For the DH19/DH20/DH21, since the test objective was to just demonstrate a basic crypto suite interop, i grouped everything reducing the number of tests (the convention seems to be one test per crypto suite). For instance, ikev2-algo-ike-dh-ecp-01's westrun.sh looks like:
../bin/libreswan-up-down.sh ikev2-ike=aes128-sha1-dh19 -I 192.0.1.254 192.0.2.254 ../bin/libreswan-up-down.sh ikev2-ike=aes128-sha1-dh20 -I 192.0.1.254 192.0.2.254 ../bin/libreswan-up-down.sh ikev2-ike=aes128-sha1-dh21 -I 192.0.1.254 192.0.2.254 this seems to work remarkably well(1)(2). I'm now wondering if this is a better more general approach for crypto suite interop tests like this. (1) my implementation is simple (I suspect there's a way to do this directly with whack; but that means learning whack :-) (2) anyone know a way to do this with strongswan as the initiator? _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
