Table of Contents

StrongSwan Tests.............................................................................................................................1 SETUP:....................................................................................................................................1 Basic PFKEY tests .................................................................................................................2 Basic IKEv2 tests ...................................................................................................................2 Basic SA Timeout tests ..........................................................................................................2 Strongswan PFKEY regression ..............................................................................................3 Strongswan IKEv2 regression.................................................................................................4

StrongSwan Tests
SETUP:
Setup-1:
X86- 1 ----------------| | Host-A | ------------------------| -A | ESP | -B X86-2 -------------------------| | Host-B | | -----------------

(eth1) |< --->|(eth1) GW-A (eth0)|<=====> |(eth0) GW-B (eth1)|<--->| (eth1) ----------------------------------------tunnel ---------------------- -------------------

10.1.0.10 <---->10.1.0.1

192.168.0.1<======>192.168.0.2

10.2.0.1<---->10.2.0.10

Setup-2:
X86-4 -------------------------| HOST-D | ====== > |(eth0) | || ---------------------- --X86- 3 || 192.168.0.2 ----------------------------------------|| -------------------------| Host-C | | -C | -----------| GW-A | | (eth1) |< --->|(eth1) GW-A (eth0)|<=||SWITCH||==> |(eth0) | ------------------------------------------------------------------------- --10.1.0.10 <---->10.1.0.1 192.168.0.1 || 192.168.0.2 || X86-5 || -------------------------|| | HOST-E | =====> | (eth0) | ---------------------- --192.168.0.3

Basic PFKEY tests

Test pfkey/host2host-transport: Description An IPsec transport-mode connection between the hosts GW-A and GW2 is successfully set up. And test the host-to-host connection GW-A pings GW-B. Test pfkey/net2net-route: Description A tunnel that will connect the subnets behind the gateways GW-A and GW-B, respectively, is preconfigured by installing a %trap eroute on gateway GW-A by means of the setting auto=route in ipsec.conf. A subsequent ping issued by client Host-A behind gateway GW-A to Host-B located behind gateway GW-B triggers the %trap eroute and leads to the automatic establishment of the subnet-to-subnet tunnel.

Basic IKEv2 tests

Test ikev2/host2host-transport: Description An IPsec transport-mode connection between the hosts GW-A and GW-B is successfully set up. And test the host-to-host connection GW-A pings GW-B. Test ikev2/net2net-route: Description A tunnel that will connect the subnets behind the gateways GW-A and GW-B, respectively, is preconfigured by installing a %trap eroute on gateway GW-A by means of the setting auto=route in ipsec.conf. A subsequent ping issued by client Host-A behind gateway GW-A to Host-B located behind gateway GW-B triggers the %trap eroute and leads to the automatic establishment of the subnet-to-subnet tunnel.

Basic SA Timeout tests

Test ikev2/sa timeout: Description This scenario tests exchange of SA's with expiry of ikelifetime. Decrease GW-A and GW-B

ikelifetime's values. And send continues ping from GW-A to GW-B verify the proper exchange of SA's in with ikelifetime expiry. Test ikev2/reauth-late Description This scenario tests repeated authentication according to RFC 4478. The iniator Host-D sets a short ikelifetime=20m but the responder GW-A defining a much larger ikelifetime=30s proposes this value via an AUTH_LIFETIME notification to the initiator. The initatior ignores this notification and schedules the IKE reauthentication within the shorter interval of 30s. A ping from Host-D to client Host-A hiding in the subnet behind GW-A tests if the CHILD_SA has been inherited by the new IKE_SA. Test ikev2/reauth-early Description This scenario tests repeated authentication according to RFC 4478. The iniator Host-Dl sets a large ikelifetime=20m but the responder GW-A defining a much shorter ikelifetime=30s proposes this value via an AUTH_LIFETIME notification to the initiator. Thus the IKE reauthentication takes places after less than 30s. A ping from Host-D to client Host-A hiding in the subnet behind GW-A tests if the CHILD_SA has been inherited by the new IKE_SA.

