ipsec conftest Tool

Synopsis

ipsec conftest --help         show usage information

ipsec conftest --version      show conftest version

ipsec conftest --suite <file> global testsuite configuration (default: ./suite.conf)

ipsec conftest --test <file>  test specific configuration

Description

The ipsec conftest utility allows you to run preconfigured tests on IKE, based on the mainstream strongSwan stack. It can inject or mangle packets to test the behavior of other implementations under certain conditions.

The auxiliary ipsec command, if available, sets the execution path to ${libexecdir}/ipsec/ which is usually /usr/libexec/ipsec/ or /usr/local/libexec/ipsec/. The ${libexecdir} directory can be configured with the --libexecdir ./configure option defaulting to ${prefix}/libexec).

To enable the ipsec conftest utility, add

--enable-conftest

to the ./configure options.

Configuration

A test suite consists of a suite configuration file (--suite parameter) and individual test configurations (selected by the --test parameter) which use the same structure as strongswan.conf. To configure plugins, a conftest section in strongswan.conf can be used.

The README file in the conftest source has details on the possible configuration sections and options.