From 1f17fd679c357b6d21132da7a1e3ae7acd9fe47a Mon Sep 17 00:00:00 2001
From: Yu Jiung <jiung.yu@samsung.com>
Date: Thu, 6 Apr 2017 18:13:55 +0900
Subject: [PATCH] Add modules for ipsec RSA test

Change-Id: I35cf7fd0c6830e665a7aeea209c630a43170f94f
Signed-off-by: Yu jiung <jiung.yu@samsung.com>
---
 dvpnlib/include/dvpnlib-vpn-connection.h     |    2 +-
 dvpnlib/src/dvpnlib-vpn-connnection.c        |    7 +-
 include/vpn.h                                |    5 +-
 packaging/capi-network-vpn-setting.spec      |   47 +-
 src/include/vpn-internal.h                   |    2 +-
 src/vpn-internal.c                           |    8 +-
 src/vpn.c                                    |    6 +-
 test/CMakeLists.txt                          |   12 +
 test/ipsec_test/CMakeLists.txt               |   65 +
 test/ipsec_test/README                       |   22 +
 test/ipsec_test/client-cert-req.conf         |   16 +
 test/ipsec_test/gen_cert.sh                  |  189 ++
 test/ipsec_test/host-cert-req.conf           |   22 +
 test/ipsec_test/ipsec_server                 |  Bin 0 -> 49723 bytes
 test/ipsec_test/ipsec_server_src/compile.sh  |    2 +
 test/ipsec_test/ipsec_server_src/server.c    | 2581 ++++++++++++++++++
 test/ipsec_test/ipsec_server_src/server.conf |   16 +
 test/ipsec_test/root-ca-req.conf             |   23 +
 test/ipsec_test/root-ca.conf                 |   68 +
 test/ipsec_test/server.conf                  |   16 +
 test/vpn_test.c                              |   73 +-
 21 files changed, 3146 insertions(+), 36 deletions(-)
 create mode 100644 test/ipsec_test/CMakeLists.txt
 create mode 100644 test/ipsec_test/README
 create mode 100644 test/ipsec_test/client-cert-req.conf
 create mode 100755 test/ipsec_test/gen_cert.sh
 create mode 100644 test/ipsec_test/host-cert-req.conf
 create mode 100755 test/ipsec_test/ipsec_server
 create mode 100755 test/ipsec_test/ipsec_server_src/compile.sh
 create mode 100755 test/ipsec_test/ipsec_server_src/server.c
 create mode 100644 test/ipsec_test/ipsec_server_src/server.conf
 create mode 100644 test/ipsec_test/root-ca-req.conf
 create mode 100644 test/ipsec_test/root-ca.conf
 create mode 100644 test/ipsec_test/server.conf

diff --git a/dvpnlib/include/dvpnlib-vpn-connection.h b/dvpnlib/include/dvpnlib-vpn-connection.h
index 20682ea..f6163ed 100755
--- a/dvpnlib/include/dvpnlib-vpn-connection.h
+++ b/dvpnlib/include/dvpnlib-vpn-connection.h
@@ -85,7 +85,7 @@ typedef void (*vpn_connection_property_changed_cb)(
 /* experimental */
 GList *vpn_get_connections(void);
 struct vpn_connection *vpn_get_connection(
-				const char *host, const char *domain);
+		const char *name, const char *host, const char *domain);
 enum dvpnlib_err vpn_connection_clear_property(
 				struct vpn_connection *connection);
 enum dvpnlib_err vpn_connection_connect(struct vpn_connection *connection,
diff --git a/dvpnlib/src/dvpnlib-vpn-connnection.c b/dvpnlib/src/dvpnlib-vpn-connnection.c
index 824e614..03cedfe 100755
--- a/dvpnlib/src/dvpnlib-vpn-connnection.c
+++ b/dvpnlib/src/dvpnlib-vpn-connnection.c
@@ -792,9 +792,9 @@ GList *vpn_get_connections(void)
 }
 
 struct vpn_connection *vpn_get_connection(
-					const char *host, const char *domain)
+		const char *name, const char *host, const char *domain)
 {
-	if (!host || !domain)
+	if (!name || !host || !domain)
 		return NULL;
 
 	GList *iter;
@@ -804,7 +804,8 @@ struct vpn_connection *vpn_get_connection(
 		struct vpn_connection *connection =
 		    (struct vpn_connection *)(iter->data);
 
-		if (g_str_equal(connection->host, host) &&
+		if (g_str_equal(connection->name, name) &&
+				g_str_equal(connection->host, host) &&
 				g_str_equal(connection->domain, domain))
 			return connection;
 	}
diff --git a/include/vpn.h b/include/vpn.h
index ab6e7ea..90f2d20 100755
--- a/include/vpn.h
+++ b/include/vpn.h
@@ -314,7 +314,8 @@ int vpn_disconnect(vpn_h handle, vpn_disconnect_cb callback, void *user_data);
 GList *vpn_get_vpn_handle_list(void);
 
 /**
-* @brief Get Specific VPN Handle based on host & domain.
+* @brief Get Specific VPN Handle based on name, host & domain.
+* @param[in] name  The VPN Name Identifier.
 * @param[in] host  The VPN Host Identifier.
 * @param[in] domain  The VPN Domain Identifier.
 * @param[out] handle The VPN handle that matches host & domain.
@@ -324,7 +325,7 @@ GList *vpn_get_vpn_handle_list(void);
 * @retval #VPN_ERROR_INVALID_PARAMETER  Operation failed
 * @see vpn_get_vpn_handle_list()
 */
-int vpn_get_vpn_handle(const char *host, const char *domain, vpn_h *handle);
+int vpn_get_vpn_handle(const char *name, const char *host, const char *domain, vpn_h *handle);
 
 /**
 * @brief Get VPN Info (Name)
diff --git a/packaging/capi-network-vpn-setting.spec b/packaging/capi-network-vpn-setting.spec
index f9d2a40..268e0ad 100755
--- a/packaging/capi-network-vpn-setting.spec
+++ b/packaging/capi-network-vpn-setting.spec
@@ -1,3 +1,5 @@
+%define ipsec_test no
+
 Name:       capi-network-vpn-setting
 Summary:    Default VPN Library
 Version:    0.1.0_3
@@ -11,6 +13,18 @@ BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(glib-2.0)
 BuildRequires:  pkgconfig(vconf)
 BuildRequires:  pkgconfig(capi-base-common)
+BuildRequires:  pkgconfig(libtzplatform-config)
+%if "%{ipsec_test}" == "yes"
+BuildRequires:  openssl
+
+%global rw_app_dir %{?TZ_SYS_RW_APP:%TZ_SYS_RW_APP}%{!?TZ_SYS_RW_APP:/opt/usr/apps}
+%global cert_examples %rw_app_dir/vpn-cert-examples
+%define etc_dir     %{?TZ_SYS_ETC:%TZ_SYS_ETC}%{!?TZ_SYS_ETC:/opt/etc}
+%define ro_etc_dir  %{?TZ_SYS_RO_ETC:%TZ_SYS_RO_ETC}%{!?TZ_SYS_RO_ETC:%_sysconfdir}
+%global ca_certs_dir %{?TZ_SYS_CA_CERTS:%TZ_SYS_CA_CERTS}%{!?TZ_SYS_CA_CERTS:%etc_dir/ssl/certs}
+
+%global host_cert_examples %etc_dir/vpn-cert-examples
+%endif
 
 %description
 Library code for CAPI's to interact with the Default VPN functionality on TIZEN platform.
@@ -30,21 +44,41 @@ Requires:   %{name} = %{version}
 %description test
 Test cases for Default VPN Functionality on TIZEN platform.
 
+%if "%{ipsec_test}" == "yes"
+%package host-cert
+Summary:    Certification for host
+AutoReqProv: no
+
+%description host-cert
+Certification and private key for strongswan responder
+%endif
+
 %prep
 %setup -q
 cp %{SOURCE1001} .
 
-
 %build
 MAJORVER=`echo %{version} | awk 'BEGIN {FS="."}{print $1}'`
-%cmake . -DFULLVER=%{version} -DMAJORVER=${MAJORVER}
+%cmake . \
+%if "%{ipsec_test}" == "yes"
+        -DIPSEC_TEST=1 \
+        -DCERT_EXAMPLES=%cert_examples \
+        -DHOST_CERT_EXAMPLES=%host_cert_examples \
+        -DCA_CERTS_DIR=%ca_certs_dir \
+%endif
+        -DFULLVER=%{version} \
+        -DMAJORVER=${MAJORVER}
 
 make %{?_smp_mflags}
 
-
 %install
 %make_install
 
+%if "%{ipsec_test}" == "yes"
+mkdir -p %buildroot%cert_examples
+mkdir -p %buildroot%host_cert_examples
+%endif
+
 #License
 mkdir -p %{buildroot}%{_datadir}/license
 cp LICENSE.APLv2 %{buildroot}%{_datadir}/license/capi-network-vpn-setting
@@ -69,3 +103,10 @@ cp LICENSE.APLv2 %{buildroot}%{_datadir}/license/capi-network-vpn-setting
 %manifest %{name}.manifest
 %{_libdir}/vpn_setting_test
 %{_bindir}/vpn_setting_test
+%if "%{ipsec_test}" == "yes"
+%{cert_examples}/*
+
+%files host-cert
+%{host_cert_examples}/*
+%endif
+
diff --git a/src/include/vpn-internal.h b/src/include/vpn-internal.h
index 7669aa0..f1395f9 100755
--- a/src/include/vpn-internal.h
+++ b/src/include/vpn-internal.h
@@ -71,7 +71,7 @@ int _vpn_connect(vpn_h handle, vpn_removed_cb callback, void *user_data);
 int _vpn_disconnect(vpn_h handle);
 
 GList *_vpn_get_vpn_handle_list(void);
-int _vpn_get_vpn_handle(const char *host, const char *domain, vpn_h *handle);
+int _vpn_get_vpn_handle(const char *name, const char *host, const char *domain, vpn_h *handle);
 int _vpn_get_vpn_info_name(vpn_h handle, const char **name);
 int _vpn_get_vpn_info_type(vpn_h handle, const char **type);
 int _vpn_get_vpn_info_host(vpn_h handle, const char **host);
diff --git a/src/vpn-internal.c b/src/vpn-internal.c
index 63293ad..dd3ad57 100755
--- a/src/vpn-internal.c
+++ b/src/vpn-internal.c
@@ -331,16 +331,16 @@ GList *_vpn_get_vpn_handle_list(void)
 }
 
 /*
- * Get a specific VPN Handle based on host & domain parameters
+ * Get a specific VPN Handle based on name, host & domain parameters
  */
-int _vpn_get_vpn_handle(const char *host, const char *domain, vpn_h *handle)
+int _vpn_get_vpn_handle(const char *name, const char *host, const char *domain, vpn_h *handle)
 {
 	VPN_LOG(VPN_INFO, "");
 
-	struct vpn_connection *connection = vpn_get_connection(host, domain);
+	struct vpn_connection *connection = vpn_get_connection(name, host, domain);
 
 	if (connection == NULL) {
-		VPN_LOG(VPN_ERROR, "host=%s domain=%s", host, domain);
+		VPN_LOG(VPN_ERROR, "name=%s host=%s domain=%s", name, host, domain);
 		return VPN_ERROR_INVALID_PARAMETER;
 	}
 
diff --git a/src/vpn.c b/src/vpn.c
index ec45d53..cfd7e31 100755
--- a/src/vpn.c
+++ b/src/vpn.c
@@ -282,7 +282,7 @@ GList *vpn_get_vpn_handle_list(void)
 }
 
 EXPORT_API
-int vpn_get_vpn_handle(const char *host, const char *domain, vpn_h *handle)
+int vpn_get_vpn_handle(const char *name, const char *host, const char *domain, vpn_h *handle)
 {
 	int rv;
 
@@ -291,10 +291,10 @@ int vpn_get_vpn_handle(const char *host, const char *domain, vpn_h *handle)
 		return VPN_ERROR_INVALID_OPERATION;
 	}
 
-	if (host == NULL || domain == NULL || handle == NULL)
+	if (name == NULL || host == NULL || domain == NULL || handle == NULL)
 		return VPN_ERROR_INVALID_PARAMETER;
 
-	rv = _vpn_get_vpn_handle(host, domain, handle);
+	rv = _vpn_get_vpn_handle(name, host, domain, handle);
 
 	if (rv != VPN_ERROR_NONE)
 		VPN_LOG(VPN_ERROR, "Error!! VPN Get Handle failed.\n");
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 7477e12..cb6896e 100755
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -2,6 +2,8 @@ SET(fw_test "vpn_setting_test")
 
 SET(dependents "capi-base-common glib-2.0")
 
+SET(VPN_SETTING_CAPI_TESTS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+
 INCLUDE(FindPkgConfig)
 pkg_check_modules(${fw_test} REQUIRED ${dependents})
 FOREACH(flag ${${fw_test}_CFLAGS})
@@ -11,6 +13,12 @@ ENDFOREACH(flag)
 SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -Wall -fPIE")
 SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed -pie")
 
