From 0cf9c062e165da3e9444dfea93f25f198bb71a0e Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 2 Jul 2011 18:17:37 +0100
Subject: [PATCH] Test example: Files for a simple testing configuration now in
 test-example/

Including a set of dummy keys, and dummy IP addresses in 172.18.232.0/28.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 .gitignore                   |  3 +++
 test-example/Makefile        |  7 +++++++
 test-example/README          | 21 +++++++++++++++++++++
 test-example/common.conf     | 16 ++++++++++++++++
 test-example/inside.conf     | 16 ++++++++++++++++
 test-example/inside.key.b64  | 10 ++++++++++
 test-example/inside.key.pub  |  1 +
 test-example/outside.conf    | 16 ++++++++++++++++
 test-example/outside.key.b64 | 10 ++++++++++
 test-example/outside.key.pub |  1 +
 test-example/sites           | 25 +++++++++++++++++++++++++
 11 files changed, 126 insertions(+)
 create mode 100644 test-example/Makefile
 create mode 100644 test-example/README
 create mode 100644 test-example/common.conf
 create mode 100644 test-example/inside.conf
 create mode 100644 test-example/inside.key.b64
 create mode 100644 test-example/inside.key.pub
 create mode 100644 test-example/outside.conf
 create mode 100644 test-example/outside.key.b64
 create mode 100644 test-example/outside.key.pub
 create mode 100644 test-example/sites

diff --git a/.gitignore b/.gitignore
index bdab8e3..6881291 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,6 @@ debian/secnet
 debian/secnet.substvars
 *.xcodeproj
 /build
+
+test-example/*.key
+test-example/sites.conf
diff --git a/test-example/Makefile b/test-example/Makefile
new file mode 100644
index 0000000..67230b8
--- /dev/null
+++ b/test-example/Makefile
@@ -0,0 +1,7 @@
+all: sites.conf inside.key outside.key
+
+%.key: %.key.b64
+	base64 -d <$< >$@.new && mv -f $@.new $@
+
+sites.conf: ../make-secnet-sites sites Makefile
+	../make-secnet-sites sites sites.conf
diff --git a/test-example/README b/test-example/README
new file mode 100644
index 0000000..a6416f6
--- /dev/null
+++ b/test-example/README
@@ -0,0 +1,21 @@
+This directory contains some files useful for ad-hoc tests.
+With these it is possible to run a test of secnet on a Linux host
+even if that Linux host does not have another working network connection.
+
+The keys here are (obviously) public.  They were generated like this:
+ ssh-keygen -C inside@example.com -f test-example/inside.key -t rsa1 -b 1024
+ ssh-keygen -C outside@example.com -f test-example/outside.key -t rsa1 -b 1024
+ # edit sites to paste {inside,outside}.key.pub into pubkey lines
+ base64 <inside.key >inside.key.b64
+ base64 <outside.key >outside.key.b64
+
+To run the test:
+ Run the makefile:
+  make -C test-example/
+ In one window, as root
+  ./secnet -dvnc test-example/inside.conf
+ And in another
+  ./secnet -dvnc test-example/outside.conf
+ Then in a third
+  ping -I secnet-test-i 172.18.232.2 
+ 
diff --git a/test-example/common.conf b/test-example/common.conf
new file mode 100644
index 0000000..6f2fef1
--- /dev/null