Strongswan PFKEY regression

Test pfkey/alg-aes-xcbc: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_128 / AES_XCBC_96 by defining esp=aes128-aesxcbc-modp2048! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-D to Host-A successfully checks the established tunnel. Test pfkey/alg-sha384: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_192 / HMAC_SHA2_384_192 by defining esp=aes192-sha384-modp3072! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-D to Host-A successfully checks the established tunnel. Test pfkey/alg-sha512: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_256 / HMAC_SHA2_512_256 by defining esp=aes256-sha512-modp4096! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-D to Host-A successfully checks the established tunnel.

Test pfkey/esp-alg-null: Description Host-D proposes to gateway GW-A the ESP cipher suite NULL/HMAC_SHA1_96 by defining esp=null-sha1 in ipsec.conf. A ping from Host-D to Host-A successfully checks the established tunnel.

Test pfkey/protoport-dual: Description Using the left|rightprotoport selectors, two IPsec tunnels between the Host-D and the gateway GW-A are defined. The first IPsec SA is restricted to ICMP packets and the second covers TCP-based SSH connections. The established tunnels are tested by Host-D by first pinging Host-A behind GW-A and then setting up an SSH session to the same client. Test pfkey/protoport-route: Description Using the left|rightprotoport selectors, two IPsec tunnels between the Host-D and the gateway GW-A are defined. The first IPsec SA is restricted to ICMP packets and the second covers TCP-based SSH connections. Using add=route %trap eroutes for these IPsec SAs are prepared on Host-D. By sending a ping to the client Host-A behind GW-A, the ICMP eroute is triggered and the corresponding IPsec tunnel is set up. In the same way an ssh session to Host-A over the second IPsec SA is established. Test pfkey/shunt-policies Description All traffic from the clients Host-D and Host-E is tunneled by default gateway GW-B to VPN gateway GW-A. In order to prevent local traffic within the 10.2.0.0/16 subnet to enter the tunnel, a local-net shunt policy with type=pass is set up. In order for the shunt to work, automatic route insertion must be disabled by adding install_routes = no to the charon section of strongswan.conf. In order to demonstrate the use of type=drop shunt policies, the Host-E-icmp connection prevents ICMP traffic to and from Host-E to use the IPsec tunnel by dropping such packets. Since this policy does not apply to the local net, Host-E and GW-A can still ping each other.

Strongswan IKEv2 regression

Test ikev2/after-2038-certs: Description

Host-D sets up a connection to gateway GW-A. The authentication is based on X.509 certificates that are valid until the year 2039 and are issued by a certification authority with a root ca certificate valid until the year 2059. On 32-bit platforms, dates after Jan 19 03:14:07 UTC 2038 cannot by represented by the time_t data type. Thus if a time wrap-around occurs during ASN.1 to time_t conversions, dates contained in the certificates are set to the maximum value, i.e. to Jan 19 03:14:07 UTC 2038. Host-D ping the client Host-A behind the gateway GW-A. Test ikev2/alg-3des-md5: Description Host-D proposes to gateway GW-A the ESP cipher suite 3DES_CBC / HMAC_MD5_96 by defining esp=3des-md5-modp1024! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/alg-aes-ccm: Description Host-D proposes to gateway GW-A the cipher suite AES_CCM_12_128 both for IKE and ESP by defining ike=aes128ccm12-aesxcbc-modp2048 (or alternatively aes128ccm96) and esp=aes128ccm12-modp2048 in ipsec.conf, respectively. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/alg-aes-ctr: Description Host-D proposes to gateway GW-A the cipher suite AES_CTR_128 both for IKE and ESP by defining ike=aes128ctr-aesxcbc-modp2048 and esp=aes128ctr-aesxcbc-modp2048 in ipsec.conf, respectively. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/alg-aes-gcm: Description Host-D proposes to gateway GW-A the cipher suite AES_GCM_16_256 both for IKE and ESP by defining ike=aes256gcm16-aesxcbc-modp2048 (or alternatively aes256gcm128) and esp=aes256gcm16-modp2048 in ipsec.conf, respectively. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/alg-aes-xcbc: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_128 / AES_XCBC_96 by defining esp=aes128-aesxcbc-modp2048! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/alg-blowfish:

