From 5efa2d27dcf4637b008faf782b5e257b748b24c0 Mon Sep 17 00:00:00 2001 From: Ting Liu Date: Thu, 24 Jul 2014 15:48:17 +0800 Subject: ipsec-demo (scripts and configuration files) add recipe There are some ipsec demo scripts and configuration files for qoriq boards. add a recipe to hold them. Signed-off-by: Ting Liu --- .../ipsec-demo/ipsec-demo/test_setkey/README | 77 ++++++++++++++++++++++ .../test_setkey/auto_left.conf-3des-sha1-tunnel | 32 +++++++++ .../test_setkey/auto_right.conf-3des-sha1-tunnel | 31 +++++++++ .../ipsec-demo/ipsec-demo/test_setkey/flush-setkey | 4 ++ .../ipsec-demo/test_setkey/ipsec.conf.left | 29 ++++++++ .../ipsec-demo/test_setkey/ipsec.conf.right | 28 ++++++++ .../ipsec-demo/test_setkey/ipsec.secrets.left | 3 + .../ipsec-demo/test_setkey/ipsec.secrets.right | 8 +++ .../ipsec-demo/test_setkey/ipsec_ikev1.conf.left | 39 +++++++++++ .../ipsec-demo/test_setkey/ipsec_ikev1.conf.right | 34 ++++++++++ .../test_setkey/left.conf-3des-md5-transport | 23 +++++++ .../test_setkey/left.conf-3des-md5-tunnel | 42 ++++++++++++ .../test_setkey/left.conf-3des-sha1-transport | 22 +++++++ .../test_setkey/left.conf-3des-sha1-tunnel | 42 ++++++++++++ .../test_setkey/left.conf-3des-sha256-transport | 23 +++++++ .../test_setkey/left.conf-3des-sha256-tunnel | 42 ++++++++++++ .../test_setkey/left.conf-aes-md5-transport | 23 +++++++ .../test_setkey/left.conf-aes-md5-tunnel | 42 ++++++++++++ .../test_setkey/left.conf-aes-sha1-transport | 22 +++++++ .../test_setkey/left.conf-aes-sha1-tunnel | 42 ++++++++++++ .../test_setkey/left.conf-aes-sha256-transport | 23 +++++++ .../test_setkey/left.conf-aes-sha256-tunnel | 42 ++++++++++++ .../test_setkey/left.conf-null-null-transport | 23 +++++++ .../test_setkey/left.conf-null-null-tunnel | 42 ++++++++++++ .../ipsec-demo/ipsec-demo/test_setkey/left.ipv4 | 2 + .../ipsec-demo/ipsec-demo/test_setkey/moonCert.pem | 25 +++++++ .../ipsec-demo/ipsec-demo/test_setkey/moonKey.pem | 27 ++++++++ .../ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh | 19 ++++++ .../ipsec-demo/test_setkey/pingsizest.sh | 19 ++++++ .../ipsec-demo/ipsec-demo/test_setkey/psk.txt | 2 + .../ipsec-demo/ipsec-demo/test_setkey/racoon.conf | 22 +++++++ .../test_setkey/right.conf-3des-md5-transport | 23 +++++++ .../test_setkey/right.conf-3des-md5-tunnel | 42 ++++++++++++ .../test_setkey/right.conf-3des-sha1-transport | 22 +++++++ .../test_setkey/right.conf-3des-sha1-tunnel | 41 ++++++++++++ .../test_setkey/right.conf-3des-sha256-transport | 23 +++++++ .../test_setkey/right.conf-3des-sha256-tunnel | 42 ++++++++++++ .../test_setkey/right.conf-aes-md5-transport | 23 +++++++ .../test_setkey/right.conf-aes-md5-tunnel | 42 ++++++++++++ .../test_setkey/right.conf-aes-sha1-transport | 22 +++++++ .../test_setkey/right.conf-aes-sha1-tunnel | 41 ++++++++++++ .../test_setkey/right.conf-aes-sha256-transport | 23 +++++++ .../test_setkey/right.conf-aes-sha256-tunnel | 42 ++++++++++++ .../test_setkey/right.conf-null-null-transport | 23 +++++++ .../test_setkey/right.conf-null-null-tunnel | 42 ++++++++++++ .../ipsec-demo/ipsec-demo/test_setkey/right.ipv4 | 2 + .../ipsec-demo/ipsec-demo/test_setkey/setup | 47 +++++++++++++ .../ipsec-demo/ipsec-demo/test_setkey/setup_left | 13 ++++ .../ipsec-demo/ipsec-demo/test_setkey/setup_right | 13 ++++ .../ipsec-demo/test_setkey/strongswan.conf | 19 ++++++ .../ipsec-demo/test_setkey/strongswanCert.pem | 22 +++++++ .../ipsec-demo/test_setkey/strongswan_left | 10 +++ .../ipsec-demo/test_setkey/strongswan_right | 10 +++ .../ipsec-demo/ipsec-demo/test_setkey/sunCert.pem | 25 +++++++ .../ipsec-demo/ipsec-demo/test_setkey/sunKey.pem | 27 ++++++++ recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb | 25 +++++++ 56 files changed, 1518 insertions(+) create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left create mode 100755 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem create mode 100644 recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README new file mode 100644 index 0000000..9578982 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README @@ -0,0 +1,77 @@ +test_setkey script usage + +The scripts in this directory may be used for testing +native Linux IPsec with the talitos driver as a loadable module. + +It's assumed that these scripts have been placed in the directory +named /test_setkey. + +The scripts setup_left and setup_right configure the ip addresses +for two boards named 'left' and 'right', which are two gateways for +an IPsec tunnel. Connect the eth1 interfaces of left and right boards together. +For smartbits testing, connect eth0 on each board to a smartbits port. +For other testing (ping, netperf, iperf), connect eth0 on each board to another system. + +The scripts named left.conf-* and right.conf-* are setkey scripts +which configure the IPsec SA and SPD entries. +The scripts ending in -tunnel use tunnel mode IPsec, and the scripts +ending in -transport used transport mode IPsec. +Transport mode is useful for quickly testing security functionality +using ping or netperf between two boards. +Tunnel mode can be used for testing throughput using smartbits or other +performance test equipment. + +There is a top level script called 'setup' which +is used for a one-step setup on the left and right boards. +'setup' uses two or three parameters. The first parameter is the side, left or right. +The second parameter is the setkey suffix for the left.conf- and right.conf- files. +If the third parameter is supplied, the setup will modprobe that name, so +typically you should provide talitos as the third parameter if you want to load the driver. +If you have built the talitos driver into the kernel, omit the third parameter to setup. +You may test software encryption if talitos is built as a module and you omit the third parameter. + +Below are example uses of the 'setup' script. + +1) One-step setup for smartbits + Use a tunnel mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-tunnel talitos + Right side: + /test_setkey/setup right aes-sha1-tunnel talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-tunnel talitos + Right side: + /test_setkey/setup right 3des-sha1-tunnel talitos + +2) One-step setup for testing ping, netperf, or iperf between two boards. + Use a transport mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-transport talitos + Right side: + /test_setkey/setup right aes-sha1-transport talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-transport talitos + Right side: + /test_setkey/setup right 3des-sha1-transport talitos + +3) Testing ipv4 + To test ipv4 (with no security) over the two gateways, use steps below. + Testing ipv4 is helpful to get your smartbits configuration verified + and also establish a baseline performance for throughput. + + On the left board: + cd /test_setkey + ./setup_left + ./left.ipv4 + + On the right board: + cd /test_setkey + ./setup_right + ./right.ipv4 + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel new file mode 100755 index 0000000..6bd6c5d --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_left.conf-3des-sha1-tunnel @@ -0,0 +1,32 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel new file mode 100755 index 0000000..eebf307 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/auto_right.conf-3des-sha1-tunnel @@ -0,0 +1,31 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey new file mode 100755 index 0000000..0be3056 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/flush-setkey @@ -0,0 +1,4 @@ +#!/usr/sbin/setkey -f + +flush; +spdflush; diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left new file mode 100644 index 0000000..d9d6c0c --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.left @@ -0,0 +1,29 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="chd 2, knl 2" + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + type=tunnel + auth=esp + compress=no + mobike=no + +conn net-net + left=200.200.200.10 + leftsubnet=192.168.1.0/24 + leftcert=moonCert.pem + leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + leftfirewall=yes + right=200.200.200.20 + rightsubnet=192.168.2.0/24 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right new