ID-type=FQDN force
+C set [local-ID]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
+C set [131.188.33.29-ID]:ID-type=FQDN force
+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [lid-131.188.33.51]:Address=131.188.33.51 force
+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [rid-131.188.33.29]:Address=131.188.33.29 force
+t IPsec-131.188.33.51-131.188.33.29
+c IPsec-131.188.33.51-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike4.in b/regress/sbin/ipsecctl/ike4.in
new file mode 100644
index 00000000000..3bd0446aaa7
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike4.in
@@ -0,0 +1,2 @@
+ike from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29 \
+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de
diff --git a/regress/sbin/ipsecctl/ike4.ok b/regress/sbin/ipsecctl/ike4.ok
new file mode 100644
index 00000000000..b4a9fb8da43
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike4.ok
@@ -0,0 +1,23 @@
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [peer-131.188.33.29]:ID=local-ID force
+C set [local-ID]:ID-type=FQDN force
+C set [local-ID]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
+C set [131.188.33.29-ID]:ID-type=FQDN force
+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
+t IPsec-10.1.1.0/24-10.1.2.0/24
+c IPsec-10.1.1.0/24-10.1.2.0/24
diff --git a/regress/sbin/ipsecctl/ike5.in b/regress/sbin/ipsecctl/ike5.in
new file mode 100644
index 00000000000..b46ddc016a7
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike5.in
@@ -0,0 +1,8 @@
+ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29 \
+ main auth sha1 enc 3des \
+ quick auth hmac-sha1 enc 3des \
+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de
+ike esp from 131.188.33.51 to 131.188.33.29 \
+ main auth sha1 enc aes \
+ quick auth hmac-sha2-256 enc aes \
+ srcid sharleena.as10.net dstid faui31o.informatik.uni-erlangen.de
diff --git a/regress/sbin/ipsecctl/ike5.ok b/regress/sbin/ipsecctl/ike5.ok
new file mode 100644
index 00000000000..4eaef03431b
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike5.ok
@@ -0,0 +1,50 @@
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
+C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-131.188.33.29]:Transforms=3DES-SHA-RSA_SIG
+C set [peer-131.188.33.29]:ID=local-ID force
+C set [local-ID]:ID-type=FQDN force
+C set [local-ID]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
+C set [131.188.33.29-ID]:ID-type=FQDN force
+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-3DES-SHA-PFS-SUITE force
+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
+t IPsec-10.1.1.0/24-10.1.2.0/24
+c IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [peer-131.188.33.29]:Configuration=mm-131.188.33.29 force
+C set [mm-131.188.33.29]:EXCHANGE_TYPE=ID_PROT force
+C add [mm-131.188.33.29]:Transforms=AES-SHA-RSA_SIG
+C set [peer-131.188.33.29]:ID=local-ID force
+C set [local-ID]:ID-type=FQDN force
+C set [local-ID]:Name=sharleena.as10.net force
+C set [peer-131.188.33.29]:Remote-ID=131.188.33.29-ID force
+C set [131.188.33.29-ID]:ID-type=FQDN force
+C set [131.188.33.29-ID]:Name=faui31o.informatik.uni-erlangen.de force
+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [lid-131.188.33.51]:Address=131.188.33.51 force
+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [rid-131.188.33.29]:Address=131.188.33.29 force
+t IPsec-131.188.33.51-131.188.33.29
+c IPsec-131.188.33.51-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike6.in b/regress/sbin/ipsecctl/ike6.in
new file mode 100644
index 00000000000..9ae17618490
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike6.in
@@ -0,0 +1,2 @@
+ike from 10.1.1.0/24 to 10.1.2.0/24 peer 131.188.33.29
+ike from 131.188.33.51 to 131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike6.ok b/regress/sbin/ipsecctl/ike6.ok
new file mode 100644
index 00000000000..938fa5334b7
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike6.ok
@@ -0,0 +1,32 @@
