IKE test

End-Node: A node who can use IPsec only for itself. Host and Router can be an End-Node.
Security Gateway (SGW) : A node who can provide IPsec tunnel mode for nodes behind it. Router can be a SGW.

*1 Encryption Algorithm: If the target supports the algorithm, it is necessary to transmit the attribute voluntarily or involuntarily.


 

---

Guidelines for Implementation and Priorities in Testing

• Guidelines for Implementation rev 1.0.2

---

IKEv1 Test Specification rev 1.0

End-Node

• Main mode (Initiator)(html)
• Main mode (Responder)(html)

• Main mode (pdf)

  If you select Aggressive as Phase-1 exchange mode,
  then you need to refer the following test specfications.

• Aggressive mode (Initiator)(html)
• Aggressive mode (Responder)(html)

• Aggressive mode (pdf)

SGW

• Main mode (Initiator)(html)
• Main mode (Responder)(html)

• Main mode (pdf)

  If you select Aggressive as Phase-1 exchange mode,
  then you need to refer the following test specfications.
  

• Aggressive mode (Initiator)(html)
• Aggressive mode (Responder)(html)

• Aggressive mode (pdf)

Test Specification archive is here (html).

---

Test Suite

The Test Suite correspondent to above specificaion is available.
If you want to try it, prepare a FreeBSD/i386 (6.2-RELEASE or higher) install PC and install both of TAHI platform and Test scripts listed below.

Platform


Please download the latest version of v6eval. (requires version 3.0.12 or higher)



Scripts

Please download IKEv1 Test Suite ver 1.0.5 Sep. 26, 2007.

MD5 (IKE_Self_Test_1-0-5.tgz) = 8ef74b6d81e3703a7a6c3b9945ac31fd



When you extract tarball, you can find $somewhere/IKE_Self_Test_1-0-5

After the configuration as described in INSTALL.ct, change directory to $somewhere/IKE_Self_Test_1-0-5/ike


Configure the ike_config for your device.

You can specify the Encription and Authentication algorithm you support as well as functions and waiting time.
At least you need to specify your device type (End-Node or SGW)
By default it runs for End-Node. If your device type is SGW, remove the comment out "#" at DEV_TYPE line.


Then type "make ipv6ready_enode" (for End-Node) or "make ipv6ready_sgw" (for SGW).

By default, it uses main mode for test. If you need to use aggressive mode you can use aggressive mode by typing "make ipv6ready_enode_agg" (for End-Node) or "make ipv6ready_sgw_agg" (for SGW)".

NOTE: If you want to use aggressive mode in Phase-1 for Phase-2 testing, you need to configure ike_config (remove the comment out "#" at USED_PHASE2_PRE_SEQ line). And If you want to use fqdn as ID type in aggressive mode, you need to configure ike_config (remove the comment out "#" at ID Payload type part).


• CHANGELOG



• Self-Test Sample Result (Self-test Ver. 1.0.3)
• For End-Node

  FreeBSD 5.4-RELEASE w/ipsec-tools-0.6.5_1(patched ipsec-tools-0.6.5-ipv6.patch) (Main mode)
  
  FreeBSD 5.4-RELEASE w/ipsec-tools-0.6.5_1(patched ipsec-tools-0.6.5-ipv6.patch) (Aggressive mode)
  

  
  
• For SGW

  FreeBSD 5.4-RELEASE w/ racoon-20040818a_1 (Main mode)
  FreeBSD 5.4-RELEASE w/ racoon-20040818a_1 (Aggressive mode)
  

  
  

---

IPv6 Forum, IPv6 Logo Comittee