file mode 100644 index 0000000..c14dee2 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.conf.right @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + charondebug="chd 2, knl 2" + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + auth=esp + compress=no + mobike=no + +conn net-net + left=200.200.200.20 + leftcert=sunCert.pem + leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + leftsubnet=192.168.2.0/24 + leftfirewall=yes + right=200.200.200.10 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + rightsubnet=192.168.1.0/24 + auto=add diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left new file mode 100644 index 0000000..e86d6aa --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.left @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right new file mode 100644 index 0000000..1095b74 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec.secrets.right @@ -0,0 +1,8 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA sunKey.pem + + + + + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left new file mode 100644 index 0000000..55025db --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.left @@ -0,0 +1,39 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + left=200.200.200.10 + leftcert=moonCert.pem + leftid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + leftfirewall=yes + +conn net-net + left=%defaultroute + leftsubnet=192.168.1.0/24 + leftcert=moonCert.pem + right=200.200.200.20 + rightsubnet=192.168.2.0/24 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add + +conn host-host + left=%defaultroute + leftcert=moonCert.pem + right=200.200.200.20 + rightid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + auto=add + +conn rw + leftsubnet=192.168.1.0/24 + right=%any + auto=add diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right new file mode 100644 index 0000000..479791e --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/ipsec_ikev1.conf.right @@ -0,0 +1,34 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutodebug=control + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + left=200.200.200.20 + leftcert=sunCert.pem + leftid="C=CH, O=Linux strongSwan, CN=sun.strongswan.org" + leftfirewall=yes + +conn net-net + left=%defaultroute + leftsubnet=192.168.2.0/24 + leftcert=sunCert.pem + right=200.200.200.10 + rightsubnet=192.168.1.0/24 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + auto=add + +conn host-host + left=%defaultroute + leftcert=sunCert.pem + right=200.200.200.10 + rightid="C=CH, O=Linux strongSwan, CN=moon.strongswan.org" + auto=add diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport new file mode 100755 index 0000000..5422771 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel new file mode 100755 index 0000000..52bf9c3 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport new file mode 100755 index 0000000..e5ee005 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel new file mode 100755 index 0000000..eb2881d --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha1-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport new file mode 100755 index 0000000..b528632 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel new file mode 100755 index 0000000..e7726f0 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-3des-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport new file mode 100755 index 0000000..96f5783 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel new file mode 100755 index 0000000..b2cf84b --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport new file mode 100755 index 0000000..f3ffaf5 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel new file mode 100755 index 0000000..1ab7874 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha1-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport new file mode 100755 index 0000000..d2645d6 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel new file mode 100755 index 0000000..8ed697d --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-aes-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport