3 # A collection of whack sequences to test Pluto.
4 # Generally, we command the west Pluto to negotiate with east.
5 # Sometimes north and south come into play.
9 WESTHOST="--host $WESTIP --ikeport $IKEPORT"
10 WESTNET="$WESTHOST --client $WESTSUBNET"
12 EASTHOST="--host $EASTIP --ikeport $IKEPORT"
13 EASTNET="$EASTHOST --client $EASTSUBNET"
15 ANYHOST="--host %any --ikeport $IKEPORT"
16 OPPO="--host %opportunistic --ikeport $IKEPORT"
18 WESTWHACK="../whack --ctlbase ./pluto.west"
19 EASTWHACK="../whack --ctlbase ./pluto.east"
21 TIMES="--rekeymargin 350 --ikelifetime 900 --ipseclifetime 800"
22 TIMES0="$TIMES --keyingtries 0"
23 TIMES1="$TIMES --keyingtries 1"
24 TIMES2="$TIMES --keyingtries 2"
34 perform $WESTWHACK "$@"
38 perform $EASTWHACK "$@"
42 perform $WESTWHACK "$@"
43 perform $EASTWHACK "$@"
51 kall) both --keyid 127.95.7.2 --pubkeyrsa 0sAQOeSJscIy2XZHfs+PODDqdgJR2FmdfRNqzURVL5q2fesMHmibMLPM5cTPx2HvYKBX3YyB+BdHoojmFNixV+RTrKyyN0Og4PYwhdw0FUApDvOg7KYe1CeLUeTAUzT5Pq7MdclRW5bYY84hXSfKgaPwPTwuiLKEnVdbhGgwxqwfQ6ow==
52 both --keyid @east.example.com --pubkeyrsa 0sAQNWmttqbM8nIypsHEULynOagFyV1MQ+/1yF5sa32abxBb2fimah7NsHM9l/KpNo7RGtiP0L6triedsZ0xz1Maa4DPnZlrtexu5uIH+FH34SUr7Xe2RcHnLVOznHMzacgcjrOUvV/nA9OEGvm7vRsMAWm/VjNuNugogFreiYEpFMQQ==
53 both --keyid 127.95.7.3 --pubkeyrsa 0sAQN4JFU9gRnG336z1n1cV2LA6ACi1TjXfv3pvl6DRqa6uqBFM9RO4oArPc6FsBkBwEmMr8cpeFn4mVaepVe63qnvmQbGXVcRwhx0a509M824HjnyM04Xpoh2UuP/Mhnkm1cynunRuyGqXaZhlj4s+GbcOxPXhopz94wer+Qs/qvGqw==
54 both --keyid @north.example.com --pubkeyrsa 0sAQN4JFU9gRnG336z1n1cV2LA6ACi1TjXfv3pvl6DRqa6uqBFM9RO4oArPc6FsBkBwEmMr8cpeFn4mVaepVe63qnvmQbGXVcRwhx0a509M824HjnyM04Xpoh2UuP/Mhnkm1cynunRuyGqXaZhlj4s+GbcOxPXhopz94wer+Qs/qvGqw==
55 both --keyid 127.95.7.4 --pubkeyrsa 0sAQOKe6+kbDtp4PB8NZshjCBw8z5wuGCAddokgSDATW47tNmQhUvzlnT1ia1ZsyiRFph1LJkz+A0bkbOhPr1vWUJHK6/s+Y8Rf7GSZC0Fi5Fr4DgpWwswzFaLl4baRfeu8z4k147dtSoG4K/6UfQ+IbqML5lwm92uRqONszbn/PDDPQ==
56 both --keyid @south.example.com --pubkeyrsa 0sAQOKe6+kbDtp4PB8NZshjCBw8z5wuGCAddokgSDATW47tNmQhUvzlnT1ia1ZsyiRFph1LJkz+A0bkbOhPr1vWUJHK6/s+Y8Rf7GSZC0Fi5Fr4DgpWwswzFaLl4baRfeu8z4k147dtSoG4K/6UfQ+IbqML5lwm92uRqONszbn/PDDPQ==
57 both --keyid 127.95.7.1 --pubkeyrsa 0sAQOOyFBeFFr9CWXgn1aOEvTr98HG4inSckTXlyYi5x85G+Q1+PZ/roqB3OtnRS2XbXFb3n92QjZMJ403wQUwMAt6uzXzXDle5VvFn7cVXq3ch0jqQUxIFcdIIFR2wtkxvAr20xSOHNF/ozmKVZLkrHLu4RvVCCbSNa5toqLXblkcOQ==
58 both --keyid @west.example.com --pubkeyrsa 0sAQOFtqrs57eghHmYREoCu1iGn4kXd+a6yT7wCFUk54d9i08mR4h5uFKPhc9fq78XNqz1AhrBH3SRcWAfJ8DaeGvZ0ZvCrTQZn+RJzX1FQ4fjuGBO0eup2XUMsYDw01PFzQ9O4qlwly6niOcMTxvbWgGcl+3DYfRvHgxet8kNtfqzHQ==
60 shutdown) both --shutdown
65 # "isakmp": ISAKMP SA only; PSK or RSA
67 disakmp-psk) both --name isakmp-psk --psk $EASTHOST --to $WESTHOST $TIMES2 ;;
68 xisakmp-psk) me --name isakmp-psk --initiate ;;
70 disakmp-rsa) both --name isakmp-rsa --rsa $EASTHOST --to $WESTHOST $TIMES2 ;;
71 xisakmp-rsa) me --name isakmp-rsa --initiate ;;
75 dipsec-psk) both --name ipsec-psk --delete --psk \
76 --updown silly $EASTNET --to --updown sally $WESTNET \
77 --authenticate --encrypt --pfs $TIMES2
