RAS Authentication Test (Compact 2013)

Article
03/28/2014

3/26/2014

The RAS Authentication Test exercises authentication protocols and RAS flags. This is done by combining the following four authentication types with the twelve RASEO_* flags.

The four authentication types are as follows:

PAP
EAP
MSCHAPv2
NODDC

The RASEO_* flags are as follows:

RASEO_ProhibitPAP
RASEO_ProhibitEAP
RASEO_RequireEncryptedPw
RASEO_RequireMsEncryptedPw
RASEO_RequireDataEncryption
RASEO_RequireEncryptedPw | RASEO_RequireMsEncryptedPw
RASEO_RequireMsEncryptedPw | RASEO_RequireDataEncryption
RASEO_RequireEncryptedPw | RASEO_RequireMsEncryptedPw | RASEO_RequireDataEncryption
<no flag>

This combination of 48 test cases (12 flags x 4 authentication types) for IPv4 and IPv6, and they are repeated for the following RAS connection types:

L2TP (using a preshared key)
DCC (serial cable)

Note

No authentication is done over DCC. Instead, regardless of the combinations of RAS flags and authentication types, the test cases for DCC check for successful connection to the RAS server.

Test Prerequisites

Your device must meet the following requirements before you run this test.

The following tables show the hardware dependency for each RAS connection type.

Requirements	Description
Windows Embedded Compact device	The device being tested
RAS server with serial cable	Required for DCC. Should accept incoming clients without authentication. Must be connected to the Windows Embedded Compact device via a serial cable.
VPN server with Ethernet or other network connection	Required for L2TP. Recommended for IPv6 L2TP, VPN server with Win2K8 or later. Must be reachable over the network for VPN test cases (L2TP). The VPN server must accept all authentication protocols and must have dial-in permission for the username given in the command line.

The following tables show the software requirements for the RAS Authentication Test.

Requirements	Description
Tux.exe	Test harness, required for all tests
Kato.dll	Logging engine, required for all tests
PPPAuth.dll	Library containing the test cases

Subtests

The following table lists the subtests included in this test.

