# HG changeset patch # User Sebastien Decugis # Date 1283149476 -32400 # Node ID 7b569c198c7c8c1ea445c0959ef3d0add50514d2 # Parent 6400e361388807a595b513bd1a479a0fc3739b6c New EAP test configurations diff -r 6400e3613888 -r 7b569c198c7c ca/rebuild_tree.sh --- a/ca/rebuild_tree.sh Mon Aug 16 15:44:59 2010 +0900 +++ b/ca/rebuild_tree.sh Mon Aug 30 15:24:36 2010 +0900 @@ -40,4 +40,5 @@ make newca ca=mgr.testbed.aaa name=eap.testbed.aaa make newcert ca=eap.testbed.aaa name=gw.eap.testbed.aaa make newcert ca=eap.testbed.aaa name=backend.eap.testbed.aaa +make newcert ca=eap.testbed.aaa name=supauth2.eap.testbed.aaa diff -r 6400e3613888 -r 7b569c198c7c conf/backend.eap.testbed.aaa/freeDiameter/freeDiameter.conf --- a/conf/backend.eap.testbed.aaa/freeDiameter/freeDiameter.conf Mon Aug 16 15:44:59 2010 +0900 +++ b/conf/backend.eap.testbed.aaa/freeDiameter/freeDiameter.conf Mon Aug 30 15:24:36 2010 +0900 @@ -59,4 +59,5 @@ : "/root/conf/freeDiameter/app_diameap.conf"; ConnectPeer = "gw.eap.testbed.aaa" { No_TLS; }; +ConnectPeer = "supauth2.eap.testbed.aaa" { No_TLS; }; diff -r 6400e3613888 -r 7b569c198c7c conf/eapmgr.testbed.aaa/dns/dnsmasq.conf --- a/conf/eapmgr.testbed.aaa/dns/dnsmasq.conf Mon Aug 16 15:44:59 2010 +0900 +++ b/conf/eapmgr.testbed.aaa/dns/dnsmasq.conf Mon Aug 30 15:24:36 2010 +0900 @@ -17,5 +17,7 @@ dhcp-host=08:00:27:F0:A1:70,gw dhcp-host=08:00:27:D9:B0:9D,opendiam dhcp-host=08:00:27:63:F1:B7,supauth2 +dhcp-host=08:00:27:E5:C9:49,radpxy +dhcp-host=08:00:27:9C:70:CE,supauth3 #conf-dir=/etc/dnsmasq.d diff -r 6400e3613888 -r 7b569c198c7c conf/eapmgr.testbed.aaa/dns/hosts --- a/conf/eapmgr.testbed.aaa/dns/hosts Mon Aug 16 15:44:59 2010 +0900 +++ b/conf/eapmgr.testbed.aaa/dns/hosts Mon Aug 30 15:24:36 2010 +0900 @@ -14,6 +14,8 @@ 192.168.105.30 gw 192.168.105.40 opendiam 192.168.105.50 supauth2 +192.168.105.60 radpxy +192.168.105.70 supauth3 fde4:2c6e:55c4:105:a00:27ff:fe33:7782 supauth fde4:2c6e:55c4:105:a00:27ff:fef0:a170 gw fde4:2c6e:55c4:105:a00:27ff:fe0b:7859 backend diff -r 6400e3613888 -r 7b569c198c7c conf/gw.eap.testbed.aaa/freeDiameter/freeDiameter.conf --- a/conf/gw.eap.testbed.aaa/freeDiameter/freeDiameter.conf Mon Aug 16 15:44:59 2010 +0900 +++ b/conf/gw.eap.testbed.aaa/freeDiameter/freeDiameter.conf Mon Aug 30 15:24:36 2010 +0900 @@ -11,8 +11,8 @@ : "/root/conf/freeDiameter/rgw.conf"; # "opendiam.eap.testbed.aaa" = { uri="aaa://opendiam.eap.testbed.aaa;transport=sctp"; }; -ConnectPeer = "opendiam.eap.testbed.aaa" { #TLS_old_Method; - No_TLS; }; +# ConnectPeer = "opendiam.eap.testbed.aaa" { #TLS_old_Method; +# No_TLS; }; ConnectPeer = "backend.eap.testbed.aaa" { No_TLS; }; diff -r 6400e3613888 -r 7b569c198c7c conf/gw.eap.testbed.aaa/freeDiameter/rgw.conf --- a/conf/gw.eap.testbed.aaa/freeDiameter/rgw.conf Mon Aug 16 15:44:59 2010 +0900 +++ b/conf/gw.eap.testbed.aaa/freeDiameter/rgw.conf Mon Aug 30 15:24:36 2010 +0900 @@ -9,7 +9,7 @@ RGWX = "/root/freeDiameter/extensions/auth.rgwx" : auth : 1; # Dump state when loop ends -RGWX = "/root/freeDiameter/extensions/debug.rgwx"; +# RGWX = "/root/freeDiameter/extensions/debug.rgwx"; ################## diff -r 6400e3613888 -r 7b569c198c7c conf/radpxy.eap.testbed.aaa/ca_name --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/radpxy.eap.testbed.aaa/ca_name Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,1 @@ +eap.testbed.aaa diff -r 6400e3613888 -r 7b569c198c7c conf/radpxy.eap.testbed.aaa/modules/ca diff -r 6400e3613888 -r 7b569c198c7c conf/radpxy.eap.testbed.aaa/modules/ntp diff -r 6400e3613888 -r 7b569c198c7c conf/radpxy.eap.testbed.aaa/modules/vboxtools diff -r 6400e3613888 -r 7b569c198c7c conf/radpxy.eap.testbed.aaa/ntp.