+++ b/test-example/common.conf
@@ -0,0 +1,16 @@
+log logfile {
+	filename "/dev/tty";
+	class "info","notice","warning","error","security","fatal";
+};
+system {
+};
+resolver adns {
+};
+log-events "setup-init","setup-timeout","activate-key","timeout-key","errors",
+        "security";
+random randomfile("/dev/urandom",no);
+transform serpent256-cbc {
+        max-sequence-skew 10;
+};
+include test-example/sites.conf
+sites map(site,vpn/test-example/all-sites);
diff --git a/test-example/inside.conf b/test-example/inside.conf
new file mode 100644
index 0000000..775d593
--- /dev/null
+++ b/test-example/inside.conf
@@ -0,0 +1,16 @@
+netlink tun {
+	name "netlink-tun"; # Printed in log messages from this netlink
+	local-address "172.18.232.9";
+	secnet-address "172.18.232.10";
+	remote-networks "172.18.232.0/28";
+	mtu 500;
+	buffer sysbuffer(2048);
+	interface "secnet-test-i";
+};
+comm udp {
+	port 16097;
+	buffer sysbuffer(4096);
+};
+local-name "test-example/inside/inside";
+local-key rsa-private("test-example/inside.key");
+include test-example/common.conf
diff --git a/test-example/inside.key.b64 b/test-example/inside.key.b64
new file mode 100644
index 0000000..d384c7c
--- /dev/null
+++ b/test-example/inside.key.b64
@@ -0,0 +1,10 @@
+U1NIIFBSSVZBVEUgS0VZIEZJTEUgRk9STUFUIDEuMQoAAAAAAAAAAAQABAC5N9rmU46hhdLO1FVh
+Efkc9cq+x/UdC/a+nt0yM4HswxfChfJpcHq008Hkd4KOqRZORG7N5Q8fKPpkrnt3T3qSDX4P5HOW
+5Q+2Qc82h1hO4mDbHo2xqmp4hv/88fHgPQTW9MffriDFs24HTt7uOqvx5LNtdmrw5ws6cXuyLwan
+lQARAQABAAAAEmluc2lkZUBleGFtcGxlLmNvbe8z7zMD/1/rgT3PAAq+V1ItvJmsySoqUHlE7LfC
+PmKxuzQIYLzQvDlNTSE10xZapAtBqSdggeC+p/ORMKeefS4u/lnnmz2tW9TlbtwWfj5Bwm/ftUZR
+8BhelZQn5+/vTv1jLZ9dibLhemd20XxpMRIoOg+1w4xfbh1DoJbqs8OCCPPnNVJxAf9h3Hq0x84a
+P0JOgyFFNatWcRKVJxapseeZPnpIAnkaDZ0KirE1RZFkHbfL4HFL3kI3MI657rE7rSC2yakvJtX9
+AgDD98/vGKw19bSdM8dHbocQQdDmn3SG5U9psbkvNQh06seKNL9QOeH2iHqjzBXmwTjPiWphdsVP
+dFOBy1VE52YPAgDx9QU0xrSytFrjcqlP/FICaBiuJ9g0t4RbYBcm2iZaXLwXLDTX91arNJJrzblX
+9yMkHDBDw9j1nKXnig+8dtwbAAAAAA==
diff --git a/test-example/inside.key.pub b/test-example/inside.key.pub
new file mode 100644
index 0000000..85fea76
--- /dev/null
+++ b/test-example/inside.key.pub
@@ -0,0 +1 @@
+1024 65537 130064631890186713927887504218626486455931306300999583387009075747001546036643522074275473238061323169592347601185592753550279410171535737146240085267000508853176463710554801101055212967131924064664249613912656320653505750073021702169423354903540699008756137338575553686987244488914481168225136440872431691669 inside@example.com
diff --git a/test-example/outside.conf b/test-example/outside.conf
new file mode 100644
index 0000000..f1a5228
--- /dev/null
+++ b/test-example/outside.conf
@@ -0,0 +1,16 @@
+netlink tun {
+	name "netlink-tun"; # Printed in log messages from this netlink
+	local-address "172.18.232.1";
+	secnet-address "172.18.232.2";
+	remote-networks "172.18.232.0/28";
+	mtu 500;
+	buffer sysbuffer(2048);
+	interface "secnet-test-o";
+};
+comm udp {
+	port 16096;
+	buffer sysbuffer(4096);
+};
+local-name "test-example/outside/outside";