+IF(IPSEC_TEST)
+	ADD_DEFINITIONS(-DIPSEC_TEST)
+	ADD_DEFINITIONS("-DCERT_EXAMPLES_DIR=\"${CERT_EXAMPLES}/\"")
+	ADD_DEFINITIONS("-DCA_CERTS_DIR=\"${CA_CERTS_DIR}/\"")
+ENDIF(IPSEC_TEST)
+
 aux_source_directory(. sources)
 FOREACH(src ${sources})
     GET_FILENAME_COMPONENT(src_name ${src} NAME_WE)
@@ -20,3 +28,7 @@ FOREACH(src ${sources})
     INSTALL(TARGETS ${fw_test} DESTINATION ${LIB_INSTALL_DIR}/vpn_setting_test/)
     INSTALL(TARGETS ${fw_test} RUNTIME DESTINATION bin/)
 ENDFOREACH()
+
+IF(IPSEC_TEST)
+	ADD_SUBDIRECTORY(ipsec_test)
+ENDIF(IPSEC_TEST)
\ No newline at end of file
diff --git a/test/ipsec_test/CMakeLists.txt b/test/ipsec_test/CMakeLists.txt
new file mode 100644
index 0000000..4b553a5
--- /dev/null
+++ b/test/ipsec_test/CMakeLists.txt
@@ -0,0 +1,65 @@
+MESSAGE("GENERATING....")
+MESSAGE("current...." ${CMAKE_CURRENT_SOURCE_DIR})
+
+SET(ROOT_CA_CERT "root-ca-cert.PEM")
+
+SET(HOST_PRIVATE "host-private.PEM")
+SET(HOST_CERT "host-cert.PEM")
+SET(HOST_CMD "ipsec_server")
+SET(HOST_CONF "server.conf")
+
+SET(CLIENT_PRIVATE "client-private.PEM")
+SET(CLIENT_DER_CERT "client-cert.DER")
+SET(CLIENT_PEM_CERT "client-cert.PEM")
+SET(CLIENT_PKCS12_CERT "client-cert.p12")
+
+ADD_CUSTOM_COMMAND(OUTPUT
+	${ROOT_CA_CERT}
+	${HOST_PRIVATE}
+	${HOST_CERT}
+	${CLIENT_PRIVATE}
+	${CLIENT_DER_CERT}
+	${CLIENT_PEM_CERT}
+	${CLIENT_PKCS12_CERT}
+
+	COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/gen_cert.sh create_certs
+	WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+	COMMENT "Generating custom certification"
+	)
+
+ADD_CUSTOM_TARGET(cert_output ALL
+	DEPENDS
+	${ROOT_CA_CERT}
+	${HOST_PRIVATE}
+	${HOST_CERT}
+	${CLIENT_PRIVATE}
+	${CLIENT_DER_CERT}
+	${CLIENT_PEM_CERT}
+	${CLIENT_PKCS12_CERT}
+	)
+
+INSTALL(FILES
+	${ROOT_CA_CERT}
+	${CLIENT_PRIVATE}
+	${CLIENT_DER_CERT}
+	${CLIENT_PEM_CERT}
+	${CLIENT_PKCS12_CERT}
+
+	DESTINATION ${CERT_EXAMPLES}
+	PERMISSIONS OWNER_READ
+							GROUP_READ
+							WORLD_READ
+							)
+
+INSTALL(FILES
+	${ROOT_CA_CERT}
+	${HOST_PRIVATE}
+	${HOST_CERT}
+	${HOST_CMD}
+	${HOST_CONF}
+
+	DESTINATION ${HOST_CERT_EXAMPLES}
+	PERMISSIONS OWNER_READ
+							GROUP_READ
+							WORLD_READ
+							)
\ No newline at end of file
diff --git a/test/ipsec_test/README b/test/ipsec_test/README
new file mode 100644
index 0000000..28958cc
--- /dev/null
+++ b/test/ipsec_test/README
@@ -0,0 +1,22 @@
+[files]
+gen_certs.sh=shell script for certification files
+
+root-ca-req.conf=configuration file to generate root certification
+
+root-ca.conf=configuration file for CA
+
+host-cert-req.conf=Configuration file to generate host certification. You should make CN and SubjectAltName same with the Ipsec VPN server's IP or DNS
+
+client-cert-req.conf=Configuration file to generate client certification
+
+ipsec_server=strongswan responder cmdline tool. Generated from x86_64 linux
+
+server.conf=strongswan responder configuration.
+
+ipsec_server_src=folder includes the source code of ipsec_server.
+
+[generated files]
+root-ca folder=Folder for Root CA
+host cert and private key=host-private.PEM, host-cert.PEM
+client certs and private key=client-private.PEM, client-cert.DER, client-cert.PEM, client-cert.p12
+
diff --git a/test/ipsec_test/client-cert-req.conf b/test/ipsec_test/client-cert-req.conf
new file mode 100644
index 0000000..935eb4b
--- /dev/null
+++ b/test/ipsec_test/client-cert-req.conf
@@ -0,0 +1,16 @@
+[ req ]
+distinguished_name     = req_distinguished_name
+req_extensions         = client_req
+prompt                 = no
+
+
+[ req_distinguished_name ]
+C                      = KR
+ST                     = Seocho-Gu
+L                      = Seoul
+O                      = Samsung Electronics .Inc
+OU                     = .
+CN                     = dave@samsung.com
+
+[ client_req ]
+subjectAltName = email:dave@samsung.com
diff --git a/test/ipsec_test/gen_cert.sh b/test/ipsec_test/gen_cert.sh
new file mode 100755
index 0000000..3b3926c
--- /dev/null
+++ b/test/ipsec_test/gen_cert.sh
@@ -0,0 +1,189 @@
+#! /bin/bash
+
+ROOT_CA_DIR=root-ca
+CERT_DIR=cert
+NEW_CERT_DIR=newcerts
+DB_DIR=db
+PRIVATE_DIR=private
+
+ROOT_CA_PRIVATE_NAME=root-ca-private.PEM
+ROOT_CA_CERT_NAME=root-ca-cert.PEM
+ROOT_CA_REQ_CONF_FILE_NAME=root-ca-req.conf
+
+HOST_PRIVATE_NAME=host-private.PEM
+HOST_CERT_REQ_NAME=host-cert.csr
+HOST_CERT_NAME=host-cert.PEM
+HOST_REQ_CONF_FILE_NAME=host-cert-req.conf
+
+CLIENT_PRIVATE_NAME=client-private.PEM
+CLIENT_CERT_REQ_NAME=client-cert.csr
+CLIENT_DER_CERT_NAME=client-cert.DER
+CLIENT_PEM_CERT_NAME=client-cert.PEM
+CLIENT_PKCS12_CERT_NAME=client-cert.p12
+CLIENT_REQ_CONF_FILE_NAME=client-cert-req.conf
+
+CLIENT_CERT_NAME='"Dave Cert"'
+
+ROOT_CA_CONF_FILE_NAME=root-ca.conf
+
+
+OPENSSL=/usr/bin/openssl
+
+make_root_ca_dir()
+{
+	echo "make_root_ca_dir"
+	CURRENT_DIR=$(cd "$(dirname "$0")" && pwd)
+	echo $CURRENT_DIR
+
+	/bin/mkdir -p $CURRENT_DIR/$ROOT_CA_DIR
+	/bin/mkdir -p $CURRENT_DIR/$ROOT_CA_DIR/$CERT_DIR
+	/bin/mkdir -p $CURRENT_DIR/$ROOT_CA_DIR/$NEW_CERT_DIR
+	/bin/mkdir -p $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR
+	/bin/mkdir -p $CURRENT_DIR/$ROOT_CA_DIR/$PRIVATE_DIR
+
+	/bin/chmod 700 $CURRENT_DIR/$ROOT_CA_DIR/$PRIVATE_DIR
+	/bin/touch $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR/index.txt
+	$OPENSSL rand -hex 16 > $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR/serial
+	echo 1001 > $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR/crlnumber
+
+}
+
+root_ca_generation()
+{
+	echo "root_ca_generation"
+	CURRENT_DIR=$(cd "$(dirname "$0")" && pwd)
+	echo $CURRENT_DIR
+
+	ROOT_CA_PRIVATE=$CURRENT_DIR/$ROOT_CA_DIR/$PRIVATE_DIR/$ROOT_CA_PRIVATE_NAME
+	ROOT_CA_REQ_CONFIG=$CURRENT_DIR/$ROOT_CA_REQ_CONF_FILE_NAME
+	ROOT_CA_CERT=$CURRENT_DIR/$ROOT_CA_DIR/$CERT_DIR/$ROOT_CA_CERT_NAME
+
+	echo "root CA private key"
+	$OPENSSL genrsa -aes128 -passout pass:1234 -out $ROOT_CA_PRIVATE 2048
+	$OPENSSL rsa -in $ROOT_CA_PRIVATE -passin pass:1234 -out $ROOT_CA_PRIVATE
+
+	echo "root CA cert"
+	$OPENSSL req -new -x509 -config $ROOT_CA_REQ_CONFIG -key $ROOT_CA_PRIVATE -out $ROOT_CA_CERT
+}
+
+host_cert_generation()
+{
+	echo "host_cert_generation"
+	CURRENT_DIR=$(cd "$(dirname "$0")" && pwd)
+	echo $CURRENT_DIR
+
+	ROOT_CA_CONFIG=$CURRENT_DIR/$ROOT_CA_CONF_FILE_NAME
+
+	HOST_PRIVATE=$CURRENT_DIR/$HOST_PRIVATE_NAME
+	HOST_CONFIG=$CURRENT_DIR/$HOST_REQ_CONF_FILE_NAME
+	HOST_CERT_REQ=$CURRENT_DIR/$HOST_CERT_REQ_NAME
+	HOST_CERT=$CURRENT_DIR/$HOST_CERT_NAME
+
+	echo "host private key"
+	$OPENSSL genrsa -aes128 -passout pass:1234 -out $HOST_PRIVATE 2048
+	$OPENSSL rsa -in $HOST_PRIVATE -passin pass:1234 -out $HOST_PRIVATE
+
+	echo "host cert"
+	$OPENSSL req -new -config $HOST_CONFIG -reqexts host_req -key $HOST_PRIVATE -out $HOST_CERT_REQ
+	$OPENSSL ca -batch -config $ROOT_CA_CONFIG -in $HOST_CERT_REQ -out $HOST_CERT
+
+	/bin/rm $HOST_CERT_REQ
+}
+
+client_cert_generation()
+{
+	echo "client_cert_generation"
+	CURRENT_DIR=$(cd "$(dirname "$0")" && pwd)
+	echo $CURRENT_DIR
+
+	ROOT_CA_CONFIG=$CURRENT_DIR/$ROOT_CA_CONF_FILE_NAME
+	ROOT_CA_CERT=$CURRENT_DIR/$ROOT_CA_DIR/$CERT_DIR/$ROOT_CA_CERT_NAME
+
+	CLIENT_PRIVATE=$CURRENT_DIR/$CLIENT_PRIVATE_NAME
+	CLIENT_CONFIG=$CURRENT_DIR/$CLIENT_REQ_CONF_FILE_NAME
+	CLIENT_CERT_REQ=$CURRENT_DIR/$CLIENT_CERT_REQ_NAME
+	CLIENT_DER_CERT=$CURRENT_DIR/$CLIENT_DER_CERT_NAME
+	CLIENT_PEM_CERT=$CURRENT_DIR/$CLIENT_PEM_CERT_NAME
+	CLIENT_PKCS12_CERT=$CURRENT_DIR/$CLIENT_PKCS12_CERT_NAME
+
+	echo "client private key"
+	$OPENSSL genrsa -aes128 -passout pass:1234 -out $CLIENT_PRIVATE 2048
+	$OPENSSL rsa -in $CLIENT_PRIVATE -passin pass:1234 -out $CLIENT_PRIVATE
+
+	echo "client cert"
+	$OPENSSL req -new -config $CLIENT_CONFIG -reqexts client_req -key $CLIENT_PRIVATE -out $CLIENT_CERT_REQ
+	$OPENSSL ca -batch -config $ROOT_CA_CONFIG -in $CLIENT_CERT_REQ -out $CLIENT_PEM_CERT
+
+	$OPENSSL x509 -in $CLIENT_PEM_CERT -outform der -out $CLIENT_DER_CERT
+
+	$OPENSSL pkcs12 -in $CLIENT_PEM_CERT -inkey $CLIENT_PRIVATE -certfile $ROOT_CA_CERT -passout pass:1234 -export -out $CLIENT_PKCS12_CERT -name "Dave Cert"
+
+	/bin/rm $CLIENT_CERT_REQ
+}
+
+copying_root_ca()
+{
+	echo "copying_root_ca"
+	CURRENT_DIR=$(cd "$(dirname "$0")" && pwd)
+	echo $CURRENT_DIR
+
+	ROOT_CA_PRIVATE=$CURRENT_DIR/$ROOT_CA_DIR/$PRIVATE_DIR/$ROOT_CA_PRIVATE_NAME
+	ROOT_CA_CERT=$CURRENT_DIR/$ROOT_CA_DIR/$CERT_DIR/$ROOT_CA_CERT_NAME
+
+	/bin/cp $ROOT_CA_CERT $CURRENT_DIR
+
+	/bin/rm $ROOT_CA_CERT
+	/bin/rm -r $CURRENT_DIR/$ROOT_CA_DIR/$CERT_DIR
+
+	/bin/rm $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR/index.txt
+	/bin/rm $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR/serial
+	/bin/rm $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR/crlnumber
+	/bin/rm -r $CURRENT_DIR/$ROOT_CA_DIR/$DB_DIR
+
+	/bin/rm $ROOT_CA_PRIVATE
+	/bin/rm -r $CURRENT_DIR/$ROOT_CA_DIR/$PRIVATE_DIR
+
+	/bin/rm -r $CURRENT_DIR/$ROOT_CA_DIR
+}
+
+clear_all()
+{
+	echo "clean_all"
+	CURRENT_DIR=$(cd "$(dirname "$0")" && pwd)
+	echo $CURRENT_DIR
+
+	HOST_PRIVATE=$CURRENT_DIR/$HOST_PRIVATE_NAME
+	HOST_CERT_REQ=$CURRENT_DIR/$HOST_CERT_REQ_NAME
+	HOST_CERT=$CURRENT_DIR/$HOST_CERT_NAME
+
+	CLIENT_PRIVATE=$CURRENT_DIR/$CLIENT_PRIVATE_NAME
+	CLIENT_DER_CERT=$CURRENT_DIR/$CLIENT_DER_CERT_NAME
+	CLIENT_PEM_CERT=$CURRENT_DIR/$CLIENT_PEM_CERT_NAME
+	CLIENT_PKCS12_CERT=$CURRENT_DIR/$CLIENT_PKCS12_CERT_NAME
+
+	/bin/rm $CURRENT_DIR/$ROOT_CA_CERT_NAME
+	/bin/rm $HOST_CERT
+	/bin/rm $HOST_PRIVATE
+	/bin/rm $CLIENT_PRIVATE
+	/bin/rm $CLIENT_DER_CERT
+	/bin/rm $CLIENT_PEM_CERT
+	/bin/rm $CLIENT_PKCS12_CERT
+}
+
+case $1 in
+"clear_all")
+clear_all
+;;
+"create_certs")
+make_root_ca_dir
+root_ca_generation
+host_cert_generation
+client_cert_generation
+copying_root_ca
+;;
+*)
+/bin/echo gen_cert.sh [create_certs] [clear_all]
+exit 1
+;;
+esac
+
diff --git a/test/ipsec_test/host-cert-req.conf b/test/ipsec_test/host-cert-req.conf
new file mode 100644
index 0000000..608786f
--- /dev/null
+++ b/test/ipsec_test/host-cert-req.conf
@@ -0,0 +1,22 @@
+[ req ]
+distinguished_name     = req_distinguished_name
+req_extensions         = host_req
+prompt                 = no
+
+
+[ req_distinguished_name ]
+C                      = KR
+ST                     = Seocho-Gu
+L                      = Seoul
+O                      = Samsung Electronics .Inc
+OU                     = .
+CN                     = 192.168.0.108
+emailAddress           = test@email.adress
+
+[ host_req ]
+basicConstraints=CA:FALSE
+subjectKeyIdentifier=hash
+subjectAltName = DNS:192.168.0.108
+subjectAltName = IP:192.168.0.108
+extendedKeyUsage = serverAuth, 1.3.6.1.5.5.8.2.2
+
diff --git a/test/ipsec_test/ipsec_server b/test/ipsec_test/ipsec_server
new file mode 100755
index 0000000000000000000000000000000000000000..84fbec8f6e0df426868f4b161b1eaa8f82476dbd
GIT binary patch
literal 49723
zcmeIbdw5jU)jxg`2t*VT6gA#Q6a|$Kt_BsI0D}|c5+FgWmq|z_7fB{DGXsf=qA`?l
zjG`}4TCJtkTB_~qrCyL%n21WKRg1pVQneZtb;h7ZiyAF8-_Kfm?K9_0a*BQb`2F#F
zoaf1`y{>!hwfA0opUdpr=$SJsJuS`9pLF9wgRs2g+)Ps6hEe?!MunDd9A>zUlZ_LM
zL7-&d&&?cys-$6$nAR{;<OTo^#9w~8BIKvLxuD^Rifm}8JtRo=B|mN{DtO{e3f0gs
zTudN6^3}MVQNU7F5SS;9Z5%3m(IfXrFGuupL|(&AGK`Ogx_#6(`YV?96{ov_5$+~n
z%;fJRBw6|teGsak@|J5D1$1*k!+{hyd`zfNV*&KIeS#kfWQ)K;sn01chWM|cG}jnc
zTeEb^q;a(sV{2;y;ij=o`BTPDnUou>&z->SCi^6N@w^hQ$&4c~YTpR_QB#PYyP)*X
z=S_aTvFg*vrmXR|t^4H7OKv6Jbo`MGYS)@}*8ro!eK^rP`19g#y5}$Zx4wVZ^%q~*
zeOm3}qk8vVv*g65+ddz*HTvQ&yZ-mHVGwcr+ysY??1$?^h5ga9;81_`BOT<=caXos
zLH=_Gf2dAZKYo7WAYbWFZ-GO-wGQ%|9qey(kpC7w_7|Te4)W_9?2mPj|IR`F6$kn$
z4t73vh{G-iJChvjT;@Rk#=-u_4)LjSu(R5M{)~g2dmZYX>d>yC4)k2uci}JfbB2RI