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/radpxy.eap.testbed.aaa/ntp.conf Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,19 @@ +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +server proxy.testbed.aaa + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + diff -r 6400e3613888 -r 7b569c198c7c conf/supauth2.eap.testbed.aaa/freeDiameter/CMakeFlags --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth2.eap.testbed.aaa/freeDiameter/CMakeFlags Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,9 @@ +-DBUILD_DBG_MONITOR:BOOL=ON +-DBUILD_APP_RADGW:BOOL=ON +-DBUILD_RGWX_DEBUG:BOOL=ON +-DBUILD_RGWX_AUTH:BOOL=ON +-DBUILD_RGWX_ACCT:BOOL=ON +-DBUILD_RGWX_ECHODROP:BOOL=ON +-DBUILD_TESTING:BOOL=OFF +-DCMAKE_BUILD_TYPE:STRING=DebugValgrind +-DDEFAULT_CONF_PATH:PATH=/root/conf/freeDiameter diff -r 6400e3613888 -r 7b569c198c7c conf/supauth2.eap.testbed.aaa/freeDiameter/echo_drop.rgwx.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth2.eap.testbed.aaa/freeDiameter/echo_drop.rgwx.conf Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,9 @@ + +# ECHO code 25 ; # Class attributes +# DROP code 18 ; # Reply-Message attribute, should not be included in requests +# DROP code 26 vendor 9 ; # Drop any Cisco-specific attribute +# ECHO code 26 vendor 0 ext 256 ; # Echo any extended attribute with the type 256. + +drop code 4 ; +echo code 33 ; + diff -r 6400e3613888 -r 7b569c198c7c conf/supauth2.eap.testbed.aaa/freeDiameter/freeDiameter.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth2.eap.testbed.aaa/freeDiameter/freeDiameter.conf Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,18 @@ +SCTP_streams = 3; +TLS_Cred = "/root/ca_data/cert.pem" , "/root/ca_data/privkey.pem"; +TLS_CA = "/root/ca_data/ca.pem"; +NoRelay; + +# LoadExtension = "/root/freeDiameter/extensions/dbg_monitor.fdx"; + +LoadExtension = "/root/freeDiameter/extensions/dict_nasreq.fdx"; +LoadExtension = "/root/freeDiameter/extensions/dict_eap.fdx"; +LoadExtension = "/root/freeDiameter/extensions/app_radgw.fdx" + : "/root/conf/freeDiameter/rgw.conf"; + +# "opendiam.eap.testbed.aaa" = { uri="aaa://opendiam.eap.testbed.aaa;transport=sctp"; }; +#ConnectPeer = "opendiam.eap.testbed.aaa" { #TLS_old_Method; +# No_TLS; }; + +ConnectPeer = "backend.eap.testbed.aaa" { No_TLS; }; + diff -r 6400e3613888 -r 7b569c198c7c conf/supauth2.eap.testbed.aaa/freeDiameter/rgw.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth2.eap.testbed.aaa/freeDiameter/rgw.conf Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,19 @@ + +# Handle some attributes +#RGWX = "/root/freeDiameter/extensions/echo_drop.rgwx" : "/root/conf/freeDiameter/echo_drop.rgwx.conf"; + +# Handle Accounting-Request messages received on the correct port +RGWX = "/root/freeDiameter/extensions/acct.rgwx" : acct : 4; + +# Handle Access-Request messages received on the correct port +RGWX = "/root/freeDiameter/extensions/auth.rgwx" : auth : 1; + +# Dump state when loop ends +# RGWX = "/root/freeDiameter/extensions/debug.rgwx"; + + +################## + +nas = 127.0.0.1 / "radiusecret2" ; + + diff -r 6400e3613888 -r 7b569c198c7c conf/supauth2.eap.testbed.aaa/hostapd/hostapd.conf --- a/conf/supauth2.eap.testbed.aaa/hostapd/hostapd.conf Mon Aug 16 15:44:59 2010 +0900 +++ b/conf/supauth2.eap.testbed.aaa/hostapd/hostapd.conf Mon Aug 30 15:24:36 2010 +0900 @@ -22,9 +22,11 @@ # Configuration for external RADIUS server own_ip_addr=192.168.105.50 nas_identifier=supauth2.eap.testbed.aaa -auth_server_addr=192.168.105.30 +#auth_server_addr=192.168.105.30 +auth_server_addr=127.0.0.1 auth_server_port=1812 auth_server_shared_secret=radiusecret2 -acct_server_addr=192.168.105.30 +#acct_server_addr=192.168.105.30 +acct_server_addr=127.0.0.1 acct_server_port=1813 acct_server_shared_secret=radiusecret2 diff -r 6400e3613888 -r 7b569c198c7c conf/supauth2.eap.testbed.aaa/modules/freeDiameter diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/ca_name --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth3.eap.testbed.aaa/ca_name Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,1 @@ +eap.testbed.aaa diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/hostapd/build.config --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth3.eap.testbed.aaa/hostapd/build.config Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,8 @@ +# Build-time configuration for hostapd on supauth: authentication role. + +# Driver interface for drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# Build IPv6 support for RADIUS operations +CONFIG_IPV6=y + diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/hostapd/hostapd.