ZHAW-Logo OAPA-Logo TAT-Logo
zurück  
Diplomarbeit 2004 (DA04): Arbeits-Archiv
 
DA Sna 04/3 - User-Mode-Linux Test Suite for Linux strongSwan
Studierende: Eric Marchionni, marcheri
  Patrik Rayo, rayopat

Betreuer: Andreas Steffen, sna

Data in the Internet without appropriate safety measures is completely unprotected and is usable for everyone. A possibility of company locations to be linked is offered by leased lines, but the state of art alternative is VPN (Virtual Private Network). Because the internet is used for the data transfer, this technology is very economic. VPN makes it possible to link company or partner networks over the insecure Internet in a secure way. A common VPN Protocol is IPsec, which ensures on Layer 3 of the OSI-Layer model strong cryptography.

The OpenSource Project strongSwan is an IPsec implementation for Linux. The employment of strongSwan using a Kernel 2.6.x makes it possible to use the new native IPsec stack, which is an integrated component of the new Kernel.

The goal of the undergraduate dissertation is to develop a Test Suite for strongSwan that makes it possible for developers to test new strongswan releases in a easy way. This Test contains for example standard connections such as roadwarrior tests using X.509 certificates as well as more complicated scenarios with roadwarriors behind a NAT box. The network for these tests does not have to be physically built, because the Test Suite emulates on one single host a virtual network using UML (User Mode Linux).

The Test Suite is a Framework, that makes it possible to test strongSwan automatically. It can also build only the UML instances whitout doing any tests, so the user can also work directly on the UMLs. Shell-Skripts are responsible that the Test Suite can be started successfully and implement the virtual network on the Host. The various UMLs act as VPN Gateways, Roadwarriors and Clients. The Test Suite is developed in modular way, so users can integrate new tests easily. The test results are deposited clearly and failures can be dissolved by using the generated log files.

zurück