z3moXnV4%P8;B%0_(?R}H2S2ZIpx^Ic|1<~r84mP`4)J``f&P+%|HnG`Gsl5`x`X}e
z9PICL@P8WQUHD7=yahsk{qmlJoj*9pH#zwEq67U62m1?P--W-_&jJTK_d3LFr31a)
z!OpV|{`?+xvW*-gZ$qigrFNztXKcLNPJcq|m*%)_^1l@OYmc_m9~V2R_9JZPaHD&K
zUH&()O8wQDVrL@TA7(sKZkIQ(E?41i?1bDrT8;AzUt#fFUxmNXUsV$f`5TMp&Zw;q
z_>0Sy*7^;fud1#-;0uPz8bdyx;hVkOw@~C})RqN<{-9FtSGmd;tPeMq`+bf6y87jQ
zqsq6;-|VZbsrCD+{2>@^tO-<sT2t>UuPzG&{I$Mtpr*+e@UH+BY@h#{a9OP?SA-i#
zv;xXy6&1e9a4j)RgO!bbs-V2qUk0_t#`;E5t3``^4UPT=f1m<*by=|57ovuVOTIF;
zqU6YgwhNc2mK9~8@@goC8k>D}kgYGzGtE}kH~PyIx2Dct9}bZQxT&q7rdFoZUV}LM
zY63MO(^{=RP!*!8EIzVSz~97Dhz7ApA=Fq~-q4IvU0F@QS6g4-;JYSlu~pU}?N#kE
zqi=1LZm6X?gk4jUh8x2H16>xVQ5BchHBbaBS~Y>7zmYsNyP~$f4E@tsU&mc-b5r%K
zEkcd{N;1toRbJ1{lD;$zk`_j6IStn-MzFqonLlJyhw1~h{2eqZ>(OANydFcSJcKb@
z1DUB)eZlgwK&63j1t?q%;SdHZ4dwD>7;npbm1Q-xM8()^G|-pSy+#AZWQdhQ^|hpn
zjxp-|bwO0=qk$EuN5sp^LN)aPqoE$d2TU?wSzcQo^cys~1N8=)P*wqjrUvdW9+199
zvZuzT&qoa+XE3iQ+Qy1Tbhi-*)mPU-ud)d&)ab7$3zY$18Vo97kT8@lo>Mq|hHpad
zxn^nnB(s<-P0US}C*)2>mY@$3gXNDfq#O%nAj(QcLE;gvKk0mZr70Q`SIa4yzS>Zj
zwwY!ik>R5teP<X?K}26~99vU^E384r3!DcHW8Iw_U?{`*v*06`KhStX@X&EJhfxdm
z2_8P4@N}aaIDLBVC}l|AjO3E~%2`{=g~9k%9x1xZLRX$E`e+MXOfw_TLf6-5#K^bM
zt=FS&3tdNu<h>R;`J_KZ7CK$m=+6=h9St@=r55@SlZxwe3;l2ly}?31!a{Gd(CJ!A
ze^y!O=A|&0Yb<o@h1FUMJxdz_+-RZez9;r33w^jnezS#c-Jd*Sp&w<D-(sQDwWR*E
zTj)n?BH%6y{TK^<w}pPJg}&E9&#}-uE%f6o^tgq7yoKIvp`T!(_gLuq9tX4UEM-7r
z<RmVsuS^U5WD7mpLO;bq&#};57P`wqKh;7XZJ}G|QJ#f<nnga}LO<O?cU$PAEOf7h
zeujl!WTBsFp)aw}M_cHn7Wx<qz1l)Q%R+Ck(9gEen=JHmEc8_t`dABnjfGCvNcywZ
zLLaAzfEz9JJPUo3g+AUw-)x~zu+Sf|&?j2xTP*aM7J9pdKFLDgWuZ^8(05zt=UV7{
zE%bZ~z0*RUYN5w1^z$tAZVUZ<3%$oer)w4Sb5|)BY5ZSk5)C8MLchpD&$iIr7J80_
zUSOenTlQyqqZ$9Y)@68G+d~=g^RWteTb|E+P6_o+{sOGtQ3vpyb&4A$!mEjy=<LO3
z)W?L=l9JfX_<MxYQj%zA{0+is2}wM{_-lmI(vjH2_=|+ol95=;_zuEpsYtA1d@JG9
z{6quej}e|pcq!u#5>87(qKNTd5l%}%!p->42&W|=k;nL5gj4EIxEQ~ca7yioY{qXU
zoKkwiVEkIbDU~O>zXM@ZBjJ?76P=7-P55xacQd|}@FNLtXZ%NmA4T{hj4vddQgmVy
z<Fg5;)SOt$_;kW4B_~!fejeeJiW3ctPavF9aH5p)vk0fun<!#@B;k~D6K=+jC;SA$
z^B6ypa7wWW7vn<+r_`FrW;~s6N~sBh@o$@fQz}h#|BKrH1>r8jI~o6&a7vwt-Hg9S
zIHk-)JL7K<PN_2S2;;92PAM|6iSZW+r_`8O%lHn$DJ3RWF}{^>N`;9A#vdb`QedK#
z@dpW~)R!n?{8xli%1gKz{~6(w>JoX3-$gj3xP*)GTM4JsmdIxOX2L0@B@D)|C7e=O
zqWd8CKjD<Z5}k}+P55}icQd|}@Ck&sGyWsODODvNVSFLsl!_9Y7@tizZB`R&8J|u#
zrKH3v#?K?1Qc<FT@d<?I6JE;rS%g#SNfa?Yl5k2n2{+@%6MjD7d5j-P_yvT!7#~77
zrJO`I<LQJ`s!14(f7=9{QcR-zpWOe1y9w_EKK_%!$g5X*Bky@z_H`E(7k0F-Eq5E<
zj%QsAIu<Q;8}XkYkOwNWPC;Vca_)vwqr^LwuJ^qyJ;S__4_2gK`P>%R;{<fz${4YF
zJF`w%MYJu1Y58Y+20-2$+2MWm<BPm$yS=aWgrU5Z1ih`Vg$`WljqFtV?}`4ZX*Jio
z3?n?e1e)<1(10s<W-JCN?H|ukKJ&Ir%Lzdsbh7Efh>}?L?eH%0LGSJ>6W2i{>l7mq
z1SA_snAzUQ${ued-0h8ey0->U`F8w4p(B1JLPpfe4(zh2;BE7!1NLmKWr>~M$e-gm
zh#T>Cy6cooOM5ygw}X!2AD^Ro7I|;l?@cp|$hK!N4J*9Sfum^9dn2Cs_;zpG6P=*4
z%UfMc{@NRP^&j4cI$B=>0~90LN{W%z-T1ETXx#%a&G5D{z7>Xz?es<U=A(Netk<%Q
zwVOTh;%|F<qY!VSdbZLfgE#UDWPb;`w{1O9rGlNYT@`MFU5V$S1zQlP-o)pyE!M&#
zVxK@FUI5iCRA*ujzOtTbeH}(NwsdA<-8t1XmhIQZ-X(c9cE3$N8}cWc@_DBGqguXe
zMbfy-CR}6+-(m{SP70?%crdr5Yf_RrFiAaGQ!&i0F>U2*Ti)oE@e1$66S=3bmiB&w
zVBPdQb>rn%_S380$P<qs29fn!@ckcjF?A_If-WXS)pg!zE7|f!TK58UaDS6b3y+`l
z8;<g}Y$E|9bXdzaQZt%I#BN0!;=k?Dab5;TC9oaw6+9|v*tBe;Z<4=<<eN?T^C2(H
z8%D%_OUx^X3F+R%$zaBZ0_`9-jKqF?MR}BY%XfRDZRDn^OpUCYA*x1e%QkM{jqdm>
zU-v%>&wy;|DBObT)hOHyZsJz1jtrg8m99J~%0qt)W2)@k=uP8rbuCl`B^o{=Ig7gT
z<An}R{1SA`Cz=YBc0M-iAC3CEhRW#AY8{Md2!hc?1G+1N9ZelByUCz!xFFfMA}jYJ
z*K|fo;vJrY6v+-x4}q4I`_pe2>TOxsX@mx~tc)Yass8-iSJIzdE4pgqQDCYEq9t)}
zbZ%$V1A8=;KSy;D&%vnYAiU44)X}>d<d&5OjT=vZBse)HrwAP7|H)8F^Yq}GLg<0b
zgJV2#cH(v<yJQC2j6vXyY+HgDeedy&j%}crMq5eE8+n~_)J>RUk=AMuTDH-5Z}>D*
zU}tQa>ErKo;}fqUM!Yg`o{PZ|BYq(!WTds0t<bm8JS~3pm;H~i9iUsfcd=PTp{}Cq
zn&^7+1zD0Dj<R7D+g1#L*7oMv@gp3pSJ<sLnbx~Vfi0ocC!19b66+}$=I3PQrspZl
zl3{p#>hN^a5b?@T!3O`fu#0p3Z3hs6ow1E(eb<qNXhtpbJ>6Ypv@&^-`Xinm46Ys{
zoZeLcflEjrT7q?t`=glDA{mpJ3dyJ&t71odF3iIKq&ngSR5m>zqwY*t?S|EEBfK%1
zk%OHk<fg)u8Zk87v9`u7TJfYGN2uZb?LRPqir~@HShp=6?V#!+8TT<2W7B;iZ2w*R
zBmVs!%G$qQQd#_4YdXM-yUHWKN2hYhWZJxwAa{5UaIB*qi?1VM4<f?xd8mRdB-T-P
zP+-UrUhj9twwj&rmADmk4}{a1a2j!nW_*pUmbYzg_tt@=&6D;i8o{0eEh`Tgp&_x|
zR7v6s)h1Hjq3ZBvM>DpPGV8S1bPkfv6VS0YEf0a;8wu};lpr~K_C|{aMm@XJcDEI!
zF=|ZRvHTiUig@;S4S3bR-zwJ9o_4-x|B6Jkgvn|+@Id(!cZ=@z<KqAPoTl5?d)d{!
zk)j-SqpO;%p*Op|k)mw2T(UpH1#h%L5!?gYyl|#uZ)Ens2(~~Y21Px4*3j+>ilT%N
zwA03r25+(z6cto85I}O1Int0>LG9%6ikPhNe4X{A=W8^F{fnD>B-*Q(LoqZe>&cR@
z$=aH1UBX6>A_Ysl#~XnjHHQt4DH2!th%Sz)!kb~!l%e=z0KuIIS~z!)_Ua+TYmMhi
zRP!a8OC2%*toU}iq9!BLY>w5D9M!~*aVf>I>(ELV%6h6D$^jU!jCj66o4@p`uI}-s
z?Z|q{^HpUeJzBCyF}zeI7|#Oil?G0P9n*Q2>Ab}9%kF++sYY=}{8sEN{*zelf|q7h
zW}G4=Z$&+CwH46-h;OGG2o#Q7o9!u(P%XU$4slDLD*1{UQyIyQmb}HyQag0SojdMw
zYh@`NM|UNtl0RaXuN+G5(rM$2{aibP|7=5tof)ZNLZd{RCj(n%-kJ^jOjg{)7z~=2
z8}-L$!$H~QL7a9`M%W#{|5KV)efR4JLHD+qo0P07z09|mreC2oI;ysf?twfw6&78B
z8Plp-)Da&Eg|-nG2`tI8iAzX3d<oLh<I0+a+@aW*vWjb9LLy}A5P!OGQ&cs{S%6bT
zYkPQp{M}FbZ^BfkCbSbn8|;X`3Vq(5BxswY8OXQM_0&0Qv`btg4|eT;OFW(Ohy_i0
zO8J^chy;QM$rQvw%Trom%}5dMq^UM_xbs3|-9~II!X59%BJPc@r=E&TKT)f>Pi$?!
z(G{Cc5@*75t%_J>>V|Yp0hI=XsCy|RW;|QxLhIO`EXEg;JCTgdU~o1~-B_+5`-k3G
zVn;bB>&JAhM|;HRz!w_eTyLjrJG+L(=q_9Q`2E;}Vf%+!*Ahq8KX~Ium_{^xVoS`?
zH3~H*o`QIa^546(^1<^x@#{a1m2&%GG7;%3{cwu3s;49VHRxSeq?o?BU*VmxrKVGB
zQBBt<?QD%nZzB58Sb$u)hfJsG?Z8d@i)eC0cveQ9cpP0}-NyFdO1z^r4k~;%k{1oh
ztFI2e=1^Rosx0>wH0YzJJ6)2IZ6lnK_!}mmvV@wA#P5Ns@vDbI+U~3;jjSizBduhn
zg)e8)TDB2_-t&<>bEpHiph>-*PWpUpr}U$Iy@+KG*JjZ+&Sf(4ko4PHyI~xA37W`V
z=vgJ5#;Psc!nDLkaJS|6biI|9pqGL=IOnLA?*o-ePL9welr$vDYTw6^rR)f)dN=O8
zC4*d?7L^+l)PS_zw2G^%Jx&0914w?E^)iA0Y}D=NB<^jSG+bHrmcQn0o1NxuThGx*
zdzI1|?&iFK(GzVYZ50sJ0^}DV?v8M56FdJ+0RB%sQN|UMs;aoFO1H(Kx&NnH{)q`;
z?Qcwu=z8jAtThw}8Em}K{1tBhs7w6wTOS86>*fM1$Fa>cv1Y`3d)H#__234Hx|M|+
zByWRguIw(_L`1^-WL`ryu10!G&)^j+v5a6qufd(i-p*JzS^WGXOx1>18c6XEP>z=D
zBOP^pG7U>~*P_@_#N0)K7spPg@-tLEKbBABN2ok5Hjm2pQ~9)58I?Cu`Pf*9%C}MZ
z@Ys!1UWM{nof=y9yJ^Ra9ouf~*mij%bCC<wWmkuX?sXtXd)l$hk?S2<(Jz1vwMea3
zBHijjWkiBz80}i;cGDi0B31A-nJJ9G_^Vr|qPYDW&PE;aV-Po5qCDM^A{U9$%q;s5
zCTItZjXP^nO5O#v_?Z^*(?tYEcgEJ>xkNmHs<pAv$o%#W(N{>YitQ<C;%h>=)eu0H
zYX81~yokC_$Gx&)QiMw<qhf{8eK=vbz`(sRVT=a$HG)E7)QSVx-q^29cwA^V%n&<Y
zbp7oEv5=tq9%Q$}eL6~9?Em^}IfsrKK-XVufKk73i%v|r0GonYr!T-xQWs#=s8GBA
zEQY;`$XumwxhB&Fd9Hkld6l%o7iBJsoo3UHx>sa&3XeKmr}3aOqp^?MCl|9Fo;ab&
zVTis?8HP{n(=mFCh7@n>JL2O&jqrV(^czRScJcT(1?i1ETsZLk+VBW2;ZAIL2$!gP
z^KrdE^KWOY6Pg@^_(`fs-N_#4rcS;aX@Lb2^j;~d$1FGp#x6&&_rZqcg7-_r8+TI9
zj-672DfqAVIn=54E-~%BkA_D*`%uS79#kdWk?H3oXckB<YCD=i9d3^1vt#Fy@lE|3
z{}ic2IlEe$DLM!96t}-HBj`@r0_EeR*a9+hS^s8!qaF?LAU^{lYLsAyM<dOhN7FJo
z8+J>2XrcXU?{08d_?!21o6kZ02H!$Ahl8FR_WM12Coa8fI2qqguUt~luYsKuJ-Xb~
zcW78g?tahjnhsUmE`*{?`4D!lC`PjZI%VJa8JdA!OYb_tw8C0^pC^t?ft!*~k(zV0
z*1IRDEn1>&7t{X8to$&tlAy;dF?tFT_h49>+_2(q0z*015&sMGDMKQJ*-ujlw$j&j
zdT%sFFQ>+*b2rfqt?8Lh|8_!Ofm4$L)M$=I@&?#_+$*@H8o`x=gsLMx_Fc>%sus=I
z8LPl>Q1jqu)rbEk5ZrV!q}Hzz%>QHq)4RenFt{Sc--C+4hf~xk6!4CC5z!Qm3)hag
z+r-h09q~syO}2}k^&c&=E@gUQj&0PnKw8$iMYvls+PuQY?FsH#q;tOaJQ!dv-6fn1
zdwZ#(B^0>Gb3hS=j(8!XbngJ(lBaLTR<Z#>S&MfKMw<^u{<C^kQG=58yh|~T=z0(V
zT~B68J$SOF9%yaL;X(EUJ^1%V+NuHOL|Pjdv^4?T(jIbUjq$9?8Z&oo)|iq_S!1qz
zBx{VnJ!?$e?yNE4&a5#jyCdt5AoY&c(Eu2Nxa-=QC&iA|(>1Y$D>Fj$9ER%S=P;y6
zoBnU1*3p^|EQd=Mpp-|Z+B|4Ss~f1dt+j|iq}2<MG~9J#loeZg@`9(~vXHon!gs==
z>&a@%j?4%by3pzC*<56|7gTRVVKmX%YiyFqdFr=2d5B>!bIW90{_Y+2f!f-_jl(vV
z+IW5|wI%DedVE8JT1YnLvJLb}D~FmcrladgS%yGea+G0^m12->#*S)Jhvylz9uH?%
zZZ<+Rz&6nUTZSRD8Mpc}y=|V|;?F@Cpvz=zwJ@Y95$r+%!Xvo|7p{IAQxYCvj}{HL
zgSv?vTaA?MZ3C@sE^Z}~Ilj6X`VMEbhm*TJmpSldu{Bd2r8jo2lbo9X%W<BuJnYr>
zfol5r?<ytCrRm!(^^C*COR|nbw0k8Ksol5{VYYi9wc86uYP%<)rP4~i|N0|pC`Bb&
zvT6H}e78Y9z5W&xITFL+N<WbpfUqHuKTmo|kwCV@V{bf*LZ9@g)+5KKca@+DSsV}q
zu6X^&R0lnCq8!YmqbaG;-TzRIk}m?BOA;zBYSDv%j`$8}C#%jgJAtx~V@DtjWh6FY
z;3R%bqerJ@)GrS*s#LX<&XK9ur%!3)EgNnj1+be)AuUp#<58Q{^S!Xs$vvt(=j@ls
z?bf*tkj6<?YXE~j*&vD~+L^NaCPz~PJ5S3W#}#cU=`>$5_=ucQc|Oy|cttTfw=cuO
zLs1;gjUy{G@hm3p7fBMj6hhjwoA$R;<RaTBjo@}Br;3i&CBQ&Oj-q9mN=S00$zruG
zwy+}IzYNh<Xx<xo>vTNt^Eh{H|FL*yU}hlgkZ~kMu7jWIsk(Q@ZZ((B*G)UGQQdel
zNILNS<u@_8*eNfb8iE*ANaS@ecb`eJo=vEOd{xDc_+d2o@hnkQ%dUrAu}$Rfy?-My
z(|VS!w(BZyw2kYGu2-g5-F!N*+^+XmLi>$cRONE9LbvnSkhwp~<~bHUdfH+axsHkR
zs(M%B{j1&7qiQ#CE*|I*_vz0-Rr~{1{;|T}nzjsEo&orxSdH&dT3fS-I$WqHXzEEs
zbqO^CR6Qp23op^5V<jnGjl_E$rdPkzmd++id1C2*=%F@z-RdUl)k6KXrd~r-UF#j7
zCTn%^9Fgs5EDXW;cjyqli%gN>={tuho}Sok#DBXF{~XP~kNDgB@Q={^EyTaK4}U*(
zCFWu5W#Zq^hyRl1zf1h9`tX0J`Ck(M!an@lG(WQz{FD3eYlV;5OSvGv{dmYxZ~lqy
zD))JMX^+|IWb;L~KzmXhvm9OL1mZu~hu^bT+UzF&t$p}=HGdBAukOR&qWMdRKf4cq
zqvn?r|ExazCe05Je@Gwx63uTS{>O}2+m|nVGiEnIj$-x`dT4!!n5`w78~WJX_g57Y
z)28l+8Q;TZH`$!t$L88po7&IM=$UCBKWP!PE`D*&!&u3-=hR92@JtSawHtli?d@>8
zM4)@?$q?8+N~Fe+_2|)WEO1eZ>E3>p(1$ZU;|rp<(S;39un)eGhVz1tT@{Z*tk;s5
z#wu-<nC@j0SX*1#Gq+C^yJ=2dod*HatN+3SQ-`_F<6gJ%5B&IxmNfh&+lc&PwdPR|
z)Uo)&k(uI1las2=ks(%9-G*sSs<vAHjFu+baOnQ}sQdf$S2M*gdh}UEDg9N(^o;35
zPxja3p8ue~K4lZqUph<+oV>Dy>3xa_ZKJGReT<W;Z2)eDYBEf=lx6GcUHn+<P+k2a
z<%sHP-Cu3rOZ60+BZuy<bCuOY%&$LE5TZw4J1?cb9%XvQT|`gzS1aXl^FGHR=GTS&
z1^t)w81#^{ej;jj40^`2`Q$8Z>vv@1&IRrS#AhqBeI^<u(tWagQ~72jh`xrqIrm5o
zLp1iNXy~l+30-u+=U5Kp;wxU07*O8gTP$>8pmG@By^0=vzeLl_I}7UEl+#t-IfFxs
zmvMQ+bE#s*-PBz$v(*Q}_DZ3iB~<c#H9wj~MO3!5>DF&q6ANZX{6*Pq_t~QzHjg_P
z0m9~5CCgLzi8PH^!%WJDn>2SaCw^tS{!5tx86VB<(;LswWt_equ%tcmaItCydwT$_
zICO8^z!lK-D(85gGA_MAzvGaqoO)xP(ns866|nWjM%Ch!-gu0<oO+{ydLt;kagV01
zBI+$dT`g2<-Fs?H;XZng7F*uPbi`kyg-Ocvu!+ij`sn9#`t;Ft>VnwTM^z@x(nkxe
zM4cR`foRr}+HX}{n{5^i#BF}3ev{Rb`|Ses;i3EOyGyt^y5D|7mzw4*8vkdrDyM#X
zMd>^ATc>JpO22(eEuhIrBTcQ1s;v5jy&q!f3w|QoUtbie%B}O|Gj*+O>x(x{nx!vx
zT8X+Z9tE*)%zD(WC*w%2&ej<#=yKR$5)D^P<K~?Ey*lH!vu&MmyfQA6=>C_@s+>Bb
zS?N1;#v%#();nlo=#*Bc;*c_lE)^<u5$}(ryH2o7m)mJyAk)P$rM+F)XS&QWZy_X8
zTE0oMbkS)bI`_siY}wWu33@=|&>Jmkq2u28Ee2X&!>J3*BIUZC8uZ*YIW>-X$*jt$
zH%?Rf4!!Y$YH_!{H{OYJOnEw-FG~>h!F`so^b5<f;y5+#_4bMT9{o(zvXr!&G)vqc
z0x>l_d@J(Vtr_DmbZ)~}>}Pqn0-1@MvFe3yGlONT`we*Vsosvn{rNFFBJ$QJrlmKV
z#tf*qnT)r6ylK1Cit#q?p_oS8k(DpuawRTHzP)EUJe@@E@VrGJ>Ujxoj6d5s0IzSp
zKm_lY9p1K^UF%A*{h((9J7afZysK5ca~HzfMt9hDZ2ujoF;a-P;yNngd8=jRTl9;B
zCqa*Y)PdVfxSi9Rn1$O+F&BxQ_9Az=y8VXxJFk%7b_k+Du-Flg{;yUV4kZW2+}bhP
z8}UOqy;TdJqf9Qdn9PSsn1^IXe1_@MV{iw%noj1RH%rfR8zkYv40ouuh^r+n%mCb5
zbP&s9G3p}RLxoLV%<oo@T-k~3JCp4lV!7q_XWZfB03H*2o8t0-MJ|ZV7+#w+dzXKJ
zAR9S(T1T&k9ikV%fmzjy$5VjXuqQ$<9uv^L7<-+1k>6w1y?82|P`!9NBIZzsYBI;~
zPRK`|{kL*Fdbf{6trYOP_HZ;fsT@3*EI*4fy-?jO(b)JxlIMSwqH(~CMz+2#*AFhG
zWoMc#``|ChmJL_q^I{m}mUW$rzT*0?x71&dQh$!6{tvJjv)2EA>y7d7PW8rZWLtcm
zWBNSa;<L=D|9W2c#zQ=QJw4kml{gMY9RF?DIoe;qKxF5?mBZa@Pfz3vc_wm#rF*Wo
zlo#NwA|1A4P_}l}C(k8$Te1I1hAMT$9#B8Pq8GpE7d5HuLk{T6%@7u%VLF7%%@BTy
zxt}tii{P9Z&}$Dhpeglr#A8r6#E7PMOwkpqq$^?=o;o&TEEg@GVnb$)(+fM2a(BIA
zjT7D7wFg7DZME69Bm1^31cRz=l$FVar|FIKtu#iq-zDCi%HCzfFLLpS=!6bEi97nQ
zM4)E;L<D>2l7k5M2;qLExl=SBAWhuj8~TK3%8-d$nqNp4k+4C5JlV1zeZR*ZimlHk
z<$jD^T5`yIpHK`&Eh*hx1A{4{$e>X0?Ghb|W4MJGL#07~fewe_;Dsrn_=I-x)=>OZ
zX?Bqynszs7QYhXKO$o){C4?k%p(QLwq4_#2d$AX>j*5rdlf3J(MY4uM7WGcF1P^;s
zeoth+Vf1|$_50ATDghl%;cufga>w@VpwjTct9bA}Wl=v8&Z)4z0SSi{P_57OV6;<~
zzyIQgN_e5j^HNLu5c;Vho^+@2k3wkMk@3h~r5Jm(Fm!L<C8O=wcPI{6;juN?PX163
zZ^CN}hp3fz61?c1@is@27u{dt>H(IxT#2%Ep`8{>@`n70DzGfH2(#Wp^{^Kb_70DF
zy(^j#xB!EojeaD<wHEG!HFHBUL`Ca=$$ts(D`tS_V^~Ez`&w4+Gn!p$ReE$g`@$1u
zJ<3X5ey9|GntrXZbuSE<(|I9X)1YBb;~isT>))-ca}}#wzkX4YoZBag7R7Y6x**}u
zT!J#YBdhL6<qq>c`(x6zZ?{pH_L(cN>(F8Hoo@@%Nc3c%F!8&A5~laeFpWlTObOGi
zs2{E7Fa=OnVOm2`rdV*+>$1k;Y`WOM@aiWP*^0$&y!HT#arq)kc_PZ%1qsby<pPWD
zp-r*4^UgE&&^Tpsx_VUe%!|&@=}R^z55fqyiGJp%n)%K@l6BmVver0B?G~G$p+!A#
zM`;f*vqx-4J@%9fA;ps^wg;%1{KL=?^>fU3Oxm}QORmlQ%#U9j8?xmy$RysDK-2K~
z1w?THL%&W93!9oHTQRI+G-eZb;ENhUzcR)w<oD$-aNmI60;SM?bmPcWT1&etvI7nA
zZd|i=)rL}|Yg($r1-|ew7TCFp1YBMCnXJujwne?gb0Dq7(}Uki9Ka7HvTpO^8im9+
zDrI8}nJ`CowhG*F|AY5?)K7i8mf)AQEu91KBF2!|5VR|P&sMTPKf8UlbD%fFy}lH~
zQ0*R`{tn$j-rKlQ1J_jDX0&gEarNts6seY;-tb+jj(pT%I^|0Ci2Qi@Y6>gf%)X^P
zER-c2Xmrqb&_oBxexhq)N@$D=#@&E7M{VIUE|_}5VET<qZ`W`Ysvd;u`WJY>m|kQ@