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth3.eap.testbed.aaa/hostapd/hostapd.conf Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,30 @@ +interface=wlan0 +driver=nl80211 + +logger_stdout=-1 +logger_stdout_level=2 +dump_file=/tmp/hostapd.dump + +ctrl_interface=/var/run/hostapd + +hw_mode=g +channel=1 +ssid=mac80211 test3 + +wpa=2 +wpa_key_mgmt=WPA-EAP +wpa_pairwise=CCMP + +ieee8021x=1 +eapol_version=2 +eap_message=hello + +# Configuration for external RADIUS server, actually a proxy +own_ip_addr=192.168.105.70 +nas_identifier=supauth3.eap.testbed.aaa +auth_server_addr=192.168.105.60 +auth_server_port=1812 +auth_server_shared_secret=radiusecret3.1a +acct_server_addr=192.168.105.60 +acct_server_port=1813 +acct_server_shared_secret=radiusecret3.1b diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/modules/ca diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/modules/hostapd diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/modules/ntp diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/modules/vboxtools diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/modules/wpasupplicant diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/ntp.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth3.eap.testbed.aaa/ntp.conf Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,19 @@ +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +server proxy.testbed.aaa + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/wpasupplicant/build.config --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth3.eap.testbed.aaa/wpasupplicant/build.config Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,26 @@ +# Config file for compilation wpa_supplicant sur supauth.eap.testbed.aaa + +# We use the WEXT generic driver with mac80211_hwsim hardware +CONFIG_DRIVER_WEXT=y + +# EAP and EAPoL +CONFIG_IEEE8021X_EAPOL=y +CONFIG_EAP_MD5=y +CONFIG_EAP_MSCHAPV2=y +CONFIG_EAP_TLS=y +CONFIG_EAP_PEAP=y +CONFIG_EAP_TTLS=y +# CONFIG_EAP_FAST=y +CONFIG_EAP_GTC=y +CONFIG_EAP_OTP=y +CONFIG_EAP_SIM=y +# ETC... +CONFIG_EAP_IKEV2=y +CONFIG_PKCS12=y + +CONFIG_EAPOL_TEST=y + +CONFIG_CTRL_IFACE=y +CONFIG_BACKEND=file +CONFIG_DEBUG_FILE=y + diff -r 6400e3613888 -r 7b569c198c7c conf/supauth3.eap.testbed.aaa/wpasupplicant/wpa_supplicant.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/conf/supauth3.eap.testbed.aaa/wpasupplicant/wpa_supplicant.conf Mon Aug 30 15:24:36 2010 +0900 @@ -0,0 +1,18 @@ +ctrl_interface=/var/run/wpa_supplicant + +network={ + ssid="mac80211 test3" + key_mgmt=WPA-EAP + proto=WPA2 + pairwise=CCMP + group=CCMP +# eap=MD5 +# password="himitsu" + + eap=TLS + identity="client2@eap.testbed.aaa" + ca_cert="/home/aaa/ca/ca_data/mgr.testbed.aaa/public/cacert.pem" + client_cert="/home/aaa/ca/ca_data/mgr.testbed.aaa/clients/client2/cert.pem" + private_key="/home/aaa/ca/ca_data/mgr.testbed.aaa/clients/client2/privkey.pem" +} + diff -r 6400e3613888 -r 7b569c198c7c mrb/update_all_vm.sh --- a/mrb/update_all_vm.sh Mon Aug 16 15:44:59 2010 +0900 +++ b/mrb/update_all_vm.sh Mon Aug 30 15:24:36 2010 +0900 @@ -35,8 +35,8 @@ eap) # The EAP testbed MGRS="$MGRS eap-eapmgr.testbed.aaa" - VMS="$VMS supauth.eap.testbed.aaa gw.eap.testbed.aaa" - VMS="$VMS backend.eap.testbed.aaa opendiam.eap.testbed.aaa" + VMS="$VMS eap-supauth.eap.testbed.aaa eap-gw.eap.testbed.aaa" + VMS="$VMS eap-backend.eap.testbed.aaa" ;; *)