Description Host-D and Host-E set up a connection each to gateway GW-A using Blowfish for both IKE and ESP encryption. In order to test both tunnel, both Host-D and Host-E ping the client Host-A behind the gateway GW-A. Test ikev2/alg-sha256: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_128 / HMAC_SHA2_256_128 by defining esp=aes128-sha256-modp2048! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-Dto Host-A successfully checks the established tunnel. Test ikev2/alg-sha256-96: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_128 / HMAC_SHA2_256_96 which uses 96 bit instead of the standard 128 bit truncation, allowing compatibility with Linux kernels older than 2.6.33 by defining esp=aes128-sha256_96-modp2048! in ipsec.conf. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/alg-sha384: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_192 / HMAC_SHA2_384_192 by defining esp=aes192-sha384-modp3072! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/alg-sha512: Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_256 / HMAC_SHA2_512_256 by defining esp=aes256-sha512-modp4096! in ipsec.conf. The same cipher suite is used for IKE. A ping from Host-D to Host-A successfully checks the established tunnel.

Test ikev2/config-payload: Description Host-D and Host-E set up a connection each to gateway GW-A. Both Host-D and Host-E request a virtual IP via the IKEv2 configuration payload by using the leftsourceip=%config parameter. In order to test the tunnels, Host-D and Host-E then ping the client Host-A behind the gateway GW-A. The source IP addresses of the two pings will be the virtual IPs Host-D and Host-E, respectively. Test ikev2/critical-extension: Description A connection between the subnet's behind the gateways GW-A and GW-B is set up. The authentication is based on X.509 certificates which contain a critical but unsupported 'strongSwan'

extension. Whereas GW-A ignores unsupported critical extensions by setting libstrongswan.x509.enforce_critical = no in strongswan.conf, GW-B discards such certificates and aborts the connection setup. Test ikev2/default-keys Description Because of the missing /etc/ipsec.secrets file, Host-D and gateway GW-A each automatically generate a PKCS#1 RSA private key and a self-signed X.509 certificate. Because the UML testing environment does not offer enough entropy, the non-blocking /dev/urandom device is used in place of /dev/random for generating the random primes. The self-signed certificates are then distributed to the peers via scp and are used to set up a connection initiated by Host-D Test ikev2/dpd-clear: Description The Host-D sets up an IPsec tunnel connection to the gateway GW-A which in turn activates Dead Peer Detection (DPD) with a polling interval of 10 s. When the network connectivity between Host-D and GW-A is forcefully disrupted, GW-A clears the connection after 4 unsuccessful retransmits. Test ikev2/dpd-hold: Description The Host-D sets up an IPsec tunnel connection to the gateway GW-A. Both end points activate Dead Peer Detection (DPD) with a polling interval of 10 s. When the network connectivity between Host-D and GW-A is forcefully disrupted for a duration of 100 s, GW-A clears the connection after 4 unsuccessful retransmits whereas Host-D also takes down the connection but installs a route which triggers when Host-D sends a ping to client Host-A behind gateway GW-A. Test ikev2/dpd-restart Description The Host-D sets up an IPsec tunnel connection to the gateway GW-A. Both end points activate Dead Peer Detection (DPD) with a polling interval of 10 s. When the network connectivity between Host-D and GW-A is forcefully disrupted for a duration of 100 s, GW-A clears the connection after 4 unsuccessful retransmits whereas Host-D also takes down the connection but immediately tries to reconnect which succeeds as soon as the connection becomes available again. Test ikev2/esp-alg-aes-gmac Description Host-D proposes to gateway GW-A the authentication-only ESP cipher suite NULL_AES_GMAC_256 by defining esp=aes256gmac-modp2048! in ipsec.conf. A ping from HostD to Host-A successfully checks the established tunnel. Test ikev2/esp-alg-md5-128 Description