zRvwImd-xgDnJF#Q7mnYVjr<MV=o;l9HmpI9##IoDoob@j*qV(^qPZ=i-xHY^B(|vU
zjEy$+$3tJYJdb->`iNJYqD+v`74uE`G{}QSzf!;@HVQohZ@~LV2oJ=rFvY$_kAd6T
z-b5BiXfSF)yohQBD32cw;$?KKA;d$E?A=Oko9kI4szY8O2F<0D5OUbWD`TF$+?k=A
zxDPWqYP9r>3>^_)B;{kmsBYgd4!}M*<})2Dc$yRV(5xSiqaU4+Y5Zge?A}f_+eiHi
zSL7#y7pnm^UI2^UXvSHzZ-D~~(XIrYw5Nop{*&B`V-=>?cj@(wG<cYJhp)})ecp1Q
z_~|Krq+~Q_Bs!SBAM_QUr7G^CdLJ+q&tk=HdhZB|w==yPiYI=as(1$})<HnIbl4ZE
z0`z83VvcEfH&C4$GZK@SegKw>`Y28&#iLBiH*=1+Hg*IFe1Ryds%x=0+N1H0gAjOC
zx}hUp!d3HxK%?k&e~boHeIYg+cEzovxY4vs?^xIcehPuEYgN4)F|h31>xg@W;@;P%
zU3A__*M;hZ>m4Xdc5Y7Z8iVNvf7bL-Ig3;dR|W^5(=ETKpg|nRFF?F_%S&cb{7+Aq
z=NHiLXOZEzulh+T{ce2xQ(PbFp*vHQQbEVD2v{7Bh;`D4`!jUACJ?20Wc+3zNQNEp
z<1lV%iVeI*CxR7ELT*UxI1u7@Lrl$)oiQ>PzZ?Gc|IT#}f@<!K<ByRdZN_MS77f#8
z5;OT#o`f{sr^8+3@e4r*pRePvpzn;GV7k#w7TVOE_5+Ys7CPchRF-%U&7AZqHw#DK
zkf1dW)fG_^NZlI_#R!BPzKz63_@bq%&klK$<SVL*e@C)?JX|E3<H!-ZK<!71_tlY1
zXI>OPTB9|?<t##bG6$#Bw!MGz%3)drU!;IuU<ULTkJDm@C3xk5VOh6lskDer$=EQ}
zr6!sg%4}J20Vq0MqiOZ%6B^|O$D;fXY9Ynw8g|2L$ZOMKlY;aj^<qcHIH2?~Yv9`s
zc;nC9)E^*rYyl0rb2vq*U-gfOl@jSF*hj*|+`R>2Y9mDo@gY3UGTzTeb<vEs2w+$Z
zkF6!Gzdxq8V+&{p+7W*SA>d)4J9F!DAGY+=Msjv88RLQ45kD2Wuy`w31ZxL0w{VSr
zgLmk(KjOe7qu|nlNN>U7!pK(zC54f{6co>C8@1~!7mjFZ8%uD}oG~Aaf7AQyzXsq=
zOJ@A%kHTi_C!v$GPN8NP#+=B<b0S~OgpJ-2Z+TmuOY=_c3V%!o&Ru?G!4(Bp7F<=}
zd#<uFSIht7xn!BoYl?gk`Hm0sNDPOActsfJ*Cmgu!+YIyae`k>6)p12@OdwrzOZnn
zZ{eZ>AuK5<Dfaq`7F}Y)ll;O<Jc}n-_zEXJoq}8It7(t|4%aQmLBPI-G8|)EUgk?8
zI8t|cS;((AHOu@yKGT*8^(zAYMx&`L9I94CRaE5a=B14_6~2agoWrZ=4Z&qrv@uww
zP?%ai!Dn(6YI3>t_`exAs~5*jyZHQF7adRRQYQ&tKC0r%T-W8Jf>#dV1ASc~b)0jq
z@Le@Q*V1sXS?qY|Z0S>7Mf2y(@hn`JYG{aI;d@Jp{w;sr;(|GS1xf<T0*HW%4i|R$
zm-_=DI9CDZ3Iof_YHKQ74P}jGb$*;6Z7kxWkX4g3qP?Ak(~bQVu28*;PZoAj&|Ns&
zxZd7u4#zZZyslV9sJ^^B+}P-^(4nCNjl~g;MAANU*nCP<hZr^DGM#%|R_7{NSa_c6
z%u&HJjife?#}<!tO)Ahy2|3r<RbE?zU}z~iFxsU~%@(&Baay<^L_}a-$(%Vx5GN($
zoNq-`{R`8TW?YEx3f5ffcde)iRl5TI(2DxTWv->oA-}7>5eK5D$~G(uX~+4nXbfr>
zPJga%Y}QVVTVB>U4o7B>qcf%J1G&p<%4-aXXTT*5!Kvuw%ZyP$*EH94LyVQGbUDB|
zF5^mL&{=K{z)@oqEE0Hwz=s6BC-7T=)R>0G`f`6T$oi*^Rr-6x-n6q7UMTRYa}>T!
zpq5`;IHS-vV=i)pXF-W)QL$kmEGn8mZ;>ZSDVcZ4y!n^TQv}aq&%9!2U0k@R*t5_|
zE1B0Hb;kU8vkDi^wF{=&Gb;R*W#QV8Vf<R!^QgdA1im5gLxEoi{7&GITxquq#j?h#
za2>{xA)kwVh4X!w$>X?yDXR)RHyi!s{+i{OMbu+F%BT-3YUuE9bI@U0G~h^a8pbr1
z)cDfl1k){LsL)B{riKV(ER3ocVw6|c)K)a&ym39#`KWwKsHYl@OVugoE*v}Wg1pi^
zbqLN*w;WEdYcDJc`paEj&Y&(z)-?2dDx<1uG(zcBmzCBMO2;l*5m?Dgy`q=ISv84T
zwaqFO8@bq~O}IsyP^FF4W%-0;-DYAJ?Ih0HNz|%s)@`l>Hf^)+BwMXyIK96yXpAZg
zG^2~^>ak!c%6J0@(PQPne=ER$JIJH{qxFhb31d<<P&%icu|R#mk0ajcNcXaGJ|G@r
zY+N|lIF4(e|A^#o@|TaRX+ZCc^MxBKD9_h4@P8x-8VWbY=hYcy{@{ekQ^p3X%Lvrf
zS2T>zn=pyU<0s_zM;7Vv{mI&iY_MW-AHg~+ZDNH#NYz+WnPd|}wrQvjmemIB?%KVy
z@Wxv>TozX}8O9B>VpSrNKiGhO;h?M1_L8BPJbnVXIx&Be4vgveguF@l97un81MvZL
zJc*@ZFnOXS!p8TtuXa87_W?`M{RWK)qo#s)KtUNkYSUt1TOx$9JQ;Z42aV<a#vuI*
zfwI~aWz9jgR?(Kpz&{V*g^Lg@UPdzpU0GFCBl0>@kud=kmsO0Vsfm$8vpm$?;72l|
z?Tg8>tT`C27|OB?Ch2P3O5$86Emx*!IAEIVTa$%p1h5-1u#B@)LHwtNpepv&GFd?b
zv(La5rmiMHt7xB=m@GASRm;$?*pL|1V1xINyir7r6cNe@eeIYmLrrGYB#QHr$$3+a
z%G$CjrB1y_nS)lo1to>WT$qJzgm10~|ACCii#-b$70#c><vH^UX8N##DXe6k9lzL9
z%*;hf77L;kCDldVf`y)$ysswHtS&U(ktZuDnm>O|5}Q%ro8eigykn)Jg@ua?iajh*
zIIpm{P$O7_=N8Um3@ebUn07`*jrCR7I~rJR&U4Yf3>l(|v+&PUu#*XdaYxlPDsKX~
zqsC605Of(QTt0Dpow?i$A$$Vi!EkxG-(TU!s&&HUb+nWg;Xkhg{VuGm{zlhn^_AAX
zpf!s|=y^j7+RD1llkqwVGp4R$n%dq@Z}yX&k}KT=j9CJM0@n$AS>T|nl-!vDO9kE}
z@K*xg6!?w6V{x@dpUDDwzkZ&JR^`!SWH%nFs0n})3O5FVuDo1qWASf7l*~CUZ0E3F
z9%2kJN&@t+WN3>`!wRc1!iK3F!p^TMxS}jT3kSE<g^hbyPtx3R_=hQ&{<)aLm1w8A
zA7vv%tf>k&@;?~KMYqWm$<57Ww=MGJJhfdH&&9tFnS*}<<3i2hayZR#Ogmw~`2+DR
z#s{?}_x1J`q1^PF-d-1=e{*kd6X45$^#9uKd$6~+9q_f^_4dXA@A!RhZzgUmWju^u
z-2y%fSOhrzk>1`0Kp)^*!1Hi1`v~CKxKQ2=xB;*ma4TRo9{H}oC3_y=dw@lN^KpUN
z02l;Z3wSnepKJkKfb06bfY0C#Xb)iRGx*)_Aj6out+zKHa1Y=T!1uPpZ@|y-By=O-
z7<$kQxCwAC;BWC%ya#XzUK_|6Y#8l;ZotuaL4i(8-;Q@Z)&MTVi!z%5p9I_mcm>|b
zi39!>Ff-FIHscx2Xu#?8)D5s5uTIek>x=P#at+{1fSUmgJUrS3I0+BQ;(%)aGY>P2
zw*W^2?)o$I0dK>@+-kr-;4$<Xzzbf3KH%v8g+Aa-fN{WzJ<!J-d=hXpVAfxt519En
z^Z^5aYXCa{Hv_KwEA#>X2^a?~-V6Q14ddLuK_4&z=mmTaup02;H=qxg_9pZJ^8j}N
zh5_S%i~bJ%Bd`X(4Sm3O0lk1nbV48Sbig%$lir0s;6?92A8<CFC&mGv!Q<D=p@#AP
z2ha!n?nCGUuK5W1fb_cF8o+J1BflANAzmWf1-KV54p@lSHZyT&{Tsm1fZIQTKA`_o
z=mUNVxCU@)H}nDT2HXW$jT_f-z`cNZS-2$x=mn(D2nCF^YZn@6P1$KD95Fa^ZQ9^$
zqMwMrqWgP$&k`8|{mY~6;E}ws33CWz+!&TUYgo?gtixAit}-q<{`|8ho<5S;Br_9#
zAHZ%k5ekN7uTGyabWnOZYF2hCKpy++-rm>gu9N0_TLujHV;akl8r63j{@#3`x0fC#
z*yKj0n{rg&<M?|Ib9oz}DVM&*tZxs<H~zM_cX?`kHOczO&O!XWj9l;xVA9T0Y=`(K
zLcivr-rk#R{Oe8r1>nC3{z+E;66GrCUjcpx_-|VI>93pm*MomEa?s~C{(h5x5BQ6a
zo0i%5l_vig@b3kmVrTmAOV<Au_`d?bzc`V92f@GSzn$%$h<>;g{5q@s^lG#I3&8&?
z`2E#Sv@5`W6Z|cy{rQl+KW_nl*`vL^XTTq`9Rp6~&LThW2mc!6*k#DoNq*%3a)kKL
zgZ~U}WIlqj$xnaC^m8Bhb8w6QT^s)`lTYi$P~_$x+xRz|{L{e?fj`XV-(jYIGr?bq
zoSubx%=!lm;YN~w72q$x)3<!9{UDoX|8D`m2K*IPetM%>|NY>%gMXN<{()xw&x8M4
ztR)ZI^dDq>>W6*c=VOhr%}-Cufb^@B52QwNM-0T8c?dab&m_ogf!qe0KX;n`6oa3O
zwQC(2*7H664zoQW@P7q<g^jNUF4<oP{)gZ{VB`PN)PEfO+E{PzbvFKTlfMW24)Ez|
zS+f3@O#T7zo3N(-%*J1D@<(7z{sR0PZ0&0{+cydPBCNd|Z2EVa`o-Yy1b?}We~rlx
zfqx>_YI<O3`Zr*lX@4E~d04}p_>Y4>6Ki|1&HjAT{vPm~{tf>C_`d^xzfJ!mQ-1{Z
z6iwJGJa6O2O#USBPsHBgOq>5BP5+C*KMi||h)w?%Q$Ga$ZQwiAzYhE**o$0d(=Rsl
z9|!+V@ZY!b-!}Psz%RxgW}%Hg*W@1ne>M0{_D5iE6a)VooBjb)e-ii`u_vmu@ykqp
zG5BwT?_@s&{;_xy=w+M!E>nLU_|Jo1W#cb3`HzEt_{+}r_kceWe5d#v0Dtf+&hZ(6
zb$crKPX12<zY%;V|BJyt1$#lK_=mt>0RA{@`>y8ZaXwrJeku4KD?i<xY(My|;J<Af
ze}6N_-yZO1yy~2<4}d=&d(u@l``4NFM__MyC-`UE?4M!Up9KCr*u&;n^%o`mF9v@d
z_}Mo7!%h7V__tusd$^51$mFjBzaD#GC;sE${|I~HMw@<}slNyO-(ipJG(Qi3{|D@y
zPq679W9pB<-ul0>hrZR?zVuczK9j)D!QR?wJu3!35Bz`G^m|NwT!$M&u?MFU5Y7CT
zzSiWg1OI05SKIhEnf%AWkAr`WjbCf>_kch3E$98f0r39_{tLGCy4_r_N8s8Z@J?^<
zZ*2B|W!j$v{+HlKZ2V+?D+d26TsvH1i|;Hmz9H}<xTaWY)4$TRzYhFAf&Ze7{{r)8
zg7!H0O}G~E6My=!>^ssu!*XsP;2Gv>8|WD}`nC-3u)NiSyu<Qa2G1Slt{s+NFf6ZN
z*y!oQT+@f;Kz{nLOy2h&gq=;WLt)UL5h#o}0{IPexunpnAK(uW_#py6MBs-A{1Aa3
zBJe{5eu%&i5%?hjKSbdFR}ttw&du%FEl@X(F6HQx3ZIgTCtNb|r+b8(As+AW=aF(Z
z!{Zcc7`K;l=>)-XD}q1AYh3trACx|t|K)eR^@MLscM~vh3y(j$4|6lbEiL|Zrn?#9
z5|=**aqpKtxYXkh-?KpJXu&lQF~e9}$|QYFm?MVix{yA&b;O@z1@0Z@=8~qj3$Fdv
z_2HHSe>DDGuWC=J$oC4a<BLaK+}@Xlx<&K<8;~RMPp$2Yqm>_11kMt;SYV~V<pNg=
z+#v7)flmtDDe!fH9}4_R;Gknvea8qqL*NvFvji>{SSfJ1z|{gb2z)@`lLB`Nd|lv&
z0>2VC=vb*=;28p^2%IHwvA{}!%LT3$xIy3p0-qGPQ{d|YKNR?tz(F}uzrZsDP7ydu
z;9`N50+$P1EpUUt2LwJTaHqi61%4>-D}jS#{vRXojFfy}9OAP}=Di-ze-m8KtAyZs
z-hCrD9!>D)unM=7z8}!_9G9Y}>!Xuetsh<Q*(r2g|Kt?9&NtIj=!3-Q{1m#*2TM}u
zIxj3uq3irmmqOQhtT~0Q^I2;OUFYF-DRiBW?@OWMF*<)9OQ8$d5j;`jX5LPLuL*od
z;8c&|pEyfF-9KHz|EItqS1bPU0y{*${bEJe{WnJVQw4ejE)jU6SIN&QR8aSCmGD;x
zTrF^ez$0cW`OgIE{{OY`pAh)Gz&!$gc8SufnxmkR^7$;F=(^oKg6sASs#kpN=aGWz
z`dxzSahE6fAgSj<!Sy(sD|n{x%LLcsYK7o>JhcjbxX5o1T#ujM2tHK!j|+}<s#i!1
zE}k*tJlE)wrQtv*?3$FDpF3&ngfL^{Zx}x*H*Zqz#4(DFXQIL8I=uV}7;03oT9@!k
z1%G3MksH8^xVZ(>3&)1=rk=v80^!`HVZ16m7H?eU5>{OntTu8hngg(>V5m`X^lO$Z
zCWsHbMt^M?DM+aSZ<y!S1Zwad@;BkT5(s$p{F-5|zuH$xzq#;LS3p-|O2b#y*jU!A
zG<5mua)`ltSzS#z{HTXPeC2X2%HmSIrH>cD>a1^~Tch}&mude*V@r>x{B$=kJm(gI
z-aj!BUwRyB{4^A3>}dVsbT=?OHxz=4vE-K?mzpvj1*?82-Oa3!=%3D5@+(z;CRkr#
zkE83~nC@objY1$kef0R(<62P-V;%}LcC~(Ix*M2bbPAzcCJF&+yVlqHuf?Fz+|&Ac
zAGup5jNUgwgg>eAy9!j=vuS<3PkTuw%sSE2{%bi6mw``vK#l8tV5ubJQqfQKU&zL_
zC{RqbzTS7Xi@t8Bu0OT?x1{Lnee7PXFYzON$_c6Zw}VD85ivvW`@2Vgh|lo~nBU~9
z^%DVN)z6lFU-r>Tir=}iC}c}nLyE6eKTq~2d2*p~<7|sEids)of0m-JuTvf=R}wmJ
zYWY<EH;KL(|8h5rwu}CkI&m^J89zad%_xxnT7L_Ey-1%e{7?^lOM}z$Nv;1$@T~gn
zAva66hm_J4I*}{X>_0(`b`+?q&1!Bh1%?lGEIzuw71kGj2@HBZru8#LKl6L)?}aY;
zul2J<Kl^*?{~fwC_O!mfZpjh-PBM;<9-q2BdK`QRp0)m-J4#91=(&S|WBaw8E{Iw6
z^>w4MR_VKR$12pcr}Yn{=)3MJWl7gvN+CO?!(EDOet(M++0yNIZzyG6-UbH75<T%1
zYPbYyK#Mr}pQi}|wf@;DbdsfyhQm?Tbu&Z0E|>Z<wV=>bP_~m2B9@Hbs}$Bs9-wy%
zFU6mZo6c)AKl`h{>2an1T*~}QtzSv?|2+WS<)^#*Fb80^7WYdZV1)Xm4>a#rSd9(9
zs@B=B{2)WGLw5PWhF)Ln^h`sq8+Q6(hF%Zs^dW}M^LF~-X8yL*k1%vzw$q0iI^Wvq
z!wj8A?er|8z1(djad`l;vd()}<^W^3q4SxYex!N-$WA}X(D}zsA7SXcVy7Q%=zL+P
zAA|W{Y9(=bfN`vOU&zWFVB{Ej-rDKM8G1h2>8Y!tnok3b&ux2Z(xLR7hPM<_{io$E
z-56?=rd*Hb3Vm$~y+G)x_w#5@r5Q;-_57%0df#}qiJk5g`#)v*zWuTV^#0oQtk^l}
zcsELTmz%%w&Oacvt5xXyt~6-x3;psF-6-Mrb&@o?Q6~9YPj(a8;CFlh58{vLUyO94
zgx?PEH}VG>NOU>~mOfcx$0c<72YB?!=WkrA2%Y|86n!fA8}HQ!{oC{0OyPGVQJOAv
zecelb)8{gw>+9f!ifmjXbbY=1jnJb)*Vn()AM~N)T*!ZYo%^yP8|^~Z*S%Fjr+-0A
z^7{H#`}3vH_4TgyCmZqL_*~*<3)=o!Lf6;1THYh{rVEt3q<wzpnd}Ukrs&Jr8r~lk
z`CEj}?{<QBo6xshsN^+$v(Wcnr0B(Br(Ni7x1Ii$(ANolzsPqBeN};ye_rT=2dMVW
zoUZ8nt{8YH3w_xPMW=l#eI^V2fY7!5IYRH8>1Mgh_*=d6OmPUzveR!A`7`8xg_i%B
z(Em_qmw!U&1=25Cez(w{o}=W)Nxkn0JuY;Q(7zP=*ttrc-yH;RAodxQ2k0O!`shTI
z13LLnr)ALRH~eiFXKMMMlqw2v`ivL(lS<u;>$qXK^_vGSVmrf)oST$9E8%M{)BEN<
z;`f(NF5~)-?34emW;=cJd{E@|a|m7UYL@St=kEdiNG)W64>NtJv9{dJR17oz#DsqL
zrEbRg9Yd5}b+GfX1HIRQJ{<eH{`?u|K)(?5;ppE|>0g-TPoabSRZJghbWV1&9KYj^
zQX}Xtrr5u3XL{dt@TX#*{(Xh@vq|iKy-3md9Zv{6CGu8TD*sXBmrQgsi+=-v(qA0p
z<0Ak5X-b~1v+46s2l>MX^&ihMLZ|<iYW+-hke}&5ztn+V4|+EC4|&orx{l>6Kh(Hm
zs;c)@VMHA4{M>>5An2G~2AvH=pK6+j_-qyXp|NhpAK`DjZ^`t&`?pse?0+D3Mu?x+
ziJgBq$Y<eZQGerhqyv2l(}x;mla!wii~Z>i@(Ud36%O<!&_|{ZH8#oo%@X@Jusr7V
z<*MFmgdTOUbFavMUZ&)iiu_YTKX#;|zbW+R9qjCNpwsUZ`-|JR4)o)2q12!J7zer=
zbQ&jg0zG|lWSm^WbgT<^D>_jAT+Vi||CId?-AAEMwa}YSbu)ewf8#w}rVC;LH-k>&
zKXw0nhuC>?iJPTw6`gy8o-KK)TIdfkT@VX+7Ic>d*Tvlq^7}v^o}OcjmieOPKX;HH
zco@Ykd0nIP>QSKg7yr|kj`j3hH=AB36-;6~#~Ia<2T&b<E^@H5NbDRw-_3ITn=F(n
z9OSPR`)i~hwV(96)c*YZmDqR5yzp}^hVhutAH71=%kPeZ_q@=XQu>A7!9NoFhk2(f
z`P0SD2SVS!P|<b%|5oVq-x}zn+jSHkSoG)TX-pq#oSv)X-(@ZQHp@YNw#cW6|2pqo
z26{Hu$BhynF=JfiU?<=}zgg_3UKdA%{($U@E=f~0Y!domXDR>rw|!v!LFjKSP;~wc
z1?W4NjzY?3w*&nhu`@*S*lN+E-wpQ{&mNI~SFVFri2T6AReo^GyeJa-QK0u{XEf*(
z&(w8o63Y)Y2A|<(3wk_E7y6>5ivA*V4dY^=yDwApe4)=}x*!(dbD#$t=(h-+{uR3Q
za|hFh8b2*k^s}YEej)VZguY6Y{#)o5pQ7ZKi~Ro(y`S~vIhGe?3wRxL+NU+7<biiU
zcUk0g@gE|;R>rN)8~<YaLyZiXM?V&YY}`=jufI-qpyxZ#3moW6m_F1vTl$xO^NPBw
zgq~jFW>5GxJ18v|dXx0;znF{P1v%JX??8VLbjsVQ<LybJV|}3mg6Y%E-#FU<beEK^
z;7ten38oJ<zLj<DBvJa(K|XUR#d)YPZj_rPmx+81(*?1BT#;{-Jh@GHQ-mJ=k((*&
zg<c@^pNaiCp%*c|?|r<*BLDtqWru%b44rDGi?RhYiv07Ee{zJkO6c2MZl*jV^r+B7
zixpj8NB>;t0l9zjfXF}0bV013yfG9Eg>mv>x#9E8p0Ut3ht5&);Y6@Te-+M{@i+QH
zb-wai9J)kD?(`w~d=>S+s@nRcIHj;6RNol%m4%ydrd3@-Ee_AC$el9v+=;N<kC2a^
z{;FrWKAdOL*leh$zZK!Sx@M?YFdscMwu$P)Js^i?*}hOcANR&*Nr6;e?Jr-(6n_XP
zAI+!EgY)6wow5p5##uE!f32S%4$GNtzN#9s6mBf{C*|wvm-~HmsE%oBc`cp9g9g<4
z4Rt<<4=0KQd^mwcpYnyHop3@)b02!Dc=BYgJ{n0@|4MYmmV*+pQk9bDc=b_Avieu*
zx2ELDUKB_<K~A-o4`QLSfRbc7bj_Efn@3G?%*YhZs-pg|9z&JF>#H;2-{>eFA0lSy
z7OKOfB?H_Knc8e4Cxg@v*&1+es-;dHQ<I*o*MZfqwPgK$w31!X_kbxi7i?!vg)laK
zbPf*p7M-OQswwv^MHaw$IpfElJ7of9I?a+$1!f)&<uSkmBY(nVKE}yMXR-0%_xWZm
zEST%@dFIVT&QJ+Nmu+*l!tl+!Y+k|K!WodVaQGZI!*}tV`O^#L_~y@=wFrkg6&FmO
z<MH9lJxoR%@fZmBYklEBqrVcmINhz>R~`&=_Q2Uzx+QY_X{u69laFU=1<nu)(Q%P(
z_r-Gxr_b<B$eoZo8PY+T*vK`0zpoPKGoc2YJQS!$c*^;3p#J66iI`BwVU<2QkdV$J
z3Y0fA+r??1;P5ayq|Uc&ITBb^(C`%&&&9ORskC_R49cy=bjA@Mw}q(VXgioDpDYbj
z$8!02>`-HZj#VL#qWA1<?tkryu0h&f5ApJ9w7jVS@xXCtboQ#x5~+!~lPFTivpD9n
z47tx70KR~Kg~937UR{-sUKaB4k$cFvoI!Cumf`dBi#d{zB{G~^E3w1`{i#-zhvoGR
z&6We7Xw=eB&^cS33u&kk0WZ-xc00D}posQkc_^=5=A-i+ld_YH>QH?kC9oJ+fly^q
zh=xrC2BZX&0>eW{wURAZOp-JXfeZRWb_<p8A!M*^#3x8+Z}t-ab^aSgUe3DWrq@*2
z4qb%@m?t#UR+M3gt6{9YYH0K~;LK8<&vp-FD)CtG)!}d}I~ztTYWZ+RZP3!AHMA`V
z&?{Vgq#P!6Wj)-WeldrJfr(2NXkiSR>y$nrkB3uvT|*wagN6k42}V87XZ<#refGe<
z#RH5xJzuNpFuPPUd^Acz^(pa34Z(USlRMNIwrM(k5@zIl=;JUlUpR<^@8Fu+07#G8
zMh~Vj1keh#A)q7}sJBOs+aNthjfcD~k0B+|tU<W=q+PYouuLgV%yh=DPO)anqr8bR
z!>7-Z$C8}wajG?JbDcUrnI$EO&}oUhQb>33wg>H}E{9_@8jt|%8`#lQLG)N<6AfQ`
zvnkE0(ZDAMVoOJ%Oq#-Zy}&J9SQEe|4tpxq^W5sb13fv*F-saSIVB}x0IEX`VbgLl
zD=;-1%Nlst*93hPHC2e3CBB?j$y+^xlU~D@Mw%+M$o}@$`FwbnP+aBs@|>qOQVWf6
zu&m0@=UUs<>{HX~1v`MlP6JisGg2!>MtX`?BsFcg=SWnc^o^vcx27tIRMw-Z_G;^b
zRkC57z1+7@HtjQN%Ys2{;>|8GC#8&c?0w-&IZhZvqNg<gJzaw{d8bbG1<T6<mK=Dl
z^0^}1fP%G4DKGFSl`V>%?#U5I2T0O!gy^-hKoGm6I+!qB^3idLd?GHIX>XIyhow?B
z8qmNoiribgoc6nzVqmBv#wj-%=qe5(>>4<pyE-LDB>PkiNAw7X!0rP}Ap>xCtNfEx
zL{h9XRO^$Ywhjl1($L^Ou0`fiT}&~m!I7LsMNLpT)iO)vTz9pw>S2n^Q)|!($*D`p
F{{xocpDh3Y

