wThe Linux FreeSWAN project (IPsec for Linux) produces rather complicated
networking code. The successful application of the protocol results in all
network data being encrypted. The use of dynamic keying means that it nearly
impossible for an observer (even a trusted one trying to testing) to know
what is going on. The need for multiple systems (often as many as 6) to be
properly configured creates an environment nearly impossible to test
regularily.

The emergence of virtual machine technology, particularly, User Mode Linux,
has provided a solution to the testing problem: create as many virtual
machines as needed and control them using standard testing skafolding
technology: expect. This paper describes the scaffolding and the resulting
testing regime which is used. 

The focus is around a modified network switch emulator, "uml_netjig" which
provides the ability to play and capture network packets through a single
User-Mode Linux virtual machine. 

A second iteration of this tool is also described, combining more complicated 
expect scripts, and a command mode for uml_netjig, permitting coordination of 
the multiple virtual machines that are needed when doing fully negotiated
IPsec sessions.