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Phase=2 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Configuration=qm-10.1.1.0/24-10.1.2.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Local-ID=lid-10.1.1.0/24 force
+C set [IPsec-10.1.1.0/24-10.1.2.0/24]:Remote-ID=rid-10.1.2.0/24 force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-10.1.1.0/24-10.1.2.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-10.1.1.0/24]:Network=10.1.1.0 force
+C set [lid-10.1.1.0/24]:Netmask=255.255.255.0 force
+C set [rid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-10.1.2.0/24]:Network=10.1.2.0 force
+C set [rid-10.1.2.0/24]:Netmask=255.255.255.0 force
+t IPsec-10.1.1.0/24-10.1.2.0/24
+c IPsec-10.1.1.0/24-10.1.2.0/24
+C set [peer-131.188.33.29]:Phase=1 force
+C set [peer-131.188.33.29]:Address=131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Phase=2 force
+C set [IPsec-131.188.33.51-131.188.33.29]:ISAKMP-peer=peer-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Configuration=qm-131.188.33.51-131.188.33.29 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Local-ID=lid-131.188.33.51 force
+C set [IPsec-131.188.33.51-131.188.33.29]:Remote-ID=rid-131.188.33.29 force
+C set [qm-131.188.33.51-131.188.33.29]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-131.188.33.51-131.188.33.29]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [lid-131.188.33.51]:Address=131.188.33.51 force
+C set [rid-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [rid-131.188.33.29]:Address=131.188.33.29 force
+t IPsec-131.188.33.51-131.188.33.29
+c IPsec-131.188.33.51-131.188.33.29
diff --git a/regress/sbin/ipsecctl/ike7.in b/regress/sbin/ipsecctl/ike7.in
new file mode 100644
index 00000000000..90197b85e6c
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike7.in
@@ -0,0 +1,2 @@
+ike passive from 10.1.2.0/24 to 10.1.1.0/24 peer 131.188.33.51
+ike passive from 131.188.33.29 to 131.188.33.51
diff --git a/regress/sbin/ipsecctl/ike7.ok b/regress/sbin/ipsecctl/ike7.ok
new file mode 100644
index 00000000000..c2c19614781
--- /dev/null
+++ b/regress/sbin/ipsecctl/ike7.ok
@@ -0,0 +1,30 @@
+C set [peer-131.188.33.51]:Phase=1 force
+C set [peer-131.188.33.51]:Address=131.188.33.51 force
+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Phase=2 force
+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:ISAKMP-peer=peer-131.188.33.51 force
+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Configuration=qm-10.1.2.0/24-10.1.1.0/24 force
+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Local-ID=lid-10.1.2.0/24 force
+C set [IPsec-10.1.2.0/24-10.1.1.0/24]:Remote-ID=rid-10.1.1.0/24 force
+C set [qm-10.1.2.0/24-10.1.1.0/24]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-10.1.2.0/24-10.1.1.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [lid-10.1.2.0/24]:Network=10.1.2.0 force
+C set [lid-10.1.2.0/24]:Netmask=255.255.255.0 force
+C set [rid-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
+C set [rid-10.1.1.0/24]:Network=10.1.1.0 force
+C set [rid-10.1.1.0/24]:Netmask=255.255.255.0 force
+C add [Phase 2]:Passive-Connections=IPsec-10.1.2.0/24-10.1.1.0/24
+C set [peer-131.188.33.51]:Phase=1 force
+C set [peer-131.188.33.51]:Address=131.188.33.51 force
+C set [IPsec-131.188.33.29-131.188.33.51]:Phase=2 force
+C set [IPsec-131.188.33.29-131.188.33.51]:ISAKMP-peer=peer-131.188.33.51 force
+C set [IPsec-131.188.33.29-131.188.33.51]:Configuration=qm-131.188.33.29-131.188.33.51 force
+C set [IPsec-131.188.33.29-131.188.33.51]:Local-ID=lid-131.188.33.29 force
+C set [IPsec-131.188.33.29-131.188.33.51]:Remote-ID=rid-131.188.33.51 force
+C set [qm-131.188.33.29-131.188.33.51]:EXCHANGE_TYPE=QUICK_MODE force
+C set [qm-131.188.33.29-131.188.33.51]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force
+C set [lid-131.188.33.29]:ID-type=IPV4_ADDR force
+C set [lid-131.188.33.29]:Address=131.188.33.29 force
+C set [rid-131.188.33.51]:ID-type=IPV4_ADDR force
+C set [rid-131.188.33.51]:Address=131.188.33.51 force
+C add [Phase 2]:Passive-Connections=IPsec-131.188.33.29-131.188.33.51