literal 0
HcmV?d00001

diff --git a/test/ipsec_test/ipsec_server_src/compile.sh b/test/ipsec_test/ipsec_server_src/compile.sh
new file mode 100755
index 0000000..a38cdb0
--- /dev/null
+++ b/test/ipsec_test/ipsec_server_src/compile.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+gcc -o ipsec_server server.c `pkg-config --cflags --libs glib-2.0`
diff --git a/test/ipsec_test/ipsec_server_src/server.c b/test/ipsec_test/ipsec_server_src/server.c
new file mode 100755
index 0000000..07fd35f
--- /dev/null
+++ b/test/ipsec_test/ipsec_server_src/server.c
@@ -0,0 +1,2581 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+
+#include <errno.h>
+#include <unistd.h>
+#include <limits.h>
+#include <poll.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/stat.h>
+#include <arpa/inet.h>
+
+#include <glib.h>
+
+/* Compile Flags */
+
+#define ENABLE_DEBUG_MODE_DEBUG 1
+
+/* global utils */
+
+#define MAX_SIZE_ERROR_BUFFER 256
+#define MAX_STD_INPUT_BUF 1024
+
+#define SOCK_FD_MIN 3
+#define VICI_REQUEST_TIMEOUT 5000
+
+#define VICI_DEFAULT_URI "/var/run/charon.vici"
+
+#define RESET_COLOR "\e[m"
+#define MAKE_RED "\e[31m"
+#define MAKE_GREEN "\e[32m"
+
+#if 0
+#define __FUNC_ENTER__ printf("%s() entering...\n", __func__)
+#define __FUNC_EXIT__ printf("%s() leaving...\n", __func__)
+#else
+#define __FUNC_ENTER__
+#define __FUNC_EXIT__
+#endif
+
+/* loop data */
+
+GMainLoop *main_loop;
+
+
+/* setting data */
+
+#define STRONGSWAN_CONF_PATH "./server.conf"
+#define CONF_GROUP_NAME "strongswan"
+
+typedef enum {
+	IPSEC_HYBRID_RSA,
+	IPSEC_XAUTH_PSK,
+	IPSEC_XAUTH_RSA,
+	IPSEC_IKEV2_PSK,
+	IPSEC_IKEV2_RSA,
+} ipsec_type_e;
+
+struct {
+	int type;
+	const char *type_str;
+} ipsec_type_str[] =
+{
+		{IPSEC_HYBRID_RSA, "IPSEC_HYBRID_RSA"},
+		{IPSEC_XAUTH_PSK, "IPSEC_XAUTH_PSK"},
+		{IPSEC_XAUTH_RSA, "IPSEC_XAUTH_RSA"},
+		{IPSEC_IKEV2_PSK, "IPSEC_IKEV2_PSK"},
+		{IPSEC_IKEV2_RSA, "IPSEC_IKEV2_RSA"},
+};
+
+enum strongswan_conf_key {
+	STRONGSWAN_CONF_KEY_NONE,
+	LOCAL_IP,
+	LOCAL_TS,
+	CERT_PATH,
+	CA_CERT_PATH,
+	PRIVATE_PATH,
+	IKE_DATA,
+	IKE_OWNER,
+	XAUTH_DATA,
+	XAUTH_OWNER,
+	HYBRID_POOL,
+	XAUTH_PSK_POOL,
+	XAUTH_RSA__POOL,
+	IKEV2_PSK_POOL,
+	IKEV2_RSA_POOL,
+	STRONGSWAN_CONF_KEY_MAX,
+};
+
+struct key_value {
+	int key;
+	const char *key_name;
+	char *value;
+} strongswan_conf[] = {
+		{STRONGSWAN_CONF_KEY_NONE, NULL, NULL},
+		{LOCAL_IP, "local_ip", NULL},
+		{LOCAL_TS, "local_ts", NULL},
+		{CERT_PATH, "cert_path", NULL},
+		{CA_CERT_PATH, "ca_cert_path", NULL},
+		{PRIVATE_PATH, "private_path", NULL},
+		{IKE_DATA, "ike_data", NULL},
+		{IKE_OWNER, "ike_owner", NULL},
+		{XAUTH_DATA, "xauth_data", NULL},
+		{XAUTH_OWNER, "xauth_owner", NULL},
+		{HYBRID_POOL, "hybrid_pool", NULL},
+		{XAUTH_PSK_POOL, "xauth_psk_pool", NULL},
+		{XAUTH_RSA__POOL, "xauth_rsa_pool", NULL},
+		{IKEV2_PSK_POOL, "ikev2_psk_pool", NULL},
+		{IKEV2_RSA_POOL, "ikev2_rsa_pool", NULL},
+};
+
+GKeyFile *g_conf_key_file;
+
+/* socket data */
+
+enum vici_packet_type {
+	VICI_CMD_REQUEST = 0,
+	VICI_CMD_RESPONSE = 1,
+	VICI_CMD_UNKNOWN = 2,
+	VICI_EVENT_REGISTER = 3,
+	VICI_EVENT_UNREGISTER = 4,
+	VICI_EVENT_CONFIRM = 5,
+	VICI_EVENT_UNKNOWN = 6,
+	VICI_EVENT = 7,
+};
+
+int g_client_sock;
+
+unsigned int g_pkt_size = 0;
+
+/* req data */
+
+typedef void (*process_return)(unsigned char *buf, unsigned int size);
+
+struct request {
+	unsigned int allocated;
+	unsigned int used;
+	unsigned int hdr_len;
+	char *buf;
+	int err;
+	/* io data */
+	int client_sock;
+	int client_source_sock_id;
+	int client_source_idle_id;
+	int client_source_timeout_id;
+	/* process reply */
+	unsigned int rcv_pkt_size;
+	process_return handler;
+	/* davici_cb cb; */
+	void *user;
+};
+
+GSList *g_req_list = NULL;
+
+/* message data */
+
+enum vici_element {
+	/** valid end of message */
+	VICI_END = 0,
+	/** begin of a section */
+	VICI_SECTION_START = 1,
+	/** end of a section */
+	VICI_SECTION_END = 2,
+	/** key/value pair */
+	VICI_KEY_VALUE = 3,
+	/** begin of a list */
+	VICI_LIST_START = 4,
+	/** list item */
+	VICI_LIST_ITEM = 5,
+	/** end of a list */
+	VICI_LIST_END = 6,
+};
+
+GSList *msg_list = NULL;
+
+/* declaration */
+
+void __process_packet(unsigned char *buf, unsigned int size);
+
+
+/* sock func */
+
+static int __str_to_sock_addr(const char *uri, struct sockaddr_un *addr)
+{
+	memset(addr, 0, sizeof(*addr));
+	addr->sun_family = AF_UNIX;
+	strncpy(addr->sun_path, uri, sizeof(addr->sun_path));
+
+	addr->sun_path[sizeof(addr->sun_path)-1] = '\0';
+
+	return offsetof(struct sockaddr_un, sun_path) + strlen(addr->sun_path);
+}
+
+static int __check_socket(int sock)
+{
+	struct pollfd p_fd;
+	char error_buf[MAX_SIZE_ERROR_BUFFER] = {0, };
+	int res = 0;
+
+	p_fd.fd = sock;
+	p_fd.events = POLLIN | POLLOUT | POLLERR | POLLHUP | POLLNVAL;
+	res = poll((struct pollfd *) &p_fd, 1, 1);
+
+	if (res < 0) {
+		strerror_r(errno, error_buf, MAX_SIZE_ERROR_BUFFER);
+		printf("Polling error from socket[%d]. [%s]\n", sock, error_buf);
+		return -1;
+	} else if (res == 0) {
+		printf( "poll timeout. socket is busy\n");
+		return 1;
+	} else {
+
+		if (p_fd.revents & POLLERR) {
+			printf("Error! POLLERR from socket[%d]\n", sock);
+			return -1;
+		} else if (p_fd.revents & POLLHUP) {
+			printf("Error! POLLHUP from socket[%d]\n", sock);
+			return -1;
+		} else if (p_fd.revents & POLLNVAL) {
+			printf("Error! POLLNVAL from socket[%d]\n", sock);
+			return -1;
+		} else if (p_fd.revents & POLLIN) {
+#ifdef ENABLE_DEBUG_MODE_INFO
+			printf("POLLIN from socket [%d]\n", sock);
+#endif
+			return 0;
+		} else if (p_fd.revents & POLLOUT) {
+#ifdef ENABLE_DEBUG_MODE_INFO
+			printf("POLLOUT from socket [%d]\n", sock);
+#endif
+			return 0;
+		}
+	}
+
+	printf("Unknown poll event [%d]\n", p_fd.revents);
+	return -1;
+}
+
+static int __write_sock(int sock, char *data, int data_len)
+{
+	char error_buf[MAX_SIZE_ERROR_BUFFER] = {0, };
+	int wbytes = 0;
+	int left_len = data_len;
+	char *ptr = data;
+	int res = 0;
+
+	if (sock < SOCK_FD_MIN || !data || data_len < 0) {
+		printf("Invalid parameter\n");
+		return -1;
+	}
+
+	res = __check_socket(sock);
+	if (res < 0) {
+		printf("Socket error\n");
+		return -1;
+	} else if (res > 0) {
+		printf("Socket is busy\n");
+		return -2;
+	}
+
+	errno = 0;
+	while (left_len) {
+		wbytes = write(sock, ptr, left_len);
+		if (wbytes <= 0) {
+			strerror_r(errno, error_buf, MAX_SIZE_ERROR_BUFFER);
+			printf("Failed to write data into socket[%d]. [error=%s]\n", sock, error_buf);
+			break;
+		}else if (wbytes < left_len) {
+#ifdef ENABLE_DEBUG_MODE_INFO
+			printf("%d bytes left. Continue sending...\n", left_len - wbytes);
+#endif
+			left_len -= wbytes;
+			ptr += wbytes;
+		} else if (wbytes == left_len) {
+#ifdef ENABLE_DEBUG_MODE_INFO
+			printf("Succeeded to write data[%d bytes] into socket [%d]\n", wbytes, sock);
+#endif
+			left_len = 0;
+		} else {
+			strerror_r(errno, error_buf, MAX_SIZE_ERROR_BUFFER);
+			printf("Unknown error occurred. [%s]\n", error_buf);
+			break;
+		}
+	}
+
+	if (left_len)
+		return -1;
+	else
+		return 0;
+}
+
+static int __read_sock(int sock, unsigned char *data, unsigned int data_len)
+{
+	int rbytes = 0;
+	int total_rbytes = 0;
+
+	if (sock < SOCK_FD_MIN || !data || data_len <= 0) {
+		printf("Invalid parameter\n");
+		return -1;
+	}
+
+
+	while (data_len > 0) {
+		errno = 0;
+		rbytes = read(sock, data, data_len);
+		printf("read [%d]\n", rbytes);
+		if (rbytes <= 0) {
+			printf("Failed to read data from socket[%d]\n", sock);
+			return -1;
+		}
+		total_rbytes += rbytes;
+		data += rbytes;
+		data_len -= rbytes;
+#ifdef ENABLE_DEBUG_MODE_INFO
+		printf("data_len %u total_rbytes %d rbytes %d\n", data_len, total_rbytes, rbytes);
+#endif
+	}
+
+#ifdef ENABLE_DEBUG_MODE_INFO
+	printf("exit while data_len %u total_rbytes %d rbytes %d\n", data_len, total_rbytes, rbytes);
+#endif
+	return total_rbytes;
+}
+
+int connect_sock(const char *uri)
+{
+	struct sockaddr_un addr;
+	char error_buf[MAX_SIZE_ERROR_BUFFER] = {0, };
+	int len, fd;
+
+	len = __str_to_sock_addr(uri, &addr);
+	if (len == -1)
+	{
+		printf("invalid stream URI: '%s'", uri);
+		return -1;
+	}
+
+	fd = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (fd < 0) {
+		strerror_r(errno, error_buf, MAX_SIZE_ERROR_BUFFER);
+		printf("Failed to get socket. [%s]\n", error_buf);
+		return -1;
+	}
+
+	if (connect(fd, (struct sockaddr*)&addr, len) < 0) {
+		strerror_r(errno, error_buf, MAX_SIZE_ERROR_BUFFER);
+		printf("Failed to connect client. [%s]\n", error_buf);
+		close(fd);
+		return -1;
+	}
+
+	return fd;
+}
+
+void disconnect()
+{
+	GSList *list = NULL;
+	struct request *req = NULL;
+
+	printf("list length [%d]\n", g_slist_length(g_req_list));
+
+	for (list = g_req_list; list != NULL; list = list->next) {
+		req = list->data;
+		if (req == NULL)
+			continue;
+
+#ifdef ENABLE_DEBUG_MODE_INFO
+		printf("destroy_request [%s]\n", req->buf + 2);
+#endif
+		g_req_list = g_slist_remove(g_req_list, req);
+		g_free(req->buf);
+		g_free(req);
+		req = NULL;
+	}
+	close(g_client_sock);
+}
+
+/* req func */
+
+void destroy_request(gpointer user_data)
+{
+	struct request *req = NULL;
+	req = (struct request *)user_data;
+	if (!req) {
+		printf("Invalid parameter\n");
+		return;
+	}
+
+#ifdef ENABLE_DEBUG_MODE_INFO
+	printf("destroy_request [%s]\n", req->buf + 2);
+#endif
+	g_req_list = g_slist_remove(g_req_list, req);
+	close(req->client_sock);
+	g_free(req->buf);
+	g_free(req);
+	req = NULL;
+	return;
+}
+
+gboolean end_connect(gpointer user_data)
+{
+	disconnect();
+	return FALSE;
+}
+
+gboolean send_request(gpointer user_data)
+{
+	struct request *req = NULL;
+	unsigned int size = 0;
+	int res = 0;
+
+	req = (struct request *)user_data;
+	if (req == NULL) {
+		printf("request is NULL\n");
+		return FALSE;
+	}
+
+	printf("send_request [%s]\n", req->buf + 2);
+	size = htonl(req->used);
+	res = __write_sock(g_client_sock, (unsigned char *)&size, sizeof(size));
+	if (res != 0) {
+		printf("failed to send size with network byte order\n");
+	}
+
+	res = __write_sock(g_client_sock, req->buf, req->used);
+	if (res != 0) {
+		printf("failed to send pkt\n");
+	}
+
+	return FALSE;
+}
+
+static void* add_element(struct request *r, enum vici_element type,
+						 unsigned int size)
+{
+	unsigned int newlen;
+	void *ret, *new;
+
+	if (r->used + size + 1 > r->allocated)
+	{
+		newlen = r->allocated;
+		while (newlen < r->used + size + 1)
+		{
+			newlen *= 2;
+		}
+		new = realloc(r->buf, newlen);
+		if (!new)
+		{
+			r->err = -errno;
+			return NULL;
+		}
+		r->buf = new;
+		r->allocated = newlen;
+	}
+	r->buf[r->used++] = type;
+	ret = r->buf + r->used;
+	r->used += size;
+	return ret;
+}
+
+void vici_section_start(struct request *r, const char *name)
+{
+	uint8_t nlen;
+	char *pos;
+
+	nlen = strlen(name);
+	pos = add_element(r, VICI_SECTION_START, 1 + nlen);
+	if (pos)
+	{
+		pos[0] = nlen;
+		memcpy(pos + 1, name, nlen);
+	}
+}
+
+void vici_section_end(struct request *r)
+{
+	add_element(r, VICI_SECTION_END, 0);
+}
+
+void vici_kv(struct request *r, const char *name,
+			   const void *buf, unsigned int buflen)
+{
+	uint8_t nlen;
+	uint16_t vlen;
+	char *pos;
+
+	nlen = strlen(name);
+	pos = add_element(r, VICI_KEY_VALUE, 1 + nlen + sizeof(vlen) + buflen);
+	if (pos)
+	{
+		pos[0] = nlen;
+		memcpy(pos + 1, name, nlen);
+		vlen = htons(buflen);
+		memcpy(pos + 1 + nlen, &vlen, sizeof(vlen));
+		memcpy(pos + 1 + nlen + sizeof(vlen), buf, buflen);
+	}
+}
+
+
+void vici_list_start(struct request *r, const char *name)
+{
+	uint8_t nlen;
+	char *pos;
+
+	nlen = strlen(name);
+	pos = add_element(r, VICI_LIST_START, 1 + nlen);
+	if (pos)
+	{
+		pos[0] = nlen;
+		memcpy(pos + 1, name, nlen);
+	}
+}
+
+void vici_list_item(struct request *r, const void *buf,
+					  unsigned int buflen)
+{
+	uint16_t vlen;
+	char *pos;
+
+	pos = add_element(r, VICI_LIST_ITEM, sizeof(vlen) + buflen);
+	if (pos)
+	{
+		vlen = htons(buflen);
+		memcpy(pos, &vlen, sizeof(vlen));
+		memcpy(pos + sizeof(vlen), buf, buflen);
+	}
+}
+
+void vici_list_end(struct request *r)
+{
+	add_element(r, VICI_LIST_END, 0);
+}
+
+int create_request(enum vici_packet_type type, const char *name,
+						  struct request **rp)
+{
+	struct 	request *req;
+	char error_buf[MAX_SIZE_ERROR_BUFFER] = {0, };
+	int err;
+	__FUNC_ENTER__;
+
+	if (!name || !rp) {
+		printf("Invalid parameter\n");
+		return -1;
+	}
+
+	req = (struct request *)g_try_malloc0(sizeof(*req));
+	if (!req) {
+		strerror_r(errno, error_buf, MAX_SIZE_ERROR_BUFFER);
+		printf("Failed allocate memory. [%s]\n", error_buf);
+		return -1;
+	}
+
+	req->used = 2;
+	req->used += strlen(name);
+	req->allocated = MIN(32, req->used);
+	req->buf = (char *)g_try_malloc0(req->allocated);
+	if (!req->buf) {
+		strerror_r(errno, error_buf, MAX_SIZE_ERROR_BUFFER);
+		printf("Failed allocate memory. [%s]\n", error_buf);
+		g_free(req);
+		return -1;
+	}
+	req->buf[0] = type;
+	req->buf[1] = req->used - 2; /* except for type and name length */
+	memcpy(req->buf + 2, name, req->used - 2);
+	req->hdr_len = req->used;
+
+	req->handler = __process_packet;
+
+	req->client_sock = connect_sock(VICI_DEFAULT_URI);
+	if (req->client_sock <= 0) {
+		printf("error on connect_sock\n");
+		g_free(req);
+		return -1;
+	}
+
+	*rp = req;
+	g_req_list = g_slist_append(g_req_list, req);
+
+	__FUNC_EXIT__;
+	return 0;
+}
+
+/* need to add several functionalities */
+
+void __process_message(int elem_type, char *value, int sections)
+{
+	int i = 0;
+
+	switch(elem_type) {
+	case VICI_SECTION_START:
+	{
+		for (i = 0; i < sections - 1; i++)
+			printf("\t");
+		printf("%s = {\n", value);
+	}
+		break;
+	case VICI_SECTION_END:
+	{
+		for (i = 0; i < sections; i++)
+			printf("\t");
+		printf("}\n");
+	}
+		break;
+	case VICI_KEY_VALUE:
+	{
+		for (i = 0; i < sections; i++)
+			printf("\t");
+		printf("%s\n", value);
+	}
+		break;
+	case VICI_LIST_START:
+	{
+		for (i = 0; i < sections; i++)
+			printf("\t");
+		printf("%s = [", value);
+	}
+		break;
+	case VICI_LIST_ITEM:
+	{
+		printf("%s, ", value);
+	}
+		break;
+	case VICI_LIST_END:
+	{
+		printf("]\n");
+	}
+		break;
+	default:
+		break;
+	}
+}
+
+void __process_response(unsigned char *buf, unsigned int size)
+{
+	struct request *req = NULL;
+	char temp[255];
+	unsigned int pos = 0;
+	int len = 0;
+	int sections = 0;
+	int list_elems = 0;
+	int type = -1;
+
+	if (buf == NULL || size == 0)
+		return;
+
+	pos = 1;
+	while (pos < size) {
+
+		type = buf[pos];
+		pos++;
+		switch (type) {
+		case VICI_SECTION_START:
+		{
+			len = buf[pos];
+			pos++;
+			g_strlcpy(temp, (const gchar *)&buf[pos], len + 1);
+			pos+=len;
+			sections++;
+		}
+			break;
+		case VICI_SECTION_END:
+		{
+			sections--;
+		}
+			break;
+		case VICI_KEY_VALUE:
+		{
+			int key_len = 0;
+			int value_len = 0;
+
+			key_len = buf[pos];
+			pos++;
+			g_strlcpy(temp, (const gchar *)&buf[pos], key_len + 1);
+			temp[key_len] = '=';
+			pos+=(key_len + 1);
+			value_len = buf[pos];
+			pos++;
+			g_strlcpy(temp + key_len + 1, (const gchar *)&buf[pos], value_len + 1);
+			pos+=value_len;
+			len = key_len + 1 + value_len;
+		}
+			break;
+		case VICI_LIST_START:
+		{
+			len = buf[pos];
+			pos++;
+			g_strlcpy(temp, (const gchar *)&buf[pos], len + 1);
+			pos+=len;
+		}
+			break;
+		case VICI_LIST_ITEM:
+		{
+			pos++;
+			len = buf[pos];
+			pos++;
+			g_strlcpy(temp, (const gchar *)&buf[pos], len + 1);
+			pos+=len;
+		}
+			break;
+		case VICI_LIST_END:
+		{
+		}
+			break;
+		default:
+			break;
+		}
+		__process_message(type, temp, sections);
+	}
+	printf("end process\n");
+	return;
+}
+
+
+void __process_packet(unsigned char *buf, unsigned int size)
+{
+
+	int i = 0;
+
+#ifdef ENABLE_DEBUG_MODE_INFO
+	for (i = 0; i < size; i++)
+		printf("%02x ", buf[i]);
+	printf("\n");
+#endif
+	switch (buf[0])
+	{
+	case VICI_CMD_REQUEST:
+	{
+		printf("VICI_CMD_REQUEST\n");
+	}
+		break;
+	case VICI_CMD_RESPONSE:
+	{
+		printf("VICI_CMD_RESPONSE\n");
+		__process_response(buf, size);
+	}
+		break;
+	case VICI_CMD_UNKNOWN:
+	{
+		printf("VICI_CMD_UNKNOWN\n");
+	}
+		break;
+	case VICI_EVENT_REGISTER:
+	{
+		printf("VICI_EVENT_REGISTER\n");
+	}
+		break;
+	case VICI_EVENT_UNREGISTER:
+	{
+		printf("VICI_EVENT_UNREGISTER\n");
+	}
+		break;
+	case VICI_EVENT_CONFIRM:
+	{
+		printf("VICI_EVENT_CONFIRM\n");
+	}
+		break;
+	case VICI_EVENT_UNKNOWN:
+	{
+		printf("VICI_EVENT_UNKNOWN\n");
+	}
+		break;
+	case VICI_EVENT:
+	{
+		printf("VICI_EVENT\n");
+	}
+		break;
+	default:
+		printf("default\n");
+		break;
+	}
+	return;
+}
+
+
+/* glib2.0-IO function */
+
+int send_request_gio(GIOFunc process_reply, GSourceFunc send_request, GSourceFunc destroy_req, gpointer user_data);
+
+gboolean destroy_source_gio(gpointer user_data);
+gboolean send_request_gio_in_idle(gpointer user_data);
+static gboolean process_gio_source_sock(GIOChannel *source,
+					   GIOCondition condition,
+					   gpointer user_data);
+
+int send_request_gio(GIOFunc process_reply, GSourceFunc send_request, GSourceFunc destroy_req_gio, gpointer user_data)
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	req = (struct request *)user_data;
+	if (!req) {
+		printf("Invalid parameter\n");
+		return -1;
+	}
+	GIOChannel *gio = g_io_channel_unix_new(req->client_sock);
+	req->client_source_sock_id = g_io_add_watch_full(gio,
+						 G_PRIORITY_LOW,
+						 G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL,
+						 (GIOFunc)process_reply,
+						 (gpointer)req,
+						 NULL);
+	g_io_channel_unref(gio);
+
+	req->client_source_idle_id = g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, (GSourceFunc)send_request,
+			(gpointer)req, NULL);
+
+	/* TODO: think more on destroy function */
+	req->client_source_timeout_id = g_timeout_add(VICI_REQUEST_TIMEOUT, (GSourceFunc)destroy_req_gio, (gpointer)req);
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+gboolean destroy_source_gio(gpointer user_data)
+{
+	struct request *req = NULL;
+	__FUNC_ENTER__;
+
+	req = (struct request *)user_data;
+	if (!req) {
+		printf("Invalid parameter\n");
+		return FALSE;
+	}
+
+	if (req->client_source_idle_id != 0)
+		g_source_remove(req->client_source_idle_id);
+	if (req->client_source_sock_id != 0)
+		g_source_remove(req->client_source_sock_id);
+	g_source_remove(req->client_source_timeout_id);
+	destroy_request(req);
+
+	__FUNC_EXIT__;
+	return FALSE;
+}
+
+gboolean send_request_gio_in_idle(gpointer user_data)
+{
+	struct request *req = NULL;
+	unsigned int size = 0;
+	int res = 0;
+	__FUNC_ENTER__;
+
+	req = (struct request *)user_data;
+	if (req == NULL) {
+		printf("request is NULL\n");
+		__FUNC_EXIT__;
+		return FALSE;
+	}
+
+	req->client_source_idle_id = 0;
+	printf("send_request [%s]\n", req->buf + 2);
+	size = htonl(req->used);
+	res = __write_sock(req->client_sock, (unsigned char *)&size, sizeof(size));
+	if (res != 0) {
+		printf("failed to send size with network byte order\n");
+		destroy_source_gio(req);
+		__FUNC_EXIT__;
+		return FALSE;
+	}
+
+	res = __write_sock(req->client_sock, req->buf, req->used);
+	if (res != 0) {
+		printf("failed to send pkt\n");
+		destroy_source_gio(req);
+		__FUNC_EXIT__;
+		return FALSE;
+	}
+
+	return FALSE;
+}
+
+static gboolean process_gio_source_sock(GIOChannel *source,
+					   GIOCondition condition,
+					   gpointer user_data)
+{
+	struct request *req = NULL;
+	unsigned int pkt_size = 0;
+	unsigned char *buf = NULL;
+	int sock = 0;
+	int res = 0;
+	__FUNC_ENTER__;
+
+	req = (struct request *)user_data;
+	if (!req) {
+		printf("Invalid parameter\n");
+		__FUNC_EXIT__;
+		return FALSE;
+	}
+
+	sock = g_io_channel_unix_get_fd(source);
+	if (sock < SOCK_FD_MIN) {
+		printf("Invalid argument\n");
+		__FUNC_EXIT__;
+		return FALSE;
+	}
+
+	if ((condition & G_IO_ERR) || (condition & G_IO_HUP) || (condition & G_IO_NVAL)) {
+		printf("G_IO_ERR/G_IO_HUP/G_IO_NVAL received sock [%d] condition [%d]\n", sock, condition);
+		req->client_source_idle_id = 0;
+		destroy_source_gio(req);
+		__FUNC_EXIT__;
+		return FALSE;
+	}
+#ifdef ENABLE_DEBUG_MODE_INFO
+	printf("condition [%d] sock [%d]\n",condition, sock);
+#endif
+	if (req->rcv_pkt_size == 0) {
+#ifdef ENABLE_DEBUG_MODE_INFO
+		printf("read packet size\n");
+#endif