+local-key rsa-private("test-example/outside.key");
+include test-example/common.conf
diff --git a/test-example/outside.key.b64 b/test-example/outside.key.b64
new file mode 100644
index 0000000..f8ed4aa
--- /dev/null
+++ b/test-example/outside.key.b64
@@ -0,0 +1,10 @@
+U1NIIFBSSVZBVEUgS0VZIEZJTEUgRk9STUFUIDEuMQoAAAAAAAAAAAQABAC4D2q3B/nZUjsGMX72
+5FrgEB1y0uYS732QF/NXOEs9FA8/xmM68NF8JRfCctlCm9kQ9t/0xW+wOQTNg0BFIdgbZjXIwXLy
+K9rreM1G1BsTjROtiz1UyjZMpo3Z89SWjtYCVN/UldRhakw/o0vrEKkZDTxiryhhYCGDUkONNsa5
+1QARAQABAAAAE291dHNpZGVAZXhhbXBsZS5jb23IlsiWA/9AO6kbPN5VmBvfGnDbim+oWBde1fjS
+zN895Q3X915Sb2iu8fX5QMdqkqtLAbeORkMnZ3BaxHgowI1Lhy1rstbuiUcd3WWB6xUDcQll85Cy
++2IFfvFDKH7HsrzxgWx9M23WewlTje2NmVF0Y3xR39w2jUCLuEcyaWdPPQiLTucCgQH/axUYwPI5
+6QEKPiONve88GpehGCjereP5EjWTJomjQI+brOhnPckiWLwXXtWZoa894jpbVT8BtHNdDUg2gPFV
+pwIA0FQowUgwxCnCoNZe/v/K5zwP3ar8OPoBV2c8rnEuZ2sR0AdLcBpaCpOQf7LKk9p+GUOHlMJy
+hkrz7tAitvXEdQIA4i2dOA/PVYD6ZCZrwY5SToBmVtOzt2TVdhLbB/XDJ91ydl0uDdyN0Sn/Dyx+
+I55YwyhLA8zNV8mL4ZQS8OLz4QAAAAA=
diff --git a/test-example/outside.key.pub b/test-example/outside.key.pub
new file mode 100644
index 0000000..5e4cc0f
--- /dev/null
+++ b/test-example/outside.key.pub
@@ -0,0 +1 @@
+1024 65537 129251483458784900555621175262818292872587807329014927540074484804119474262261383244074013537736576331652560727149001626325243856012659665194546933097292703586821422085819615124517093786704646988649444946154384037948502112302285511195679291084694375811092516151263088200304199780052361048758446082354317801941 outside@example.com
diff --git a/test-example/sites b/test-example/sites
new file mode 100644
index 0000000..5aee3d8
--- /dev/null
+++ b/test-example/sites
@@ -0,0 +1,25 @@
+vpn test-example
+contact devnull@example.com
+dh 8db5f2c15ac96d9f3382d1ef4688fba14dc7908ae7dfd71a9cfe7f479a75d506dc53f159aeaf488bde073fe544bc91c099f101fcf60074f30c06e36263c03ca9e07931ce3fc235fe1171dc6d9316fb097bd4362891e2c36e234e7c16b038fd97b1f165c710e90537de66ee4f54001f5712b050d4e07de3fba07607b19b64f6c3 2
+hash sha1
+key-lifetime 72000000
+restrict-nets 172.18.232.0/28
+setup-timeout 2000
+setup-retries 5
+
+location inside root
+site inside
+  networks 172.18.232.8/29
+  peer 172.18.232.9
+  address [127.0.0.1] 16097
+  pubkey 1024 65537 130064631890186713927887504218626486455931306300999583387009075747001546036643522074275473238061323169592347601185592753550279410171535737146240085267000508853176463710554801101055212967131924064664249613912656320653505750073021702169423354903540699008756137338575553686987244488914481168225136440872431691669 inside@example.com
+
+location outside root
+site outside
+  networks 172.18.232.0/29
+  peer 172.18.232.1
+  address [127.0.0.1] 16096
+  pubkey 1024 65537 129251483458784900555621175262818292872587807329014927540074484804119474262261383244074013537736576331652560727149001626325243856012659665194546933097292703586821422085819615124517093786704646988649444946154384037948502112302285511195679291084694375811092516151263088200304199780052361048758446082354317801941 outside@example.com
+
+
+
-- 
2.30.2