SubTest ID	Description
601	L2TP_PAP_PROHIBIT_PAP
605	L2TP_PAP_PROHIBIT_EAP
606	L2TP_PAP_REQUIRE_ENC_PW
607	L2TP_PAP_REQUIRE_MS_ENC_PW
608	L2TP_PAP_REQUIRE_DATA_ENC
609	L2TP_PAP_REQUIRE_ENC_MS_PW
610	L2TP_PAP_REQUIRE_MS_DATA_ENC
611	L2TP_PAP_REQUIRE_MS_DATA_ENC_PW
612	L2TP_PAP_REQUIRE_NO_FLAGS
801	L2TP_MSCHAPv2_PROHIBIT_PAP
802	L2TP_MSCHAPv2_PROHIBIT_MSCHAPV2
803	L2TP_MSCHAPv2_PROHIBIT_MSCHAP
804	L2TP_MSCHAPv2_PROHIBIT_CHAP
805	L2TP_MSCHAPv2_PROHIBIT_EAP
806	L2TP_MSCHAPv2_REQUIRE_ENC_PW
807	L2TP_MSCHAPv2_REQUIRE_MS_ENC_PW
808	L2TP_MSCHAPv2_REQUIRE_DATA_ENC
809	L2TP_MSCHAPv2_REQUIRE_ENC_MS_PW
810	L2TP_MSCHAPv2_REQUIRE_MS_DATA_ENC
811	L2TP_MSCHAPv2_REQUIRE_MS_DATA_ENC_PW
812	L2TP_MSCHAPv2_REQUIRE_NO_FLAGS
901	L2TP_EAP_PROHIBIT_PAP
905	L2TP_EAP_PROHIBIT_EAP
906	L2TP_EAP_REQUIRE_ENC_PW
907	L2TP_EAP_REQUIRE_MS_ENC_PW
908	L2TP_EAP_REQUIRE_DATA_ENC
909	L2TP_EAP_REQUIRE_ENC_MS_PW
910	L2TP_EAP_REQUIRE_MS_DATA_ENC
911	L2TP_EAP_REQUIRE_MS_DATA_ENC_PW
912	L2TP_EAP_REQUIRE_NO_FLAGS
1101	L2TP_NODCC_PROHIBIT_PAP
1105	L2TP_NODCC_PROHIBIT_EAP
1106	L2TP_NODCC_REQUIRE_ENC_PW
1107	L2TP_NODCC_REQUIRE_MS_ENC_PW
1108	L2TP_NODCC_REQUIRE_DATA_ENC
1109	L2TP_NODCC_REQUIRE_ENC_MS_PW
1110	L2TP_NODCC_REQUIRE_MS_DATA_ENC
1111	L2TP_NODCC_REQUIRE_MS_DATA_ENC_PW
1112	L2TP_NODCC_REQUIRE_NO_FLAGS
1201	DCC_PAP_PROHIBIT_PAP
1205	DCC_PAP_PROHIBIT_EAP
1206	DCC_PAP_REQUIRE_ENC_PW
1207	DCC_PAP_REQUIRE_MS_ENC_PW
1208	DCC_PAP_REQUIRE_DATA_ENC
1209	DCC_PAP_REQUIRE_ENC_MS_PW
1210	DCC_PAP_REQUIRE_MS_DATA_ENC
1211	DCC_PAP_REQUIRE_MS_DATA_ENC_PW
1212	DCC_PAP_REQUIRE_NO_FLAGS
1501	DCC_EAP_PROHIBIT_PAP
1505	DCC_EAP_PROHIBIT_EAP
1506	DCC_EAP_REQUIRE_ENC_PW
1507	DCC_EAP_REQUIRE_MS_ENC_PW
1508	DCC_EAP_REQUIRE_DATA_ENC
1509	DCC_EAP_REQUIRE_ENC_MS_PW
1510	DCC_EAP_REQUIRE_MS_DATA_ENC
1511	DCC_EAP_REQUIRE_MS_DATA_ENC_PW
1512	DCC_EAP_REQUIRE_NO_FLAGS
1701	DCC_NODCC_PROHIBIT_PAP
1705	DCC_NODCC_PROHIBIT_EAP
1706	DCC_NODCC_REQUIRE_ENC_PW
1707	DCC_NODCC_REQUIRE_MS_ENC_PW
1708	DCC_NODCC_REQUIRE_DATA_ENC
1709	DCC_NODCC_REQUIRE_ENC_MS_PW
1710	DCC_NODCC_REQUIRE_MS_DATA_ENC
1711	DCC_NODCC_REQUIRE_MS_DATA_ENC_PW
1712	DCC_NODCC_REQUIRE_NO_FLAGS

The following test cases are the L2TP authentication tests for IPV6 scenarios in pppauth.dll.