+		if (__read_sock(sock, (unsigned char *)&pkt_size, sizeof(pkt_size)) < 0) {
+			printf("read packet size failed\n");
+			req->client_source_idle_id = 0;
+			destroy_source_gio(req);
+			__FUNC_EXIT__;
+			return FALSE;
+		}
+
+		req->rcv_pkt_size = ntohl(pkt_size);
+#ifdef ENABLE_DEBUG_MODE_INFO
+		printf("packet size [%u]\n", req->rcv_pkt_size);
+#endif
+	} else {
+		buf = g_try_malloc0(req->rcv_pkt_size);
+		if (buf == NULL) {
+			printf("Failed to allocate memory\n");
+			req->client_source_idle_id = 0;
+			destroy_source_gio(req);
+			__FUNC_EXIT__;
+			return FALSE;
+		}
+#ifdef ENABLE_DEBUG_MODE_INFO
+		printf("read packet\n");
+#endif
+		if (__read_sock(sock, buf, req->rcv_pkt_size) < 0) {
+			printf("read packet failed\n");
+			req->client_source_idle_id = 0;
+			destroy_source_gio(req);
+			g_free(buf);
+			__FUNC_EXIT__;
+			return FALSE;
+		}
+#ifdef ENABLE_DEBUG_MODE_INFO
+		printf("[%s]\n", req->buf + 2);
+#endif
+		req->handler(buf, req->rcv_pkt_size);
+		g_free(buf);
+		req->rcv_pkt_size = 0;
+	}
+	__FUNC_EXIT__;
+	return TRUE;
+}
+
+/* test load-conn */
+
+typedef void (*destroy_data)(void *data);
+
+typedef struct section {
+	char *id_str;
+	GHashTable *kv;
+	GHashTable *kvl;
+	void *data;
+	destroy_data destroy_func;
+} section_s;
+
+typedef struct conn {
+	GSList *locals;
+	GSList *remotes;
+	GSList *children;
+} conn_s;
+
+typedef enum
+{
+	EAP,
+	XAUTH,
+	IKE,
+	PRIVATE,
+	RSA,
+	ECDSA,
+	PKCS8,
+	PKCS12,
+} secret_type_e;
+
+typedef struct secret {
+	secret_type_e type;
+} secret_s;
+
+typedef struct setting {
+	GSList *conns;
+	GSList *secrets;
+	GSList *pools;
+	GSList *authorities;
+} setting_s;
+
+
+/* create swanctl.conf */
+/* add <conn> 			*/
+/*	add local 		*/
+/*	add remote 		*/
+/*	add children 		*/
+/* add secrets			*/
+/* add pools			*/
+/* add authorities		*/
+
+static void __remove_list(gpointer data)
+{
+	GSList *list = NULL;
+	char *value = NULL;
+
+	if (data == NULL)
+		return;
+
+	g_slist_free_full(list, g_free);
+}
+
+section_s *get_section(GSList *list, const char *id_str)
+{
+	section_s *section = NULL;
+	__FUNC_ENTER__;
+
+	if (list == NULL)
+		return NULL;
+
+	for (; list; list = list->next) {
+		section = list->data;
+		if (section && g_strcmp0(id_str, section->id_str) == 0)
+			break;
+		section = NULL;
+	}
+
+	__FUNC_EXIT__;
+	return section;
+}
+
+section_s *add_section(GSList **list, const char *id_str)
+{
+	section_s *section = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	section = get_section(*list, id_str);
+	if (section)
+		return section;
+
+	section = g_try_malloc0(sizeof(section_s));
+	if (section == NULL)
+		return section;
+
+	section->id_str = g_strdup(id_str);
+	section->kv = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
+	section->kvl = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, __remove_list);
+	*list = g_slist_prepend(*list, section);
+	printf("%s %d\n", id_str, g_slist_length(*list));
+	__FUNC_EXIT__;
+	return section;
+}
+
+void del_section(GSList *list, const char *id_str)
+{
+	section_s *section = NULL;
+	__FUNC_ENTER__;
+
+	section = get_section(list, id_str);
+	if (section == NULL)
+		return;
+
+	list = g_slist_remove(list, section);
+	g_hash_table_remove_all(section->kv);
+	g_hash_table_remove_all(section->kvl);
+	g_free(section->id_str);
+	if (section->destroy_func)
+		section->destroy_func(section->data);
+	g_free(section);
+
+	__FUNC_EXIT__;
+	return;
+}
+
+void add_section_kv(section_s *section, char *key, char *value)
+{
+	if (section == NULL || key == NULL || value == NULL)
+		return;
+	g_hash_table_insert(section->kv, g_strdup(key), g_strdup(value));
+	return;
+}
+
+void add_section_kvl(section_s *section, char *key, GSList *list)
+{
+	if (section == NULL || key == NULL || list == NULL)
+		return;
+
+	g_hash_table_insert(section->kvl, g_strdup(key), g_slist_copy(list));
+	return;
+}
+
+void add_section_kv_args(section_s *section, char *key, int num_args, ...)
+{
+	GSList *list = NULL;
+	va_list args_ptr;
+	char *temp = NULL;
+	int i = 0;
+	__FUNC_ENTER__;
+
+	if (section == NULL || key == NULL || num_args == 0)
+		return;
+
+	va_start(args_ptr, num_args);
+	for(i = 0; i < num_args; i++) {
+		temp = va_arg(args_ptr, char *);
+		list = g_slist_prepend(list, g_strdup(temp));
+	}
+
+	g_hash_table_insert(section->kvl, g_strdup(key), list);
+	__FUNC_EXIT__;
+	return;
+}
+
+/* write section into req */
+
+typedef void (*handle_data)(void *data, struct request *req);
+
+void write_section_kv(section_s *section, struct request *req)
+{
+	GHashTableIter iter;
+	gpointer key, value;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	if (section == NULL || req == NULL)
+		return;
+
+	g_hash_table_iter_init (&iter, section->kv);
+	while (g_hash_table_iter_next (&iter, &key, &value))
+	{
+		if (!key || !value)
+			continue;
+		vici_kv(req, (const char*)key, (const void *)value, strlen((char *)value));
+	}
+	__FUNC_EXIT__;
+	return;
+}
+
+static void __write_vl(gpointer data, gpointer user_data)
+{
+	struct request *req = NULL;
+	char *value = NULL;
+	__FUNC_ENTER__;
+
+	if (!data || !user_data)
+		return;
+
+	value = (char *)data;
+	req = (struct request *)user_data;
+	vici_list_item(req, value, strlen(value));
+
+	__FUNC_EXIT__;
+	return;
+}
+
+void write_section_kvl(section_s *section, struct request *req)
+{
+	GHashTableIter iter;
+	gpointer key, value;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	if (section == NULL || req == NULL)
+		return;
+
+	g_hash_table_iter_init (&iter, section->kvl);
+	while (g_hash_table_iter_next (&iter, &key, &value))
+	{
+		if (!key || !value)
+			continue;
+
+		vici_list_start(req, key);
+		g_slist_foreach((GSList *)value, (GFunc)__write_vl, (gpointer)req);
+		vici_list_end(req);
+	}
+	__FUNC_EXIT__;
+	return;
+}
+
+void write_section(section_s *section, handle_data handler, struct request *req)
+{
+	if (section == NULL || req == NULL)
+		return;
+	vici_section_start(req, section->id_str);
+	write_section_kv(section, req);
+	if(handler)
+		handler(section->data, req);
+	vici_section_end(req);
+	return;
+}
+
+void write_section_list(GSList *list, handle_data handler, struct request *req)
+{
+	GSList *temp = NULL;
+	section_s *section = NULL;
+	__FUNC_ENTER__;
+
+	if(list == NULL || req == NULL)
+		return;
+
+	for (; list; list = list->next) {
+		section = list->data;
+		if (!section)
+			continue;
+
+		vici_section_start(req, section->id_str);
+		write_section_kv(section, req);
+		write_section_kvl(section, req);
+		if(handler)
+			handler(section->data, req);
+		vici_section_end(req);
+	}
+
+	__FUNC_EXIT__;
+	return;
+}
+
+void handle_conns(void *data, struct request *req)
+{
+	conn_s *conn = NULL;
+	__FUNC_ENTER__;
+
+	if (data == NULL || req == NULL)
+		return;
+
+	conn = (conn_s *)data;
+	write_section_list(conn->locals, NULL, req);
+	write_section_list(conn->remotes, NULL, req);
+	vici_section_start(req, "children");
+	write_section_list(conn->children, NULL, req);
+	vici_section_end(req);
+	__FUNC_EXIT__;
+	return;
+}
+
+static unsigned char *get_file(const char *file_path, unsigned long long *size)
+{
+	struct stat st;
+	FILE *fp = NULL;
+	int fd = 0;
+	unsigned long long file_size = 0;
+	unsigned char *file_buff = NULL;
+
+	if (!file_path) {
+		printf("Invalid file_path!\n");
+		return NULL;
+	}
+
+	fp = fopen(file_path, "rb");
+	if (!fp) {
+		printf("fopen for %s failed!\n", file_path);
+		return NULL;
+	}
+	fd = fileno(fp);
+	fstat(fd, &st);
+	file_size = st.st_size;
+	file_buff = g_try_malloc0(sizeof(char)*st.st_size);
+	if (file_buff == NULL) {
+		printf("g_try_malloc0 failed\n");
+		fclose(fp);
+		__FUNC_EXIT__;
+		return NULL;
+	}
+	fread(file_buff, 1, file_size, fp);
+	fclose(fp);
+	fp = NULL;
+	fd = 0;
+
+	*size = file_size;
+	return file_buff;
+}
+
+typedef conn_s *(*create_conn)(setting_s *setting);
+typedef void (*destroy_conn)(conn_s *conn);
+
+static conn_s * create_conn_for_hybrid(setting_s *setting);
+static conn_s * create_conn_for_xauth_psk(setting_s *setting);
+static conn_s * create_conn_for_xauth_rsa(setting_s *setting);
+static conn_s * create_conn_for_ikev2_psk(setting_s *setting);
+static conn_s * create_conn_for_ikev2_rsa(setting_s *setting);
+
+static void destroy_conn_for_hybrid(conn_s *conn);
+static void destroy_conn_for_xauth_psk(conn_s *conn);
+static void destroy_conn_for_xauth_rsa(conn_s *conn);
+static void destroy_conn_for_ikev2_psk(conn_s *conn);
+static void destroy_conn_for_ikev2_rsa(conn_s *conn);
+
+struct ipsec_type_id_value {
+	int id;
+	const char *head;
+	const char *conn_name;
+	const char *child_name;
+	const char *pool_name;
+	create_conn create;
+	destroy_conn destroy;
+} ipsec_info[] = {
+		{IPSEC_HYBRID_RSA, "IPsec Hybrid RSA",
+				"conn_hybrid", "child_hybrid", "pool_hybrid",
+				create_conn_for_hybrid, destroy_conn_for_hybrid},
+
+		{IPSEC_XAUTH_PSK, "IPsec Xauth PSK",
+				"conn_xauth_psk", "child_xauth_psk", "pool_xauth_psk",
+				create_conn_for_xauth_psk, destroy_conn_for_xauth_psk},
+
+		{IPSEC_XAUTH_RSA, "IPsec Xauth RSA",
+				"conn_xauth_rsa", "child_xauth_rsa", "pool_xauth_rsa",
+				create_conn_for_xauth_rsa, destroy_conn_for_xauth_rsa},
+
+		{IPSEC_IKEV2_PSK, "IPsec IKEv2 PSK",
+				"conn_ikev2_psk", "child_ikev2_psk", "pool_ikev2_psk",
+				create_conn_for_ikev2_psk, destroy_conn_for_ikev2_psk},
+
+		{IPSEC_IKEV2_RSA, "IPsec IKEv2 RSA",
+				"conn_ikev2_rsa", "child_ikev2_rsa", "pool_ikev2_rsa",
+				create_conn_for_ikev2_rsa, destroy_conn_for_ikev2_rsa},
+};
+
+static void add_default_conn_value(section_s *section)
+{
+	add_section_kv_args(section, "local_addrs", 1, strongswan_conf[LOCAL_IP].value);
+	add_section_kv_args(section, "remote_addrs", 1, "%any");
+
+	add_section_kv(section, "keyingtries", "1");
+	add_section_kv(section, "reauth_time", "0");
+	add_section_kv(section, "rekey_time", "4h");
+
+	return;
+}
+
+static void add_default_child_value(section_s *section)
+{
+	add_section_kv_args(section, "local_ts", 1, strongswan_conf[LOCAL_TS].value);
+	add_section_kv(section, "start_action", "none");
+	add_section_kv(section, "updown", "/usr/local/libexec/ipsec/_updown iptables");
+	add_section_kv(section, "rekey_time", "10m");
+
+	return;
+}
+
+static void add_proposals_for_ikev1(section_s *section)
+{
+	GSList *list = NULL;
+	list = g_slist_append(list, g_strdup("aes256-sha256-modp1024"));
+	list = g_slist_append(list, g_strdup("aes128-sha256-modp1024"));
+	list = g_slist_append(list, g_strdup("aes256-sha1-modp1024"));
+	list = g_slist_append(list, g_strdup("aes128-sha1-modp1024"));
+	list = g_slist_append(list, g_strdup("aes256-md5-modp1024"));
+	list = g_slist_append(list, g_strdup("aes128-md5-modp1024"));
+	list = g_slist_append(list, g_strdup("3des-sha1-modp1024"));
+	list = g_slist_append(list, g_strdup("3des-md5-modp1024"));
+	add_section_kvl(section, "proposals", list);
+	list = NULL;
+
+	return;
+}
+
+static void add_esp_proposals_for_ikev1(section_s *section)
+{
+	GSList *list = NULL;
+	list = g_slist_append(list, g_strdup("aes256-sha256"));
+	list = g_slist_append(list, g_strdup("aes128-sha256"));
+	list = g_slist_append(list, g_strdup("aes256-sha1"));
+	list = g_slist_append(list, g_strdup("aes128-sha1"));
+	list = g_slist_append(list, g_strdup("aes256-md5"));
+	list = g_slist_append(list, g_strdup("aes128-md5"));
+	list = g_slist_append(list, g_strdup("3des-sha1"));
+	list = g_slist_append(list, g_strdup("3des-md5"));
+	add_section_kvl(section, "esp_proposals", list);
+	list = NULL;
+
+	return;
+}
+
+static void add_proposals_for_ikev2(section_s *section)
+{
+	GSList *list = NULL;
+	list = g_slist_append(list, g_strdup("aes256-aes128-sha512-sha384-sha256-sha1-modp2048s256-ecp384-ecp256-modp2048-modp1536-modp1024"));
+	//list = g_slist_append(list, g_strdup("aes256gcm16-aes128gcm16-prfsha512-prfsha384-prfsha256-prfsha1-modp2048s256-ecp384-ecp256-modp2048-modp1536-modp1024"));
+	add_section_kvl(section, "proposals", list);
+	list = NULL;
+
+	return;
+}
+
+static void add_esp_proposals_for_ikev2(section_s *section)
+{
+	GSList *list = NULL;
+	list = g_slist_append(list, g_strdup("aes256-aes128-sha512-sha384-sha256-sha1"));
+	//list = g_slist_append(list, g_strdup("aes256gcm16-aes128gcm16-prfsha512-prfsha384-prfsha256-prfsha1-modp2048s256-ecp384-ecp256-modp2048-modp1536-modp1024"));
+	add_section_kvl(section, "esp_proposals", list);
+	list = NULL;
+
+	return;
+}
+
+static void add_auth_for_hybrid(conn_s *conn)
+{
+	section_s *section = NULL;
+	unsigned char *file_buff;
+	unsigned long long file_size = 0;
+
+	/*	add local 		*/
+	section = add_section(&(conn->locals), "local");
+	section->destroy_func = NULL;
+
+	add_section_kv(section, "auth", "pubkey");
+	add_section_kv(section, "id", strongswan_conf[LOCAL_IP].value);
+
+	file_buff = get_file(strongswan_conf[CERT_PATH].value, &file_size);
+	if (file_buff)
+		add_section_kv_args(section, "certs", 1, file_buff);
+
+	/*	add remote 		*/
+
+	section = add_section(&(conn->remotes), "remote");
+	section->destroy_func = NULL;
+
+	add_section_kv(section, "auth", "xauth");
+
+	return;
+}
+
+static void add_auth_for_xauth_psk(conn_s *conn)
+{
+	section_s *section = NULL;
+
+	/*	add local 		*/
+		section = add_section(&(conn->locals), "local");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "psk");
+
+	/*	add remote-xauth		*/
+		section = add_section(&(conn->remotes), "remote-xauth");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "xauth");
+
+	/*	add remote 		*/
+
+		section = add_section(&(conn->remotes), "remote");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "psk");
+
+		return;
+}
+
+static void add_auth_for_xauth_rsa(conn_s *conn)
+{
+	section_s *section = NULL;
+	unsigned char *file_buff;
+	unsigned long long file_size = 0;
+
+	/*	add local 		*/
+		section = add_section(&(conn->locals), "local");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "pubkey");
+		add_section_kv(section, "id", strongswan_conf[LOCAL_IP].value);
+
+		file_buff = get_file(strongswan_conf[CERT_PATH].value, &file_size);
+		if (file_buff)
+			add_section_kv_args(section, "certs", 1, file_buff);
+
+	/*	add remote-xauth		*/
+		section = add_section(&(conn->remotes), "remote-xauth");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "xauth");
+
+	/*	add remote 		*/
+
+		section = add_section(&(conn->remotes), "remote");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "pubkey");
+
+		return;
+}
+
+static void add_auth_for_ikev2_psk(conn_s *conn)
+{
+	section_s *section = NULL;
+
+	/*	add local 		*/
+		section = add_section(&(conn->locals), "local");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "psk");
+
+	/*	add remote 		*/
+
+		section = add_section(&(conn->remotes), "remote");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "psk");
+
+		return;
+}
+
+static void add_auth_for_ikev2_rsa(conn_s *conn)
+{
+	section_s *section = NULL;
+	unsigned char *file_buff;
+	unsigned long long file_size = 0;
+
+	/*	add local 		*/
+		section = add_section(&(conn->locals), "local");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "pubkey");
+		add_section_kv(section, "id", strongswan_conf[LOCAL_IP].value);
+
+		file_buff = get_file(strongswan_conf[CERT_PATH].value, &file_size);
+		if (file_buff)
+			add_section_kv_args(section, "certs", 1, file_buff);
+
+	/*	add remote 		*/
+
+		section = add_section(&(conn->remotes), "remote");
+		section->destroy_func = NULL;
+
+		add_section_kv(section, "auth", "pubkey");
+
+		return;
+}
+
+static void create_child_for_hybrid(conn_s *conn)
+{
+	section_s *section = NULL;
+
+	section = add_section(&(conn->children),
+			ipsec_info[IPSEC_HYBRID_RSA].child_name);
+	/* TODO: handle memory fault */
+	section->destroy_func = NULL;
+
+	add_default_child_value(section);
+	add_esp_proposals_for_ikev1(section);
+
+	return;
+}
+
+static conn_s *create_conn_for_hybrid(setting_s *setting)
+{
+	section_s *section = NULL;
+	conn_s *conn = NULL;
+
+	/* add <conn> 			*/
+	section = add_section(&(setting->conns),
+			ipsec_info[IPSEC_HYBRID_RSA].conn_name);
+	/* TODO: handle memory fault */
+
+	conn = g_try_malloc0(sizeof(conn_s));
+	/* TODO: handle memory fault */
+	section->data = conn;
+	section->destroy_func = g_free;
+
+	add_section_kv_args(section, "pools", 1,
+			ipsec_info[IPSEC_HYBRID_RSA].pool_name);
+	add_section_kv(section, "version", "1");
+	add_section_kv(section, "send_cert", "always");
+
+	add_default_conn_value(section);
+	add_proposals_for_ikev1(section);
+
+	add_auth_for_hybrid(conn);
+	create_child_for_hybrid(conn);
+
+	return conn;
+}
+
+static void destroy_conn_for_hybrid(conn_s *conn)
+{
+	del_section(conn->children, ipsec_info[IPSEC_HYBRID_RSA].child_name);
+	del_section(conn->locals, "local");
+	del_section(conn->remotes, "remote");
+
+	return;
+}
+
+static void create_child_for_xauth_psk(conn_s *conn)
+{
+	section_s *section = NULL;
+
+	section = add_section(&(conn->children), ipsec_info[IPSEC_XAUTH_PSK].child_name);
+	section->destroy_func = NULL;
+
+	add_default_child_value(section);
+	add_esp_proposals_for_ikev1(section);
+
+	return;
+}
+
+static conn_s *create_conn_for_xauth_psk(setting_s *setting)
+{
+	section_s *section = NULL;
+	conn_s *conn = NULL;
+
+	/* add <conn> 			*/
+	section = add_section(&(setting->conns),
+			ipsec_info[IPSEC_XAUTH_PSK].conn_name);
+	/* TODO: handle memory fault */
+
+	conn = g_try_malloc0(sizeof(conn_s));
+	/* TODO: handle memory fault */
+	section->data = conn;
+	section->destroy_func = g_free;
+
+	add_section_kv_args(section, "pools", 1,
+			ipsec_info[IPSEC_XAUTH_PSK].pool_name);
+
+	add_section_kv(section, "version", "1");
+	add_section_kv(section, "send_certreq", "no");
+	add_section_kv(section, "aggressive", "yes");
+
+	add_default_conn_value(section);
+	add_proposals_for_ikev1(section);
+
+	add_auth_for_xauth_psk(conn);
+	create_child_for_xauth_psk(conn);
+
+	return conn;
+}
+
+static void destroy_conn_for_xauth_psk(conn_s *conn)
+{
+	del_section(conn->children, ipsec_info[IPSEC_XAUTH_PSK].child_name);
+	del_section(conn->locals, "local");
+	del_section(conn->remotes, "remote");
+	del_section(conn->remotes, "remote-xauth");
+
+}
+
+static void create_child_for_xauth_rsa(conn_s *conn)
+{
+	section_s *section = NULL;
+
+	/*	add children 		*/
+	section = add_section(&(conn->children),
+			ipsec_info[IPSEC_XAUTH_RSA].child_name);
+	/* TODO: handle memory fault */
+	section->destroy_func = NULL;
+
+	add_default_child_value(section);
+	add_esp_proposals_for_ikev1(section);
+
+	return;
+}
+
+static conn_s *create_conn_for_xauth_rsa(setting_s *setting)
+{
+	section_s *section = NULL;
+	conn_s *conn = NULL;
+
+	/* add <conn> 			*/
+	section = add_section(&(setting->conns),
+			ipsec_info[IPSEC_XAUTH_RSA].conn_name);
+	/* TODO: handle memory fault */
+
+	conn = g_try_malloc0(sizeof(conn_s));
+	/* TODO: handle memory fault */
+	section->data = conn;
+	section->destroy_func = g_free;
+
+	add_section_kv_args(section, "pools", 1,
+			ipsec_info[IPSEC_XAUTH_RSA].pool_name);
+	add_section_kv(section, "version", "1");
+
+	add_default_conn_value(section);
+	add_proposals_for_ikev1(section);
+
+	add_auth_for_xauth_rsa(conn);
+	create_child_for_xauth_rsa(conn);
+
+	return conn;
+}
+
+static void destroy_conn_for_xauth_rsa(conn_s *conn)
+{
+	del_section(conn->children, ipsec_info[IPSEC_XAUTH_RSA].child_name);
+	del_section(conn->locals, "local");
+	del_section(conn->remotes, "remote");
+	del_section(conn->remotes, "remote-xauth");
+	return;
+}
+
+
+static void create_child_for_ikev2_psk(conn_s *conn)
+{
+	section_s *section = NULL;
+
+	section = add_section(&(conn->children),
+			ipsec_info[IPSEC_IKEV2_PSK].child_name);
+	/* TODO: handle memory fault */
+	section->destroy_func = NULL;
+
+	add_default_child_value(section);
+	add_esp_proposals_for_ikev2(section);
+
+	return;
+}
+
+static conn_s *create_conn_for_ikev2_psk(setting_s *setting)
+{
+	section_s *section = NULL;
+	conn_s *conn = NULL;
+
+	/* add <conn> 			*/
+	section = add_section(&(setting->conns),
+			ipsec_info[IPSEC_IKEV2_PSK].conn_name);
+	/* TODO: handle memory fault */
+
+	conn = g_try_malloc0(sizeof(conn_s));
+	/* TODO: handle memory fault */
+	section->data = conn;
+	section->destroy_func = g_free;
+
+	add_section_kv_args(section, "pools", 1,
+			ipsec_info[IPSEC_IKEV2_PSK].pool_name);
+	add_section_kv(section, "version", "2");