80 me --name ipsec-psk --initiate
83 dipsec-rsa) both --name ipsec-rsa --delete --rsa \
84 --updown silly $EASTNET --to --updown sally $WESTNET \
85 --authenticate --encrypt --pfs $TIMES2
88 me --name ipsec-rsa --initiate
91 # like dipsec-rsa, except compression is specified
92 dipsec-rsa-c) both --name ipsec-rsa-c --delete --rsa \
93 --updown silly $EASTNET --to --updown sally $WESTNET \
94 --authenticate --encrypt --compress $TIMES2
97 me --name ipsec-rsa-c --initiate
103 me --name ipsec-psk-rw --delete --psk \
104 --updown sally $WESTNET \
105 --to --updown silly $EASTNET \
107 him --name ipsec-psk-rw --delete --psk \
108 --updown silly $ANYHOST \
109 --client $WESTSUBNET \
110 --to --updown sally $EASTNET --nexthop %direct \
114 me --name ipsec-psk-rw --initiate
118 me --name ipsec-rsa-rw --delete --rsa \
119 --updown sally $WESTNET \
120 --to --updown silly $EASTNET \
122 him --name ipsec-rsa-rw --delete --rsa \
123 --updown silly $ANYHOST \
124 --client $WESTSUBNET \
125 --to --updown sally $EASTNET --nexthop %direct \
129 me --name ipsec-rsa-rw --initiate
133 # --pfs and --rsa required
137 me --name ipsec-oppo-me --delete --rsa --pfs \
138 --updown sally $WESTHOST --nexthop %direct \
139 --to --updown silly $OPPO \
142 me --name ipsec-oppo-mine --delete --rsa --pfs \
143 --updown sally $WESTNET --nexthop %direct \
144 --to --updown silly $OPPO \
147 him --name ipsec-oppo-me --delete --rsa --pfs \
148 --updown silly $OPPO \
149 --to --updown sally $EASTHOST --nexthop %direct \
152 him --name ipsec-oppo-mine --delete --rsa --pfs \
153 --updown silly $OPPO \
154 --to --updown sally $EASTNET --nexthop %direct \
159 me --oppohere $WESTIP --oppothere $EASTIP
162 me --oppohere $WESTIP --oppothere $TRURO
165 me --oppohere $VANCOUVER --oppothere $EASTIP
168 me --oppohere $VICTORIA --oppothere $ANTIGONISH
170 # whack error: 0.0.0.0 or 0::0 isn't a valid client address "0.0.0.0"
171 # me --oppohere 0.0.0.0 --oppothere $ANTIGONISH
173 # whack error: 0.0.0.0 or 0::0 isn't a valid client address "0.0.0.0"
174 # me --oppohere $VICTORIA --oppothere 0.0.0.0
176 # 033 no suitable connection for opportunism between 127.95.7.22 and 127.95.7.10 with 127.95.7.1 as peer
177 me --oppohere $ANTIGONISH --oppothere $VICTORIA
179 # 033 Can't Opportunistically initiate for 127.95.7.10 to 127.95.7.23: no host 23.7.95.127.in-addr.arpa. for TXT record
180 me --oppohere $VICTORIA --oppothere $ATLANTIS
182 # Responder says: "ipsec-oppo-me" 127.95.7.1 0.0.0.0/32 #1: gateway 127.95.7.1 claims client 127.95.7.8, but DNS for client fails to confirm: no host 8.7.95.127.in-addr.arpa. for TXT record
183 # Initiator slowly times out.
184 # me --oppohere $VANISHED --oppothere $ANTIGONISH
187 # stipple: test opportunism by trying a bunch of targets
189 dstipple-serial|dstipple-parallel)
191 me --name ipsec-oppo-me --delete --rsa --pfs \
192 --updown sally $WESTHOST --nexthop %direct \
193 --to --updown silly $OPPO \
199 while expr $n > 0 >/dev/null
202 me --oppohere $WESTIP --oppothere $a
209 while expr $n > 0 >/dev/null
212 me --oppohere $WESTIP --oppothere $a &
218 echo "$0: $i unknown"