SubTest ID	Description
2601	L2TP_PAP_PROHIBIT_PAP_IPV6
2605	L2TP_PAP_PROHIBIT_EAP_IPV6
2606	L2TP_PAP_REQUIRE_ENC_PW_IPV6
2607	L2TP_PAP_REQUIRE_MS_ENC_PW_IPV6
2608	L2TP_PAP_REQUIRE_DATA_ENC_IPV6
2609	L2TP_PAP_REQUIRE_ENC_MS_PW_IPV6
2610	L2TP_PAP_REQUIRE_MS_DATA_ENC_IPV6
2611	L2TP_PAP_REQUIRE_MS_DATA_ENC_PW_IPV6
2612	L2TP_PAP_REQUIRE_NO_FLAGS_IPV6
2801	L2TP_MSCHAPv2_PROHIBIT_PAP_IPV6
2802	L2TP_MSCHAPv2_PROHIBIT_MSCHAPV2_IPV6
2803	L2TP_MSCHAPv2_PROHIBIT_MSCHAP_IPV6
2804	L2TP_MSCHAPv2_PROHIBIT_CHAP_IPV6
2805	L2TP_MSCHAPv2_PROHIBIT_EAP_IPV6
2806	L2TP_MSCHAPv2_REQUIRE_ENC_PW_IPV6
2807	L2TP_MSCHAPv2_REQUIRE_MS_ENC_PW_IPV6
2808	L2TP_MSCHAPv2_REQUIRE_DATA_ENC_IPV6
2809	L2TP_MSCHAPv2_REQUIRE_ENC_MS_PW_IPV6
2810	L2TP_MSCHAPv2_REQUIRE_MS_DATA_ENC_IPV6
2811	L2TP_MSCHAPv2_REQUIRE_MS_DATA_ENC_PW_IPV6
2812	L2TP_MSCHAPv2_REQUIRE_NO_FLAGS_IPV6
2901	L2TP_EAP_PROHIBIT_PAP_IPV6_IPV6
2905	L2TP_EAP_PROHIBIT_EAP_IPV6
2906	L2TP_EAP_REQUIRE_ENC_PW_IPV6
2907	L2TP_EAP_REQUIRE_MS_ENC_PW_IPV6
2908	L2TP_EAP_REQUIRE_DATA_ENC_IPV6
2909	L2TP_EAP_REQUIRE_ENC_MS_PW_IPV6
2910	L2TP_EAP_REQUIRE_MS_DATA_ENC_IPV6
2911	L2TP_EAP_REQUIRE_MS_DATA_ENC_PW_IPV6
2912	L2TP_EAP_REQUIRE_NO_FLAGS_IPV6
3101	L2TP_NODCC_PROHIBIT_PAP_IPV6
3105	L2TP_NODCC_PROHIBIT_EAP_IPV6
3106	L2TP_NODCC_REQUIRE_ENC_PW_IPV6
3107	L2TP_NODCC_REQUIRE_MS_ENC_PW_IPV6
3108	L2TP_NODCC_REQUIRE_DATA_ENC_IPV6
3109	L2TP_NODCC_REQUIRE_ENC_MS_PW_IPV6
3110	L2TP_NODCC_REQUIRE_MS_DATA_ENC_IPV6
3111	L2TP_NODCC_REQUIRE_MS_DATA_ENC_PW_IPV6
3112	L2TP_NODCC_REQUIRE_NO_FLAGS_IPV6

Setting Up the Test

The RAS Authentication Test requires the image to have the following SYSGENs set depending on what is being tested:

SYSGEN_PPP for DCC cases
SYSGEN_L2TP for L2TP cases

If you do not have one or more of these SYSGENs, you can exclude the relevant test cases by specifying only the desired test cases w the -x option in Tux.

Also, if you do not have the serial cable setup, you can skip the relevant test cases by specifying only the desired test cases using the -x option in Tux.

Boot the Windows Embedded Compact-based device and attach the serial cable to a RAS server. Run case 100 in the TAPIclient Tux suite to get the device identifier of the serial port you wish to use. For example: s tux -o -d tapiclient -x 100.

Running the Test

Before you can run the RAS Authentication Test, you must modify the current command line for this test by specifying the parameters after the -c.

s tux -o -d PPPAuth -c "[Parameters]"

The following table shows the command line parameters for use with the RAS Authentication Test.

Command line parameter	Description
-device id	choose available RAS device
-user username	User name to be authenticated
-dccuser username	Direct cable connection user name
-pwd password	User password
-dccpw password	Use direct cable connection and user password
-domain domain	The server domain
-svr VPN_server	(L2TP) The VPN server name
-psk key	(L2TP only) The preshared key
-x test_cases	Specifies the test case or cases to run

tux -o -d PPPAuth.dll -c" parameters"

There are two new options for IPv4 and IPv6.

Ipv6:

tux -o -d pppauth -c"-user user1 -pwd pass456$ -domain wincevpn -psk test123 -svr IPV6WCEVPNSRVR" -x 2801

ipv4:

tux -o -d pppauth -c"-user user1 -pwd pass456$ -domain wincevpn -psk test123 -svr IPV6WCEVPNSRVR" -x 801

Verifying the Test

When the test completes running, verify that "PASS" appears in the test log for all sub-tests.

Troubleshooting the Test

If any of the test cases fail, be sure you can connect to your VPN Server and RAS server using the Network Configuration Window from the control panel. Make sure that your VPN Server and RAS Server are set up correctly as described in Test Prerequisites for the RAS Authentication Test.

Share via