+	add_section_kv(section, "send_certreq", "no");
+
+	add_default_conn_value(section);
+	add_proposals_for_ikev2(section);
+
+	add_auth_for_ikev2_psk(conn);
+	create_child_for_ikev2_psk(conn);
+
+	return conn;
+}
+
+static void destroy_conn_for_ikev2_psk(conn_s *conn)
+{
+	del_section(conn->children, ipsec_info[IPSEC_IKEV2_PSK].child_name);
+	del_section(conn->locals, "local");
+	del_section(conn->remotes, "remote");
+
+	return;
+}
+
+static void create_child_for_ikev2_rsa(conn_s *conn)
+{
+	section_s *section = NULL;
+
+	/*	add children 		*/
+
+	section = add_section(&(conn->children),
+			ipsec_info[IPSEC_IKEV2_RSA].child_name);
+	/* TODO: handle memory fault */
+	section->destroy_func = NULL;
+
+	add_default_child_value(section);
+	add_esp_proposals_for_ikev2(section);
+
+	return;
+}
+
+static conn_s *create_conn_for_ikev2_rsa(setting_s *setting)
+{
+	section_s *section = NULL;
+	conn_s *conn = NULL;
+
+	/* add <conn> 			*/
+	section = add_section(&(setting->conns),
+			ipsec_info[IPSEC_IKEV2_RSA].conn_name);
+	/* TODO: handle memory fault */
+
+	conn = g_try_malloc0(sizeof(conn_s));
+	/* TODO: handle memory fault */
+	section->data = conn;
+	section->destroy_func = g_free;
+
+	add_section_kv_args(section, "pools", 1,
+			ipsec_info[IPSEC_IKEV2_RSA].pool_name);
+	add_section_kv(section, "version", "2");
+
+	add_default_conn_value(section);
+	add_proposals_for_ikev2(section);
+
+	add_auth_for_ikev2_rsa(conn);
+	create_child_for_ikev2_rsa(conn);
+
+	return conn;
+}
+
+static void destroy_conn_for_ikev2_rsa(conn_s *conn)
+{
+	del_section(conn->children, ipsec_info[IPSEC_IKEV2_RSA].child_name);
+	del_section(conn->locals, "local");
+	del_section(conn->remotes, "remote");
+
+	return;
+}
+
+static int send_vici_request(struct request *req)
+{
+	int res =
+	send_request_gio((GIOFunc)process_gio_source_sock,
+			(GSourceFunc)send_request_gio_in_idle,
+			(GSourceFunc)destroy_source_gio,
+			(gpointer)req);
+	return res;
+}
+
+static void check_vici_request(struct request *req)
+{
+	__process_response(req->buf + req->hdr_len - 1, req->used - req->hdr_len + 1);
+}
+
+static int test_load_conn(int ipsec_type)
+{
+	setting_s *setting = NULL;
+	section_s *section = NULL;
+	conn_s * conn = NULL;
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	printf("load-conn ipsec type [%s]\n", ipsec_info[ipsec_type].head);
+
+	ret = create_request(VICI_CMD_REQUEST, "load-conn", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	setting = g_try_malloc0(sizeof(setting_s));
+	if (setting == NULL) {
+		printf("error on memory\n");
+		destroy_request(req);
+		return -1;
+	}
+
+	conn = ipsec_info[ipsec_type].create(setting);
+	if (conn == NULL) {
+		printf("error on memory\n");
+		destroy_request(req);
+		g_free(setting);
+		return -1;
+	}
+
+	/* create request for load-conn with setting */
+	write_section_list(setting->conns, handle_conns, req);
+
+	/* clear setting */
+	ipsec_info[ipsec_type].destroy(conn);
+	del_section(setting->conns, ipsec_info[ipsec_type].conn_name);
+	g_free(setting);
+
+/* send request */
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_unload_conn(int ipsec_type)
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	printf("unload-conn ipsec type [%s]\n", ipsec_info[ipsec_type].head);
+
+	ret = create_request(VICI_CMD_REQUEST, "unload-conn", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	vici_kv(req, "name", (const void *)ipsec_info[ipsec_type].conn_name,
+			strlen((char *)ipsec_info[ipsec_type].conn_name));
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_get_conns()
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	ret = create_request(VICI_CMD_REQUEST, "get-conns", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_list_conns(int ipsec_type)
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	printf("list-conn ipsec type [%s]\n", ipsec_info[ipsec_type].head);
+
+	ret = create_request(VICI_CMD_REQUEST, "list-conns", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	vici_list_start(req, (const char *)"ike");
+	vici_list_item(req, (const void *)ipsec_info[ipsec_type].conn_name,
+			strlen((char *)ipsec_info[ipsec_type].conn_name));
+	vici_list_end(req);
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+/* test initiate */
+
+int test_initiate()
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+/*
+	ret = create_request(VICI_CMD_REQUEST, "initiate", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	vici_kv(req, "child", (const void *)CHILD_SA_NAME, strlen((char *)CHILD_SA_NAME));
+
+	check_vici_request(req);
+	send_vici_request(req);
+*/
+	__FUNC_EXIT__;
+	return ret;
+}
+
+/* test terminate */
+
+int test_terminate(int ipsec_type)
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	printf("terminate ipsec type [%s]\n", ipsec_info[ipsec_type].head);
+
+	ret = create_request(VICI_CMD_REQUEST, "terminate", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	vici_kv(req, "child", (const void *)ipsec_info[ipsec_type].child_name,
+			strlen((char *)ipsec_info[ipsec_type].child_name));
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_load_shared_psk()
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	ret = create_request(VICI_CMD_REQUEST, "load-shared", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	vici_kv(req, "type", (const void *)"ike", strlen((char *)"ike"));
+	vici_kv(req, "data", (const void *)strongswan_conf[IKE_DATA].value,
+			strlen((char *)strongswan_conf[IKE_DATA].value));
+
+	vici_list_start(req, (const char *)"owners");
+	vici_list_item(req, (const void *)strongswan_conf[IKE_OWNER].value,
+			strlen((char *)strongswan_conf[IKE_OWNER].value));
+
+	vici_list_end(req);
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_load_shared_xauth()
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	ret = create_request(VICI_CMD_REQUEST, "load-shared", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	vici_kv(req, "type", (const void *)"xauth", strlen((char *)"xauth"));
+	vici_kv(req, "data", (const void *)strongswan_conf[XAUTH_DATA].value,
+			strlen((char *)strongswan_conf[XAUTH_DATA].value));
+
+	vici_list_start(req, (const char *)"owners");
+	vici_list_item(req, (const void *)strongswan_conf[XAUTH_OWNER].value,
+			strlen((char *)strongswan_conf[XAUTH_OWNER].value));
+
+	vici_list_end(req);
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_load_pool(int ipsec_type)
+{
+	GSList *list = NULL;
+	section_s *section = NULL;
+	conn_s * conn = NULL;
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	printf("load-pool ipsec type [%s]\n", ipsec_info[ipsec_type].head);
+
+	ret = create_request(VICI_CMD_REQUEST, "load-pool", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+/* add <conn> 			*/
+	section = add_section(&(list), ipsec_info[ipsec_type].pool_name);
+	/* TODO: handle memory fault */
+
+	add_section_kv(section, "addrs", strongswan_conf[HYBRID_POOL + ipsec_type].value);
+
+/* create request for load-pool with list */
+
+	write_section_list(list, NULL, req);
+
+/* clear setting */
+	del_section(list, ipsec_info[ipsec_type].pool_name);
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_load_ca_cert()
+{
+	struct request *req = NULL;
+	unsigned char *file_buff = NULL;
+	unsigned long long file_size = 0;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	file_buff = get_file(strongswan_conf[CA_CERT_PATH].value, &file_size);
+	if (!file_buff) {
+		return -1;
+	}
+
+	ret = create_request(VICI_CMD_REQUEST, "load-cert", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		g_free(file_buff);
+		return -1;
+	}
+
+	vici_kv(req, "type", (const void *)"X509", strlen((char *)"X509"));
+	vici_kv(req, "type", (const void *)"flag", strlen((char *)"CA"));
+	vici_kv(req, "data", (const void *)file_buff, file_size);
+
+	check_vici_request(req);
+	send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+	g_free(file_buff);
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+int test_load_private()
+{
+	struct request *req = NULL;
+	unsigned char *file_buff = NULL;
+	unsigned long long file_size = 0;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	file_buff = get_file(strongswan_conf[PRIVATE_PATH].value, &file_size);
+	if (!file_buff) {
+		return -1;
+	}
+
+	ret = create_request(VICI_CMD_REQUEST, "load-key", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		g_free(file_buff);
+		return -1;
+	}
+
+	vici_kv(req, "type", (const void *)"RSA", strlen((char *)"RSA"));
+	vici_kv(req, "data", (const void *)file_buff, file_size);
+
+	check_vici_request(req);
+	send_vici_request(req);
+	ret = send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+	}
+
+	g_free(file_buff);
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+/* test version */
+
+int test_version()
+{
+	struct request *req = NULL;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	ret = create_request(VICI_CMD_REQUEST, "version", &req);
+	if (ret < 0) {
+		printf("error on create_request\n");
+		return -1;
+	}
+
+	check_vici_request(req);
+	ret = send_vici_request(req);
+	if (ret < 0) {
+		printf("error on send_vici_request\n");
+		destroy_request(req);
+		return -1;
+	}
+
+	__FUNC_EXIT__;
+	return ret;
+}
+
+enum {
+	CMD_QUIT,
+	CMD_FULL_MENU,
+	CMD_VERSION,
+	CMD_LOAD_CONN,
+	CMD_UNLOAD_CONN,
+	CMD_GET_CONNS,
+	CMD_LIST_CONNS,
+	CMD_LOAD_SHARED_PSK,
+	CMD_LOAD_SHARED_XAUTH,
+	CMD_LOAD_POOL,
+	CMD_LOAD_CA_CERT,
+	CMD_LOAD_PRIVATE,
+	CMD_INITIATE,
+	CMD_TERMINATE,
+
+	CMD_INVALID,
+};
+
+typedef struct {
+	int cmd;
+	char* menu_str;
+} menu_str_t;
+
+menu_str_t g_menu_str[] = {
+		{ CMD_QUIT, "CMD_QUIT" },
+		{ CMD_FULL_MENU, "CMD_FULL_MENU" },
+		{ CMD_VERSION, "CMD_VERSION" },
+		{ CMD_LOAD_CONN, "CMD_LOAD_CONN" },
+		{ CMD_UNLOAD_CONN, "CMD_UNLOAD_CONN" },
+		{ CMD_GET_CONNS, "CMD_GET_CONNS" },
+		{ CMD_LIST_CONNS, "CMD_LIST_CONNS" },
+		{ CMD_LOAD_SHARED_PSK, "CMD_LOAD_SHARED_PSK" },
+		{ CMD_LOAD_SHARED_XAUTH, "CMD_LOAD_SHARED_XAUTH" },
+		{ CMD_LOAD_POOL, "CMD_LOAD_POOL" },
+		{ CMD_LOAD_CA_CERT, "CMD_LOAD_CA_CERT" },
+		{ CMD_LOAD_PRIVATE, "CMD_LOAD_PRIVATE" },
+		{ CMD_INITIATE, "CMD_INITIATE" },
+		{ CMD_TERMINATE, "CMD_TERMINATE" },
+		{ -1, NULL }, };
+
+void usage()
+{
+	printf("Call Test Program\n");
+	printf(" %d: quit\n", CMD_QUIT);
+	printf(" %d: Full menu\n", CMD_FULL_MENU);
+}
+
+char*
+cmd_transform(char*str)
+{
+	int i, j;
+	int len;
+	static char static_buffer[255];
+
+	if (str == NULL)
+		return "";
+
+	len = strlen(str);
+	if (len == 0)
+		return "";
+
+	/* remove "CMD_" */
+	/* lower char */
+	/* replance "_" to space */
+	for (i = 0, j = 4; i < len; i++, j++) {
+		if (str[j] >= 'A' && str[j] <= 'Z')
+			static_buffer[i] = str[j] + 'a' - 'A';
+		else if (str[j] == '_')
+			static_buffer[i] = ' ';
+		else
+			static_buffer[i] = str[j];
+	}
+	static_buffer[j] = '\0';
+
+	return static_buffer;
+}
+
+void usage_full()
+{
+	int i;
+	printf("Call Test Program\n");
+
+	for (i = 0; g_menu_str[i].cmd != -1; i++) {
+		if (i % 4 == 0)
+			printf("\n");
+		printf(" %02d: %-32s ", g_menu_str[i].cmd,
+				cmd_transform(g_menu_str[i].menu_str));
+
+	}
+	printf("\n");
+}
+
+int is_digit(const char* str)
+{
+	int len;
+	int i;
+
+	if (str == NULL)
+		return -1;
+
+	if (strlen(str) == 0)
+		return -1;
+
+	len = strlen(str);
+	for (i = 0; i < len; i++) {
+		if (str[i] < '0' || str[i] > '9')
+			return -2;
+	}
+
+	return 0;
+}
+
+void print_result(int cmd, int ret)
+{
+	if (ret != 0)
+		printf(MAKE_RED"%s failed\n", g_menu_str[cmd].menu_str);
+	else
+		printf(MAKE_GREEN"%s succeeded\n", g_menu_str[cmd].menu_str);
+	printf(RESET_COLOR);
+
+}
+
+int get_ipsec_type(int cmd)
+{
+	int type = IPSEC_HYBRID_RSA;
+	int i = 0;
+	printf("Please enter #of ipsec type for [%s]:\n", g_menu_str[cmd].menu_str);
+
+	for (type = IPSEC_HYBRID_RSA; type <= IPSEC_IKEV2_RSA; type++)
+		printf("[%d] : [%s]\n", type, ipsec_type_str[type].type_str);
+	scanf("%d", &type);
+
+	if (type < IPSEC_HYBRID_RSA || type > IPSEC_IKEV2_RSA)
+		type = -1;
+	return type;
+
+}
+
+
+void process_std_input(const char *input, gpointer user_data)
+{
+	int ret = -1;
+	int cmd = strtol(input, NULL, 0);
+
+	if (is_digit(input) < 0 || strlen(input) == 0 || errno == ERANGE || errno
+			== EINVAL)
+		cmd = CMD_INVALID;
+
+	printf("cmd=[%d]\n", cmd);
+
+	switch (cmd) {
+	case CMD_FULL_MENU:
+	{
+		usage_full();
+	}
+		break;
+	case CMD_QUIT:
+	{
+		printf("Bye\n");
+		g_main_loop_quit(main_loop);
+	}
+		break;
+	case CMD_VERSION:
+	{
+		ret = test_version();
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_LOAD_CONN:
+	{
+		int type;
+		type = get_ipsec_type(cmd);
+		if (type < 0)
+			break;
+		ret = test_load_conn(type);
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_UNLOAD_CONN:
+	{
+		int type;
+		type = get_ipsec_type(cmd);
+		if (type < 0)
+			break;
+		ret = test_unload_conn(type);
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_GET_CONNS:
+	{
+		ret = test_get_conns();
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_LIST_CONNS:
+	{
+		int type;
+		type = get_ipsec_type(cmd);
+		if (type < 0)
+			break;
+		ret = test_list_conns(type);
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_LOAD_SHARED_PSK:
+	{
+		ret = test_load_shared_psk();
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_LOAD_SHARED_XAUTH:
+	{
+		ret = test_load_shared_xauth();
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_LOAD_POOL:
+	{
+		int type;
+		type = get_ipsec_type(cmd);
+		if (type < 0)
+			break;
+		ret = test_load_pool(type);
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_LOAD_CA_CERT:
+	{
+		ret = test_load_ca_cert();
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_LOAD_PRIVATE:
+	{
+		ret = test_load_private();
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_INITIATE:
+	{
+		ret = test_initiate();
+		print_result(cmd, ret);
+	}
+		break;
+	case CMD_TERMINATE:
+	{
+		int type;
+		type = get_ipsec_type(cmd);
+		if (type < 0)
+			break;
+		ret = test_terminate(type);
+		print_result(cmd, ret);
+	}
+		break;
+	default:
+		usage_full();
+		break;
+	}
+
+	return;
+}
+
+static gboolean read_std_input(GIOChannel * source,
+		GIOCondition condition, gpointer user_data)
+{
+	int fd = 0;
+
+	static char buf[MAX_STD_INPUT_BUF];
+	int n;
+
+	errno = 0;
+	n = read(fd, buf, MAX_STD_INPUT_BUF);
+
+	buf[n - 1] = '\0'; /* remove new line... */
+	if (n == 0) {
+		printf("Error: read() from stdin returns 0.\n");
+	} else if (n < 0) {
+		printf("input: read, err=%s\n", strerror(errno));
+	} else {
+		printf("\n\n");
+	}
+
+	process_std_input(buf, user_data);
+
+	return TRUE;
+}
+
+static GKeyFile *load_key_file(const char *path_name)
+{
+	GKeyFile *key_file = NULL;
+	GError *error = NULL;
+
+	key_file = g_key_file_new();
+	if (!g_key_file_load_from_file(key_file, path_name, 0, &error)) {
+			printf("Unable to load %s: %s", path_name, error->message);
+			g_clear_error(&error);
+
+			g_key_file_free(key_file);
+			key_file = NULL;
+	}
+	return key_file;
+}
+
+int load_strongswan_config(const char *path_name)
+{
+	GKeyFile *key_file = NULL;
+	int i = 0;
+
+	key_file = load_key_file(path_name);
+	if (!key_file)
+		return -1;
+
+	for (i = LOCAL_IP; i < STRONGSWAN_CONF_KEY_MAX; i++) {
+		strongswan_conf[i].value = g_key_file_get_string(key_file, CONF_GROUP_NAME,
+				strongswan_conf[i].key_name, NULL);
+
+		if (strlen(strongswan_conf[i].value) == 0)
+			strongswan_conf[i].value = NULL;
+
+		printf ("key [%s] value [%s]\n",
+				strongswan_conf[i].key_name, strongswan_conf[i].value);
+	}
+
+	g_conf_key_file = key_file;
+	return 0;
+}
+
+void unload_strongswan_config()
+{
+	int i = 0;
+
+	for (i = LOCAL_IP; i < STRONGSWAN_CONF_KEY_MAX; i++)
+		g_free(strongswan_conf[i].value);
+
+	g_key_file_free(g_conf_key_file);
+	g_conf_key_file = NULL;
+}
+
+/* Run Mainloop */
+int main(int argc, char *argv[])
+{
+	int std_input_fd = 0;
+	int ret = 0;
+	__FUNC_ENTER__;
+
+	ret = load_strongswan_config(STRONGSWAN_CONF_PATH);
+	if (ret != 0) {
+		printf("Failed to load configuration. Terminate...\n");
+		return -1;
+	}
+
+	main_loop = g_main_loop_new(NULL, FALSE);
+	if (main_loop == NULL) {
+		printf("Failed to create GMainLoop structure\n");
+		return -1;
+	}
+
+	GIOChannel *unix_channel = g_io_channel_unix_new(std_input_fd);
+	g_io_add_watch(unix_channel, G_IO_IN, (GIOFunc)read_std_input, NULL);
+	g_io_channel_unref(unix_channel);
+
+	g_main_loop_run(main_loop);
+
+	unload_strongswan_config();
+
+	__FUNC_EXIT__;
+	return ret;
+}
diff --git a/test/ipsec_test/ipsec_server_src/server.conf b/test/ipsec_test/ipsec_server_src/server.conf
new file mode 100644
index 0000000..99d0e00
--- /dev/null
+++ b/test/ipsec_test/ipsec_server_src/server.conf
@@ -0,0 +1,16 @@
+[strongswan]
+local_ip=192.168.0.108
+local_ts=10.113.62.0/24
+cert_path=
+ca_cert_path=
+private_path=
+ike_data=ABCDEFGH
+ike_owner=0.0.0.0/0
+xauth_data=12345678
+xauth_owner=dave
+hybrid_pool=10.113.62.137
+xauth_psk_pool=10.113.62.138
+xauth_rsa_pool=10.113.62.139
+ikev2_psk_pool=10.113.62.140
+ikev2_rsa_pool=10.113.62.141
+
diff --git a/test/ipsec_test/root-ca-req.conf b/test/ipsec_test/root-ca-req.conf
new file mode 100644
index 0000000..2956969
--- /dev/null
+++ b/test/ipsec_test/root-ca-req.conf
@@ -0,0 +1,23 @@
+[ req ]
+default_bits           = 2048
+distinguished_name     = req_distinguished_name
+prompt = no
+x509_extensions        = v3_ca
+
+[ req_distinguished_name ]
+
+C                      = KR
+ST                     = Seocho-Gu
+L                      = Seoul
+O                      = Samsung Electronics .Inc
+OU                     = .
+CN                     = Jiung Yu
+emailAddress           = test@email.adress
+
+
+[ v3_ca ]
+
+basicConstraints = critical, CA:true
+keyUsage =cRLSign, keyCertSign
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/test/ipsec_test/root-ca.conf b/test/ipsec_test/root-ca.conf
new file mode 100644
index 0000000..26c9ef6
--- /dev/null
+++ b/test/ipsec_test/root-ca.conf
@@ -0,0 +1,68 @@
+ [ ca ]
+ default_ca      = CA_default            # The default ca section
+
+ [ CA_default ]
+
+ dir            = ./root-ca             # top dir
+ database       = $dir/db/index.txt        # index file.
+ new_certs_dir  = $dir/newcerts         # new certs dir
+
+ certificate    = $dir/cert/root-ca-cert.PEM       # The CA cert
+ serial         = $dir/db/serial           # serial no file
+ private_key    = $dir/private/root-ca-private.PEM# CA private key
+ RANDFILE       = $dir/private/.rand    # random number file
+
+ x509_extensions= usr_cert		# The extentions to add to the cert
+
+ default_days   = 36500                 # how long to certify for
+ default_crl_days= 30                   # how long before next CRL
+ default_md     = sha256                # md to use
+
+ policy         = policy_any            # default policy
+ email_in_dn    = no                    # Don't add the email into cert DN
+
+ name_opt       = ca_default            # Subject name display option
+ cert_opt       = ca_default            # Certificate display option
+ copy_extensions = copy                 # Don't copy extensions from request
+
+ [ policy_any ]
+ countryName            = supplied
+ stateOrProvinceName    = optional
+ organizationName       = optional
+ organizationalUnitName = optional
+ commonName             = supplied
+ emailAddress           = optional
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType                    = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment                       = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
diff --git a/test/ipsec_test/server.conf b/test/ipsec_test/server.conf
new file mode 100644
index 0000000..5a595bd
--- /dev/null
+++ b/test/ipsec_test/server.conf
@@ -0,0 +1,16 @@
+[strongswan]
+local_ip=192.168.0.108
+local_ts=10.113.62.0/24
+cert_path=./host-cert.PEM
+ca_cert_path=./root-ca-cert.PEM
+private_path=./host-private.PEM
+ike_data=ABCDEFGH
+ike_owner=0.0.0.0/0
+xauth_data=12345678
+xauth_owner=dave
+hybrid_pool=10.113.62.137
+xauth_psk_pool=10.113.62.138
+xauth_rsa_pool=10.113.62.139
+ikev2_psk_pool=10.113.62.140
+ikev2_rsa_pool=10.113.62.141
+
diff --git a/test/vpn_test.c b/test/vpn_test.c
index 97a4828..45a87cf 100755
--- a/test/vpn_test.c
+++ b/test/vpn_test.c
@@ -30,6 +30,15 @@
 #include <vpn.h>
 #include <tizen_error.h>
 