new file mode 100755 index 0000000..84275d0 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.10 + +flush; +spdflush; + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E null + -A null; + + +spdadd 200.200.200.20 200.200.200.10 any -P in ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P out ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel new file mode 100755 index 0000000..478d14a --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.conf-null-null-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10) +# +# Security policies +spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E null + -A null; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 new file mode 100755 index 0000000..e219f2a --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/left.ipv4 @@ -0,0 +1,2 @@ +set -v +route add -net 192.168.2.0 netmask 255.255.255.0 gw 200.200.200.20 diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem new file mode 100644 index 0000000..d5c970f --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAwqgAwIBAgIBFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzEwMDMzMloXDTE0MDgyNjEwMDMzMlowRjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u +c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK +L2M91Lu6BYYhWxWgMS9z9TMSTwszm5rhO7ZIsCtMRo4PAeYw+++SGXt3CPXb/+p+ +SWKGlm11rPE71eQ3ehgh2C3hAurfmWO0iQQaCw+fdreeIVCqOQIOP6UqZ327h5yY +YpHk8VQv4vBJTpxclU1PqnWheqe1ZlLxsW773LRml/fQt/UgvJkCBTZZONLNMfK+ +7TDnYaVsAtncgvDN78nUNEe2qY92KK7SrBJ6SpUEg49m51F+XgsGcsgWVHS85on3 +Om/G48crLEVJjdu8CxewSRVgb+lPJWzHd8QsU0Vg/7vlqs3ZRMyNtNKrr4opSvVb +A6agGlTXhDCreDiXU8KHAgMBAAGjggEaMIIBFjAJBgNVHRMEAjAAMAsGA1UdDwQE +AwIDqDAdBgNVHQ4EFgQUapx00fiJeYn2WpTpifH6w2SdKS4wbQYDVR0jBGYwZIAU +XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK +ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC +AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzATBgNVHSUEDDAKBggr +BgEFBQcDATA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u +b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCctXg2xeMozaTV +jiBL1P8MY9uEH5JtU0EceQ1RbI5/2vGRdnECND9oADY5vamaaE2Mdq2Qh/vlXnML +o3ii5ELjsQlYdTYZOcMOdcUUXYvbbFX1cwpkBhyBl1H25KptHcgQ/HnceKp3kOuq +wYOYjgwePXulcpWXx0E2QtQCFQQZFPyEWeNJxH0oglg53QPXfHY9I2/Gukj5V0bz +p7ME0Gs8KdnYdmbbDqzQgPsta96/m+HoJlsrVF+4Gqihj6BWMBQ2ybjPWZdG3oH9 +25cE8v60Ry98D0Z/tygbAUFnh5oOvaf642paVgc3aoA77I8U+UZjECxISoiHultY +7QTufOwP +-----END CERTIFICATE----- diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem new file mode 100644 index 0000000..4d99866 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/moonKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyi9jPdS7ugWGIVsVoDEvc/UzEk8LM5ua4Tu2SLArTEaODwHm +MPvvkhl7dwj12//qfklihpZtdazxO9XkN3oYIdgt4QLq35ljtIkEGgsPn3a3niFQ +qjkCDj+lKmd9u4ecmGKR5PFUL+LwSU6cXJVNT6p1oXqntWZS8bFu+9y0Zpf30Lf1 +ILyZAgU2WTjSzTHyvu0w52GlbALZ3ILwze/J1DRHtqmPdiiu0qwSekqVBIOPZudR +fl4LBnLIFlR0vOaJ9zpvxuPHKyxFSY3bvAsXsEkVYG/pTyVsx3fELFNFYP+75arN +2UTMjbTSq6+KKUr1WwOmoBpU14Qwq3g4l1PChwIDAQABAoIBACBFB/Xqajv6fbn9 +K6pxrz02uXwGmacXAtVIDoPzejWmXS4QA4l17HrJDmelSnhelDKry8nnYHkTrTz7 +mn0wQ4HDWy86o/okJUG/TKRLd6bf79aRQqqohqd3iQkHk43GyzuXH+oGioVKF0fc +ACDWw4wfjL7FMNdHCZ4Bz9DrHO/ysHe9B6rvSYm3VZRhSxaneIkaLkkDadKpVx3f +XNFlMxY4qKPJYYSoJZ61iMqrO7+rnA93tmyDDs8PKU3BtnpfNrdePgleJHhk8Zqy +Ev2/NOCSUxbKE8NCtLpGTs+T0qjjnu4k3WPd3ZOBAan0uPDekHZeHB/aXGLhYcxx +J5SurqECgYEA+F1gppkER5Jtoaudt/CUpdQ1sR9wxf75VBqJ4FiYABGQz9xlG4oj +zL/o572s0iV3bwFpnQa+WuWrxGkP6ZuB/Z82npc0N/vLou/b4dxvg4n7K+eOOEf0 +8FMjsse2tqTIXKCqcmQnR0NPQ1jwuvEKsXP5w/JOlnRXAXnd4jxsJI0CgYEA0GaT +61ySttUW9jC3mxuY6jkQy8TEQqR3nOFvWwmCXIWOpN/MTTPus+Telxp/pdKhU+mo +PmX3Unyne5PvwleWDq3YzltX5ZDZGJ5UJlKuNnfGIzQ6OcHRbb7zBpQG6qSRPuug +bgo688hTnb1L59nK88zWVK45euf6pyuoI+SwIGMCgYEA7yvE8knyhBXvezuv0z1b +eGHmHp5/VDwY0DQKSEAoiBBiWrkLqLybgwXf/KJ8dZZc8En08aFX2GLJyYe/KiB1 +ys3ypEBJqgvRayP+o/9KZ+qNNRd0rqAksPXvL7ABNNt0kzapTSVDae3Yu6s/j1am +DIL5qAeERIDedG5uDPpQzdUCgYB7MtjpP63ABhLv8XbpbBQnCxtByw3W89F+Xcrt +v55gQdhE4cSuMzA/CuMH4vNpPS6AI9aBJNhj3CtKo/cOJachAGb1/wvkO5ALvLW0 +fhZdPstUTnDJain7vfF/hwzbs/PlhXgu9T9KlLfRvXFdG+Sd4g8mumRiozcLkoRw +y6XPTwKBgDJP+s9wXmdG90HST/aqC7FKrVXLpB63dY5swNUfQP6sa0pFnON0r0JC +h/YCsGFFIAebQ2uOkM3g3f9nkwTp7910ov+/5uThvRI2w2BBPy0mVuALPjyyF1Z2 +cb9zpyKiIuXoXRCf4sd8r1lR9bn0Fxx0Svpxf+fpMGSI5quHNBKY +-----END RSA PRIVATE KEY----- diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh new file mode 100755 index 0000000..faefb24 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizes.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# Usage: ./pingsizes.sh 1440 20 (or greater) +# + +PINGDEST=${PINGDEST:-200.200.200.10} +k=$1 +lim="$((k+$2))" +((k-=1)) +while [ "$k" != "$lim" ] ; do + echo -n "ping -s $((k+=1)) : " + ping -i 1000 -c 1 -s $k $PINGDEST | grep packets & + sleep 1 + PID=`ps -eaf | grep 'ping -i' | grep -v grep | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2` + if [ -n "$PID" ] ; then + echo "****************** killing $PID" + kill $PID > /dev/null + fi +done diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh new file mode 100755 index 0000000..d5ff0f7 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/pingsizest.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# +# Usage: ./pingsizes.sh 1440 20 (or greater) +# + +PINGDEST=${PINGDEST:-200.200.200.10} +k=$1 +lim="$((k+$2))" +((k-=1)) +while [ "$k" != "$lim" ] ; do + echo ping -s $((k+=1)) + ping -i 1000 -c 1 -s $k $PINGDEST & + sleep 1 + PID=`ps -eaf | grep 'ping -i' | sed 's/[ ][ ]*/ /g' | cut -d " " -f 2` + if [ -n "$PID" ] ; then + echo "****************** killing $PID" + kill $PID + fi +done diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt new file mode 100644 index 0000000..46c1ff4 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/psk.txt @@ -0,0 +1,2 @@ +200.200.200.20 secretkeyracoon +200.200.200.10 secretkeyracoon diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf new file mode 100644 index 0000000..cf561f5 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/racoon.conf @@ -0,0 +1,22 @@ +path pre_shared_key "/test_setkey/psk.txt" ; + + remote anonymous + { + exchange_mode main ; + lifetime time 1 hour ; + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method pre_shared_key ; + dh_group 2 ; + } + } + + sainfo anonymous + { + pfs_group 2; + lifetime time 1 hour ; + encryption_algorithm 3des ; + authentication_algorithm hmac_sha1 ; + compression_algorithm deflate ; + } diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport new file mode 100755 index 0000000..7f82fb4 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel new file mode 100755 index 0000000..5a75257 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport new file mode 100755 index 0000000..6ef885d --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +# Security policies +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel new file mode 100755 index 0000000..16c3157 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha1-tunnel @@ -0,0 +1,41 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport new file mode 100755 index 0000000..b977209 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel new file mode 100755 index 0000000..e7c5b4e --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-3des-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport new file mode 100755 index 0000000..5d55d00 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel new file mode 100755 index 0000000..f49bd54 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-md5-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-md5 authentication using 128 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-md5 0xd5f603abc8cd9d19319ca32fb955b10f; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-md5 0x1dd90b4c32dcbe9d37b555a23df5170e; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport new file mode 100755 index 0000000..d9c65a4 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-transport @@ -0,0 +1,22 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + +# Security policies +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel new file mode 100755 index 0000000..1f10136 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha1-tunnel @@ -0,0 +1,41 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies + +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha1 authentication using 160 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha1 0xe9c43acd5e8d779b6e09c87347852708ab49bdd3; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha1 0xea6856479330dc9c17b8f6c37e2a895363d83f21; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport new file mode 100755 index 0000000..817a8bd --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel new file mode 100755 index 0000000..9bca18f --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-aes-sha256-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board A setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity) +# and hmac-sha2-256 authentication using 256 bit long keys +add 200.200.200.10 200.200.200.20 esp 0x10513 -m tunnel + -E aes-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 + -A hmac-sha2-256 0x4de03bebf6beb4fdef5a67d349a09580466cc4e54503333b2a5fd34538c91198; + +add 200.200.200.20 200.200.200.10 esp 0x10514 -m tunnel + -E aes-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df + -A hmac-sha2-256 0x5e01eb780b7ecc074ca2ca4fa4a5ea2ff841c977da0ce61c49d1fe767ea5452c; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport new file mode 100755 index 0000000..26dfe2e --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-transport @@ -0,0 +1,23 @@ +#!/usr/sbin/setkey -f +#I am 200.200.200.20 + +flush; +spdflush; + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x10513 + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x10514 + -E null + -A null; + + +spdadd 200.200.200.20 200.200.200.10 any -P out ipsec + esp/transport//require; + +spdadd 200.200.200.10 200.200.200.20 any -P in ipsec + esp/transport//require; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel new file mode 100755 index 0000000..bc4f38e --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.conf-null-null-tunnel @@ -0,0 +1,42 @@ +#!/usr/sbin/setkey -f +# +# +# Example ESP Tunnel for VPN. +# +# ========= ESP ========= +# | | +# Network-A Gateway-A Gateway-B Network-B +# 192.168.1.0/24 ---- 200.200.200.10 ------ 200.200.200.20 ---- 192.168.2.0/24 +# +# ====== 83xx board A ====== ===== 83xx board B ===== +# | | | | +# eth0 eth1 eth1 eth0 +# 192.168.1.130 200.200.200.10 200.200.200.20 192.168.2.130 +# +# +# Board B setup +# +# Flush the SAD and SPD +flush; +spdflush; + +# I am gateway B (eth0:192.168.2.130, eth1:200.200.200.20) +# +# Security policies +spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec + esp/tunnel/200.200.200.20-200.200.200.10/require; + +spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec + esp/tunnel/200.200.200.10-200.200.200.20/require; + + +# ESP SAs doing null encryption +# and null authentication +add 200.200.200.10 200.200.200.20 esp 0x201 -m tunnel + -E null + -A null; + +add 200.200.200.20 200.200.200.10 esp 0x301 -m tunnel + -E null + -A null; + diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 new file mode 100755 index 0000000..67cd1b2 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/right.ipv4 @@ -0,0 +1,2 @@ +set -v +route add -net 192.168.1.0 netmask 255.255.255.0 gw 200.200.200.10 diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup new file mode 100755 index 0000000..9e6fa7f --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup @@ -0,0 +1,47 @@ +# setup - quick setup for left or right side of ipsec test +# see README for example use. + +SCRIPT_HOME=/test_setkey/ +cd $SCRIPT_HOME + +export PATH=$SCRIPT_HOME:$PATH + +if [ "$1" != "left" -a "$1" != "right" ] ; then + echo "Usage: $0 side [config] [driver]" + echo " where side is either left or right." + echo " where config is either" + echo " aes-sha1-tunnel (default)" + echo " or 3des-sha1-tunnel" + echo " if driver is supplied, script does 'modprobe driver'" + exit 1 +fi + +SIDE=$1 +POLICY_CFG=$SIDE.conf +DEFAULT_POLICY=aes-sha1-tunnel + +if [ -n "$2" ] ; then + POLICY=$2 +else + POLICY=$DEFAULT_POLICY +fi + +SETKEY_FILE=$POLICY_CFG-$POLICY + +if [ ! -f $SETKEY_FILE ] ; then + echo "Missing setkey command file: $SETKEY_FILE" + exit 1 +fi + +# modprobe any driver name given as last parameter +if [ -n "$3" ] ; then + modprobe $3 +fi + +SETUP_CMD_FILE=./setup_$SIDE +. $SETUP_CMD_FILE + +$SETKEY_FILE + +setkey -D +setkey -D -P diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left new file mode 100755 index 0000000..da76909 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_left @@ -0,0 +1,13 @@ +# board on left setup +set -v +ifconfig eth0 down +ifconfig eth0 hw ether 00:04:9F:11:22:33 +ifconfig eth0 192.168.1.130 netmask 255.255.255.0 +ifconfig eth0 up +ifconfig eth1 down +ifconfig eth1 hw ether 00:E0:0C:00:7D:FD +ifconfig eth1 200.200.200.10 netmask 255.255.255.0 +ifconfig eth1 up +arp -s 192.168.1.21 00:00:00:00:00:01 +route add default dev eth1 +echo 1 > /proc/sys/net/ipv4/ip_forward diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right new file mode 100755 index 0000000..f0e333e --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/setup_right @@ -0,0 +1,13 @@ +# board on right setup +set -v +ifconfig eth0 down +ifconfig eth0 hw ether 00:E0:0C:00:01:FD +ifconfig eth0 192.168.2.130 netmask 255.255.255.0 +ifconfig eth0 up +ifconfig eth1 down +ifconfig eth1 hw ether 00:E0:0C:00:00:FD +ifconfig eth1 200.200.200.20 netmask 255.255.255.0 +ifconfig eth1 up +arp -s 192.168.2.21 00:00:00:00:00:02 +route add default dev eth1 +echo 1 > /proc/sys/net/ipv4/ip_forward diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf new file mode 100644 index 0000000..1701f4a --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan.conf @@ -0,0 +1,19 @@ +# strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-raw updown + multiple_authentication = no +} + +pluto { + + # plugins to load in pluto + #load = aes des sha1 md5 sha2 hmac gmp random pubkey + +} + +libstrongswan { + + # set to no, the DH exponent size is optimized + # dh_exponent_ansi_x9_42 = no +} diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem new file mode 100644 index 0000000..0865ad2 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswanCert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u +Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y +X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f +FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc +4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/ +7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5 +gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr +K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG +A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j +BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw +FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv +b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in +Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n +1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y +vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si +7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa +Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w= +-----END CERTIFICATE----- diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left new file mode 100755 index 0000000..e55c3e4 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_left @@ -0,0 +1,10 @@ +#strongswan on left board +set -v +cp -rf ipsec.conf.left /etc/ipsec.conf +cp -rf ipsec.secrets.left /etc/ipsec.secrets +cp -rf strongswan.conf /etc/ +cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/ +cp -rf moonCert.pem /etc/ipsec.d/certs/ +mkdir /etc/ipsec.d/private +cp -rf sunKey.pem /etc/ipsec.d/private/ +cp -rf moonKey.pem /etc/ipsec.d/private/ diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right new file mode 100755 index 0000000..bcdbb73 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/strongswan_right @@ -0,0 +1,10 @@ +#strongswan on left board +set -v +cp -rf ipsec.conf.right /etc/ipsec.conf +cp -rf ipsec.secrets.right /etc/ipsec.secrets +cp -rf strongswan.conf /etc/ +cp -rf strongswanCert.pem /etc/ipsec.d/cacerts/ +cp -rf sunCert.pem /etc/ipsec.d/certs/ +mkdir /etc/ipsec.d/private +cp -rf sunKey.pem /etc/ipsec.d/private/ +cp -rf moonKey.pem /etc/ipsec.d/private/ diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem new file mode 100644 index 0000000..d0937ba --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunCert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTA5MDgyNzA5NTkwNFoXDTE0MDgyNjA5NTkwNFowRTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN1bi5z +dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+V +VIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqqrQ3X917h7YNsSk68 +oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5mimv/prYj6o0yawxoPjoDs9Y +h7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/4 +9YuxQ59DemY9IRbwsrKCHH0mGrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4 +e0da1ntPCEQLeE833+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb +8WNzRWB8Egh3BDK6FsECAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgOoMB0GA1UdDgQWBBRW1p4v2qihzRlcI1PnxbZwluML+zBtBgNVHSMEZjBkgBRd +p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT +EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB +ADAdBgNVHREEFjAUghJzdW4uc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y +Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAo37LYT9Awx0MK/nA +FZpPJqUr0Ey+O5Ukcsdx7nd00SlmpiQRY8KmuRXCBQnDEgdLstd3slQjT0pJEgWF +0pzxybnI6eOzYAhLfhart+X1hURiNGbXjggm2s4I5+K32bVIkNEqlsYnd/6F9oo5 +ZNO0/eTTruLZfkNe/zchBGKe/Z7MacVwlYWWCbMtBV4K1d5dGcRRgpQ9WivDlmat +Nh9wlscDSgSGk3HJkbxnq695VN7zUbDWAUvWWhV5bIDjlAR/xyT9ApqIxiyVVRul +fYrE7U05Hbt6GgAroAKLp6qJup9+TxQAKSjKIwJ0hf7OuYyQ8TZtVHS7AOhm+T/5 +G/jGGA== +-----END CERTIFICATE----- diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem new file mode 100644 index 0000000..d8fad9a --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/sunKey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA35VUimfpDmNpT/8Q3qnoDlxJ9R+EErSYVraVoUVmH9jSHroB +eqqtDdf3XuHtg2xKTryijBj2H0jeA7HuE1UGwmvZWN1gL5vSrk1OFrT38DmaKa/+ +mtiPqjTJrDGg+OgOz1iHsPsp/4Xx+SCTSy2Ucllfront02sVduDXEGV34Snk6vYV +sRn1BZSlFBO6F2k23/j1i7FDn0N6Zj0hFvCysoIcfSYasmwN2p5vRqn7xC9JceMK +3V+v0w0pZoAUBAspAjh7R1rWe08IRAt4Tzff401EGAa5+TQqoZPd4BeqvFr0AQhQ +mdVw97FB2pQyNxSlcVvxY3NFYHwSCHcEMroWwQIDAQABAoIBADH51hjN2zk9HVgl +QmcTAWzcUie5cLMhrP+M9mtC8O3jcCwwFY6OwfnbMU8DHy0GMqHg5lB8b99UUVPw +HLAzjDw/ESkc6pgZs4EEhJTsxJLsvTnePgHssEgyXnXf7gRVEqJkPohfy+Zy0UCH +eIUQXiMlOQ7xg7iDMhwNa+UdWSt539DztSKilQn2xdPZjFnMT0/prvl4NA/8Zn54 +/SdWDq5yRdLWb6EK1V7yJ3687GXR1jzGtgy7TXuncUJVTYgX7RdP1Tn6gWD8YAQ/ +RfT0DdWYm4WHSgSb9/NW8lBZH2yy3hg+lNgofXEvTfBkO5QyW31LIr0tCV6zhJIc +Y9MxaKUCgYEA9sktaXfhPLe0ECjdeQEOq5EKuDrCviSKCOuAV4BDSOsdw6+5LWfY +Vb/oke8N70lL3RCblcj1pOKWUi2O/SpEJdDRduiw2gM9cXt3/bChSTHC4TsIxxN/ +Db9OGg72kZ4sRY5Au+zyAAQYBwXhFWux194Jk5qK0JblNG9J5QMqZDcCgYEA5+5h +BgHUMEO+pdME5lAiSc5PcNTejpA6j+OikCh4/HFXy3C/dLx+Cs1+egw64c8iVaIv +NEo7n7E9I0e3XqanPRXhMnBRrP+39OVsWPmZ18Li2Hi84KwJyi8Y11l3XJOqaYpF +wMVUuZpxR0dfG5k/5GwT/tEkmQBglOgG3m2zUMcCgYEA4m3Vd9ahV5dp5AXKpzKc +JjiPMFfhxJo7+FEz0ZUCp03qYljBu/Jy4MKS/grrqyiCLdQGHNlk4SNxLvdUId78 +5gGBnuuDEJU2dAAIKUE9yq2YlBUZSacOxStI2snt28/X6P3LUWHm7LLU5OS1D3Vf +mKPF/6MlSJuas5CEqVZNN+MCgYBH9Qh7IaQgmVQUBKVXg3Mv7OduvUyTdKIGtHxi +N3xZ7hxsDP4JjNWaKmlcGmFGX8pqQRheI83d3NJ4GK8GmbP3Wst0p65fezMqsudr +r30QmPFicgs/tYCQDw6o+aPzwAi2F+VOSqrfrtAIaldSq7hL+VA21dKB+cD9UgOX +jPd+TwKBgQCbKeg2QNS2qhPIG9eaqJDROuxmxb/07d7OBctgMgxVvKhqW9hW42Sy +gJ59fyz5QjFBaSfcOdf4gkKyEawVo45/q6ymIQU37R4vF4CW9Z3CfaIbwJp7LcHV +zH07so/HNsZua6GWCSCLJU5MeCRiZzk2RFiS9KIaLP4gZndv4lXOiQ== +-----END RSA PRIVATE KEY----- diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb new file mode 100644 index 0000000..5607060 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo_0.1.bb @@ -0,0 +1,25 @@ +SUMMARY = "Scripts and configuration files for ipsec demo" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +RDEPENDS_${PN} = "ipsec-tools" + +inherit allarch + +SRC_URI = "file://test_setkey" + +do_configure() { + : +} + +do_compile() { + : +} + +do_install(){ + install -d ${D}${datadir} + cp -a ${WORKDIR}/test_setkey ${D}${datadir}/ +} + +FILES_${PN} = "${datadir}/*" + -- cgit v1.2.3-54-g00ecf