mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
173 lines
5.4 KiB
173 lines
5.4 KiB
REM - Functional test script for IPSECPOL
|
|
REM - by RandyRam and DKalin
|
|
|
|
REM - Tests all flags in both modes
|
|
REM - Verification is manual :( for now
|
|
|
|
set WORKINGDIR=
|
|
|
|
REM - This is for boundschecker or ntsd
|
|
REM - each ipsecpol execution will be preceded with it
|
|
|
|
set PREAMBLE=
|
|
rem set PREAMBLE=ntsd -gG
|
|
|
|
set IPSECPOL=ipseccmd.exe
|
|
|
|
pushd %WORKINGDIR%
|
|
|
|
net stop policyagent && net start policyagent
|
|
|
|
if "%1"=="STATIC" goto STATIC
|
|
|
|
REM -------------------
|
|
REM - Dynamic Mode -
|
|
REM -------------------
|
|
|
|
echo General Test
|
|
|
|
%PREAMBLE% %IPSECPOL% -f 10.*+11.* 172.31.240.0/255.255.248.0+157.55.0.0/255.255.0.0 144.92.*:21+144.93.*::TCP *+dkalin-00:5000:UDP -n AH[MD5] -aK PRE:supercalifragilisticexpialidocious -1s des-md5-1 3DES-Sha-2 dEs-MD5-1 -1k 20000S/20Q -1e 400 -1f0+* 10.*+11.* dkalin-00=dkalin-04 -confirm
|
|
|
|
%PREAMBLE% %IPSECPOL% -f 10.*+11.*::TCP 172.31.232.0/255.255.248.0+157.54.0.0/255.255.0.0 144.94.*:21+144.95.*::TCP *+dkalin-00:5001:UDP -n AH[MD5]PFS esp[Des,sha]PFS Ah[Sha]+ESP[3des,NONE]21000K/600SPFS -aK CERT:"CN=CA1, OU=O, O=MEME,L=X, S=WA, C=DE, E=ME@here" -1p -confirm
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
|
|
echo Tunnel test
|
|
|
|
%PREAMBLE% %IPSECPOL% -f 10.11.12.*=12.11.10.*::ICMP 10.11.12.*=12.11.10.*::TCP -t 12.11.10.1 -confirm
|
|
%PREAMBLE% %IPSECPOL% -f 12.11.10.*=10.11.12.*::ICMP 12.11.10.*=10.11.12.*::TCP -t 10.11.12.1 -confirm
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
|
|
echo Me to Any dialup, soft
|
|
|
|
%PREAMBLE% %IPSECPOL% -f 0+* -n AH[MD5] -dialup -soft -confirm
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters policies
|
|
|
|
pause Check settings and press any key
|
|
|
|
echo Shutting down PA test/dangling p1 flag
|
|
net stop policyagent
|
|
|
|
%PREAMBLE% %IPSECPOL% \\%COMPUTERNAME% -f (0+*) [0+products2]
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% \\%COMPUTERNAME% show filters stats
|
|
|
|
pause Check settings and press any key
|
|
|
|
REM To test in dynamic mode yet:
|
|
rem - pathos
|
|
rem - lower case KSQ
|
|
|
|
if "%1"=="DYNAMIC" goto EOF
|
|
|
|
%PREAMBLE% %IPSECPOL% -u
|
|
|
|
:STATIC
|
|
echo Basic policy creation, using all flags
|
|
|
|
%PREAMBLE% %IPSECPOL% -w REG -p "IPSECPOL TEST":100 -r Rule1 -f 0=* 10.*+11.* 172.31.240.0/255.255.248.0+157.55.0.0/255.255.0.0 144.92.*:21+144.93.*::TCP *+dkalin-00:5000:UDP -n AH[MD5] esp[Des,sha] Ah[Sha]+ESP[3des,NONE]21000K/600SPFS -aK -1s des-md5-1 3DES-Sha-2 dEs-MD5-1 -1k 20000S/20Q -x
|
|
|
|
%PREAMBLE% %IPSECPOL% -w REG -p "IPSECPOL TEST":100 -r Rule10 -f *=0 12.*+13.* 172.31.232.0/255.255.248.0+157.54.0.0/255.255.0.0 144.94.*:21+144.95.*::TCP *+dkalin-00:5001:UDP -a PRE:supercalifragilisticexpialidocious CERT:"CN=CA1, OU=O, O=MEME,L=X, S=WA, C=DE, E=ME@here" -1s des-md5-1 3DES-Sha-2 dEs-MD5-1 -1k 20000S/20Q -x
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters auth
|
|
|
|
pause Check settings and press any key
|
|
|
|
echo Basic policy update, using all flags
|
|
|
|
%PREAMBLE% %IPSECPOL% -w REG -p "IPSECPOL TEST":100 -r Rule1 -f 0+1.1.1.1 -n AH[MD5] INPASS -soft -aK -t 129.2.2.2 -lan -1s DES-SHA-1 -1k 20000S/20Q
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters sas
|
|
|
|
pause Check settings and press any key
|
|
|
|
net stop policyagent
|
|
%PREAMBLE% %IPSECPOL% -w REG -p "IPSECPOL TEST":3 -r Rule2 -f 0+172.* -n BLOCK -1s DES-SHA-1 -1k 20000S/20Q -x
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show all
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% -w REG -p "IPSECPOL TEST":3 -r Rule3 -f 0+172.* -n PASS -1p -1s DES-SHA-1 -y
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% -w REG -p "IPSECPOL TEST":3 -r Rule3 -o
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
|
|
echo DS policy creation
|
|
%PREAMBLE% %IPSECPOL% -w DS -p "IPSECPOL TEST":100 -r Rule1 -f 0=* 10.*+11.* 172.31.240.0/255.255.248.0+157.55.0.0/255.255.0.0 144.92.*:21+144.93.*::TCP *+dkalin-00:5000:UDP -n AH[MD5] esp[Des,sha] Ah[Sha]+ESP[3des,NONE]21000K/600SPFS -aK -1s des-md5-1 3DES-Sha-2 dEs-MD5-1 -1k 20000S/20Q
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
%PREAMBLE% %IPSECPOL% -w DS -p "IPSECPOL TEST":100 -r Rule1 -o
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
|
|
echo policy creation using remote registry apis
|
|
%PREAMBLE% %IPSECPOL% -w REG:%COMPUTERNAME% -p "IPSECPOL TEST":100 -r Rule1 -f 0=* 10.*+11.* 172.31.240.0/255.255.248.0+157.55.0.0/255.255.0.0 144.92.*:21+144.93.*::TCP *+dkalin-00:5000:UDP -n AH[MD5] esp[Des,sha] Ah[Sha]+ESP[3des,NONE]21000K/600SPFS -aK -1s des-md5-1 3DES-Sha-2 dEs-MD5-1 -1k 20000S/20Q
|
|
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
%PREAMBLE% %IPSECPOL% -w REG:%COMPUTERNAME% -p "IPSECPOL TEST":100 -r Rule1 -o
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show filters
|
|
|
|
pause Check settings and press any key
|
|
|
|
echo ******************************
|
|
echo Don't forget to check the test
|
|
echo version stuff: min rekey params
|
|
echo des40, and export group
|
|
echo ******************************
|
|
|
|
:EOF
|
|
echo removing stuff
|
|
|
|
%PREAMBLE% %IPSECPOL% -u
|
|
pause Check settings and press any key
|
|
|
|
%PREAMBLE% %IPSECPOL% show all
|
|
|
|
pause Check settings and press any key
|
|
|
|
|
|
popd
|