Giter Site home page Giter Site logo

opnsense_ipsec_testsuite's Introduction

IPsec test scenario's

Base configuration

The test setup consists of two machines, both having a LAN and an OPT1 interface. Firewall should either be disabled or passing all traffic on both.

Machine A

Interfaces -> LAN -> Addresses:

  • 192.168.111.1/24
  • 192.168.113.1/24
  • fc00::1/128

Interfaces -> OPT1 -> Addresses:

  • 192.168.2.3/24
  • fc00::2:3/112

Machine B

Interfaces -> LAN -> Addresses: 192.168.112.1/24 192.168.114.1/24 fc00::2/128

Interfaces -> OPT1 -> Addresses: 192.168.2.4/24 fc00::2:4/112

Directory structure

For all tests performed we collected the following relevant configuration data:

  • config.[a|b].xml --> relevant configuration data for this test, depending on settings explained in "Base configuration"
  • ipsec.[a|b].conf --> ipsec.conf generated on 22.7.4
  • swanctl.[a|b].conf --> new swanctl.conf generated with the changes for opnsense/core#5636

Tests

The list of tests performed with their primary settings below:

  • VTI_S2S_psk
    • IKEv2
    • routed IPsec (VTI)
    • pre-shared-key authentication
    • tunnel 192.168.188.1 <-> 192.168.188.2
  • VTI_S2S_pubkey
    • IKEv2
    • routed IPsec (VTI)
    • (RSA) public key authentication
    • tunnel 192.168.188.1 <-> 192.168.188.2
  • VTI_S2S_rsa
    • IKEv2
    • routed IPsec (VTI)
    • RSA (certificate) authentication
    • tunnel 192.168.188.1 <-> 192.168.188.2
  • PB_S2S_psk_default
    • IKEv2
    • policy based
    • pre-shared-key authentication
    • tunnel 192.168.111.0/24 <-> 192.168.112.0/24
    • tunnel 192.168.113.0/24 <-> 192.168.114.0/24
  • PB_S2S_psk_isolation
    • IKEv2
    • policy based
    • pre-shared-key authentication
    • tunnel isolation selected
    • tunnel 192.168.111.0/24 <-> 192.168.112.0/24
    • tunnel 192.168.113.0/24 <-> 192.168.114.0/24
  • PB_S2S_psk_IKEv1
    • IKEv1
    • policy based
    • pre-shared-key authentication
    • tunnel 192.168.111.0/24 <-> 192.168.112.0/24
    • tunnel 192.168.113.0/24 <-> 192.168.114.0/24
  • BP_S2S_IPv6_tunnel
    • IKEv2
    • policy based
    • pre-shared-key authentication
    • tunnel isolation selected
    • tunnel 192.168.111.0/24 <-> 192.168.112.0/24
    • tunnel 192.168.113.0/24 <-> 192.168.114.0/24
    • tunnel fc00::1/28 <-> fc00::2/128
  • PB_Mobile_IKEv1_Xauth
    • IKEv1
    • policy based
    • xauth + local database
  • PB_Mobile_IKEv2_EAPMSCHAP2
    • IKEv2
    • policy based
    • eap-mschapv2

opnsense_ipsec_testsuite's People

Contributors

adschellevis avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.