Host-D proposes to gateway GW-A the ESP cipher suite 3DES_CBC / HMAC_MD5_128 by defining esp=3des-md5_128! in ipsec.conf. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/esp-alg-sha1-160 Description Host-D proposes to gateway GW-A the ESP cipher suite AES_CBC_128 / HMAC_SHA1_160 by defining esp=aes128-sha1_160! in ipsec.conf. A ping from Host-D to Host-A successfully checks the established tunnel. Test ikev2/inactivity-timeout Description Host-D establishes an IPsec tunnel to gateway GW-A and sets an inactivity timeout of 10 seconds. Thus after 10 seconds of inactivity the CHILD_SA is automatically deleted by Host-D. Test ikev2/net2net-cert Description A connection between the subnets behind the gateways GW-A and GW-B is set up. The authentication is based on X.509 certificates. Upon the successful establishment of the IPsec tunnel. In order to test both tunnel, client Host-A behind gateway GW-A pings client Host-B located behind gateway GW-B. Test ikev2/net2net-esn Description A connection between the subnets behind the gateways GW-A and GW-B is set up. With esp=aes128sha1-esn-noesn! gateway GW-A proposes the use of Extended Sequence Numbers but can also live without them. Gateway GW-B defines esp=aes128-sha1-esn! and thus decides on the use of ESN. Upon the successful establishment of the CHILD SA with ESN, client Host-A behind gateway GW-A pings client Host-B located behind gateway GW-B 10 times. Test ikev2/net2net-psk Description A connection between the subnets behind the gateways GW-A and GW-B is set up. The authentication is based on Preshared Keys (PSK). Upon the successful establishment of the IPsec tunnel let pass the tunneled traffic. In order to test the tunnel, client Host-A behind gateway GW-A pings client Host-B located behind gateway GW-B. Test ikev2/net2net-psk-fail Description A connection between the gateways GW-A and GW-B is set up. The authentication is based on

Preshared Keys (PSK), but gateway GW-A uses a wrong PSK. Therefore the connection setup is aborted by gateway GW-B by sending an AUTHENTICATION_FAILED notify error. Test ikev2/net2net-psk-dscp Description In order to support Differentiated Services (DiffServ), two parallel IPsec connections between the subnets behind the gateways GW-A and GW-B are set up. Using XFRM marks one IPsec SA is designated for Best Effort (BE) traffic and the second SA for Expedited Forwarding (EF) traffic. The authentication is based on a pre-shared key (PSK). In order to guarantee that the CHILD_SA with the correct mark is selected on the responder side, each CHILD_SA is bound to an IKE_SA of its own with a distinct IKEv2 ID but sharing the same PSK. Upon the successful establishment of the IPsec tunnel, let pass the tunneled traffic. In order to test tunnel, client Host-A behind gateway GW-A pings client Host-B located behind gateway GW-B. Test ikev2/net2net-pubkey Description A connection between the subnets behind the gateways GW-A and GW-B is set up. The authentication is based on raw RSA keys loaded in PKCS#1 format. Upon the successful establishment of the IPsec tunnel, let pass the tunneled traffic. To test the tunnel, client Host-A behind gateway GW-A pings client Host-B located behind gateway GW-B. Test ikev2/net2net-rfc3779 Description A connection between the subnets behind the gateways GW-A and GW-B is set up. The authentication is based on X.509 certificates containing RFC 3779 IP address block constraints. Both GW-A and GW-B set rightsubnet=0.0.0.0/0 thus allowing the peers to narrow down the address range to their actual subnets 10.1.0.0/16 and 10.2.0.0/16, respectively. These unilaterally proposed traffic selectors must be validated by corresponding IP address block constraints. Upon the successful establishment of the IPsec tunnel, let pass the tunneled traffic. In order to test the tunnel, client Host-A behind gateway GW-A pings client Host-B located behind gateway GW-B. Test ikev2/net2net-rsa Description A connection between the subnets behind the gateways GW-A and GW-B is set up. The authentication is based on raw RSA keys in Base64-encoded RFC 3110 DNSKEY format. Upon the successful establishment of the IPsec tunnel, tunnel pass the traffic. In order to test the tunnel, client Host-A behind gateway GW-A pings client Host-B located behind gateway GW-B. Test ikev2/net2net-start

Description A tunnel connecting the subnets behind the gateways GW-A and GW-B, respectively, is automatically established by means of the setting auto=start in ipsec.conf. The connection is tested by client Host-A behind gateway GW-A pinging the client Host-B located behind gateway GW-B. Tunnel can pass the traffic. Test ikev2/protoport-route Description Using the left|rightprotoport selectors, two IPsec tunnels between the Host-D and the gateway GW-A are defined. The first IPsec SA is restricted to ICMP packets and the second covers TCP-based SSH connections. Using add=route %trap eroutes for these IPsec SAs are prepared on Host-D. By sending a ping to the client Host-A behind GW-A, the ICMP eroute is triggered and the corresponding IPsec tunnel is set up. In the same way an ssh session to Host-A over the second IPsec SA is established.