+#if defined(IPSEC_TEST)
+#define CA_CERT "root-ca-cert.PEM"
+#define CLIENT_CERT_DER "client-cert.crt"
+#define CLIENT_CERT_PEM "client-cert.PEM"
+#define CLIENT_CERT_PKCS12 "client-cert.p12"
+#define HOST_CERT "host-cert.PEM"
+#define CLIENT_PRIVATE_KEY "client-private.PEM"
+#endif
+
 gboolean test_thread(GIOChannel *source,
 			GIOCondition condition,
 			gpointer data);
@@ -70,6 +79,7 @@ static const char *__test_convert_error_to_string(vpn_error_e err_type)
 	return "UNKNOWN";
 }
 
+#if defined(IPSEC_TEST)
 typedef enum {
 	IPSEC_HYBRID_RSA,
 	IPSEC_XAUTH_PSK,
@@ -134,6 +144,7 @@ typedef enum {
 	IPSEC_CERT_PASS,
 	IPSEC_PKEY_TYPE,
 	IPSEC_PKEY_DATA,
+	IPSEC_CA_CERTS_DIR,
 	IPSEC_KVS_MAX,
 } ipsec_kv_e;
 
@@ -160,17 +171,19 @@ kv_s ipsec_setting_kvs[] = {
 		{"IPsec.IKEData", NULL},
 		{"IPsec.IKEOwners", NULL},
 		{"IPsec.XauthData", NULL},
-		{"IPsec.XautOwners", NULL},
+		{"IPsec.XauthOwners", NULL},
 		{"IPsec.CertType", NULL},
 		{"IPsec.CertFlag", NULL},
 		{"IPsec.CertData", NULL},
 		{"IPsec.CertPass", NULL},
 		{"IPsec.PKeyType", NULL},
 		{"IPsec.PKeyData", NULL},
+		{"IPsec.CACertsDir", NULL},
 		{NULL, NULL},
 };
 
 typedef void (*gen_ipsec_settings_f)(void);
+#endif
 
 static void __test_created_callback(vpn_error_e result,
 				void *user_data)
@@ -216,6 +229,7 @@ static void _test_get_vpn_handle(vpn_h *handle_ptr)
 {
 	assert(handle_ptr != NULL);
 
+	char name_str[128] = { 0 };
 	char host_str[128] = { 0 };
 	char domain_str[128] = { 0 };
 	const char *name = NULL;
@@ -237,6 +251,11 @@ static void _test_get_vpn_handle(vpn_h *handle_ptr)
 		printf(" Domain[%p] - %s\n", iter->data, domain);
 	}
 
+	printf("==================================\n");
+	printf(" Please ENTER Name: ");
+	if (scanf(" %127s", name_str) < 0)
+		printf("Error in Reading Host String\n");
+
 	printf("==================================\n");
 	printf(" Please ENTER Host: ");
 	if (scanf(" %127s", host_str) < 0)
@@ -246,7 +265,7 @@ static void _test_get_vpn_handle(vpn_h *handle_ptr)
 	if (scanf(" %127s", domain_str) < 0)
 		printf("Error in Reading Domain String\n");
 
-	vpn_get_vpn_handle(host_str, domain_str, handle_ptr);
+	vpn_get_vpn_handle(name_str, host_str, domain_str, handle_ptr);
 }
 
 static void _test_get_user_input(char *buf, char *what)
@@ -459,6 +478,7 @@ int test_vpn_disconnect(void)
 	return 1;
 }
 
+#if defined(IPSEC_TEST)
 static int __test_init()
 {
 	int rv = 0;
@@ -502,7 +522,7 @@ static int __test_deinit()
 	return rv;
 }
 
-static int __test_add()
+static int __test_add(ipsec_type_e type)
 {
 	int rv = 0;
 
@@ -513,7 +533,7 @@ static int __test_add()
 		return -1;
 	}
 
-	rv = vpn_settings_set_name("TEST_IPSEC");
+	rv = vpn_settings_set_name(__get_ipsec_name(type));
 	if (rv != VPN_ERROR_NONE) {
 		printf("Fail to VPN Settings Name[%s]\n",
 				__test_convert_error_to_string(rv));
@@ -573,8 +593,11 @@ static void __gen_ipsec_hybrid_rsa_kvs(void)
 	//ipsec_setting_kvs[IPSEC_REMOTE_CERTS].value = __get_user_input("File path for remote cert");
 	ipsec_setting_kvs[IPSEC_CHILDREN_REMOTE_TS].value = g_strdup("0.0.0.0/0");
 	ipsec_setting_kvs[IPSEC_CHILDREN_LOCAL_TS].value = g_strdup("0.0.0.0/0");
-	ipsec_setting_kvs[IPSEC_XAUTH_DATA].value = g_strdup("ABCDEFGH");
+	ipsec_setting_kvs[IPSEC_XAUTH_DATA].value = g_strdup("12345678");
 	ipsec_setting_kvs[IPSEC_XAUTH_OWNERS].value = g_strdup("dave");
+	ipsec_setting_kvs[IPSEC_CERT_TYPE].value = g_strdup("X509");
+	ipsec_setting_kvs[IPSEC_CERT_FLAG].value = g_strdup("CA");
+	ipsec_setting_kvs[IPSEC_CERT_DATA].value = g_strdup_printf("%s%s", CERT_EXAMPLES_DIR, CA_CERT);
 	return;
 }
 
@@ -593,7 +616,7 @@ static void __gen_ipsec_xauth_psk_kvs(void)
 	ipsec_setting_kvs[IPSEC_CHILDREN_LOCAL_TS].value = g_strdup("0.0.0.0/0");
 	ipsec_setting_kvs[IPSEC_IKE_DATA].value = g_strdup("ABCDEFGH");
 	ipsec_setting_kvs[IPSEC_IKE_OWNERS].value = g_strdup("0.0.0.0/0");
-	ipsec_setting_kvs[IPSEC_XAUTH_DATA].value = g_strdup("ABCDEFGH");
+	ipsec_setting_kvs[IPSEC_XAUTH_DATA].value = g_strdup("12345678");
 	ipsec_setting_kvs[IPSEC_XAUTH_OWNERS].value = g_strdup("dave");
 	return;
 }
@@ -605,22 +628,21 @@ static void __gen_ipsec_xauth_rsa_kvs(void)
 	ipsec_setting_kvs[IPSEC_LEFT_ADDRS].value = __get_user_input("Local Address for IPsec");
 	ipsec_setting_kvs[IPSEC_RIGHT_ADDRS].value = __get_user_input("Remote Address for IPsec");
 	ipsec_setting_kvs[IPSEC_LOCAL_AUTH].value = g_strdup("pubkey");
-	ipsec_setting_kvs[IPSEC_LOCAL_CERTS].value = __get_user_input("File path for local cert");
-	ipsec_setting_kvs[IPSEC_LOCAL_CERT_PASS].value = __get_user_input("Local Certificate passwd");
+	ipsec_setting_kvs[IPSEC_LOCAL_CERTS].value = g_strdup_printf("%s%s", CERT_EXAMPLES_DIR, CLIENT_CERT_PEM);
+	//ipsec_setting_kvs[IPSEC_LOCAL_CERT_PASS].value = __get_user_input("Local Certificate passwd");
 	ipsec_setting_kvs[IPSEC_LOCAL_XAUTH_AUTH].value = g_strdup("xauth");
 	ipsec_setting_kvs[IPSEC_LOCAL_XAUTH_XAUTH_ID].value = g_strdup("dave");
 	ipsec_setting_kvs[IPSEC_REMOTE_AUTH].value = g_strdup("pubkey");
 	//ipsec_setting_kvs[IPSEC_REMOTE_CERTS].value = __get_user_input("File path for remote cert");
 	ipsec_setting_kvs[IPSEC_CHILDREN_REMOTE_TS].value = g_strdup("0.0.0.0/0");
 	ipsec_setting_kvs[IPSEC_CHILDREN_LOCAL_TS].value = g_strdup("0.0.0.0/0");
-	ipsec_setting_kvs[IPSEC_XAUTH_DATA].value = g_strdup("ABCDEFGH");
+	ipsec_setting_kvs[IPSEC_XAUTH_DATA].value = g_strdup("12345678");
 	ipsec_setting_kvs[IPSEC_XAUTH_OWNERS].value = g_strdup("dave");
 	ipsec_setting_kvs[IPSEC_CERT_TYPE].value = g_strdup("X509");
 	ipsec_setting_kvs[IPSEC_CERT_FLAG].value = g_strdup("CA");
-	ipsec_setting_kvs[IPSEC_CERT_PASS].value = __get_user_input("Certificate passwd");
-	ipsec_setting_kvs[IPSEC_CERT_DATA].value = __get_user_input("File path for CA cert");
+	ipsec_setting_kvs[IPSEC_CERT_DATA].value = g_strdup_printf("%s%s", CERT_EXAMPLES_DIR, CA_CERT);
 	ipsec_setting_kvs[IPSEC_PKEY_TYPE].value = g_strdup("RSA");
-	ipsec_setting_kvs[IPSEC_PKEY_DATA].value = __get_user_input("File path for private key");
+	ipsec_setting_kvs[IPSEC_PKEY_DATA].value = g_strdup_printf("%s%s", CERT_EXAMPLES_DIR, CLIENT_PRIVATE_KEY);
 	return;
 }
 static void __gen_ipsec_ikev2_psk_kvs(void)
@@ -646,18 +668,18 @@ static void __gen_ipsec_ikev2_rsa_kvs()
 	ipsec_setting_kvs[IPSEC_LEFT_ADDRS].value = __get_user_input("Local Address for IPsec");
 	ipsec_setting_kvs[IPSEC_RIGHT_ADDRS].value = __get_user_input("Remote Address for IPsec");
 	ipsec_setting_kvs[IPSEC_LOCAL_AUTH].value = g_strdup("pubkey");
-	ipsec_setting_kvs[IPSEC_LOCAL_CERTS].value = __get_user_input("File path for local cert");
-	ipsec_setting_kvs[IPSEC_LOCAL_CERT_PASS].value = __get_user_input("Local Certificate passwd");
+	ipsec_setting_kvs[IPSEC_LOCAL_CERTS].value = g_strdup_printf("%s%s", CERT_EXAMPLES_DIR, CLIENT_CERT_PEM);
+	//ipsec_setting_kvs[IPSEC_LOCAL_CERT_PASS].value = __get_user_input("Local Certificate passwd");
 	ipsec_setting_kvs[IPSEC_REMOTE_AUTH].value = g_strdup("pubkey");
 	//ipsec_setting_kvs[IPSEC_REMOTE_CERTS].value = __get_user_input("File path for remote cert");
 	ipsec_setting_kvs[IPSEC_CHILDREN_REMOTE_TS].value = g_strdup("0.0.0.0/0");
 	ipsec_setting_kvs[IPSEC_CHILDREN_LOCAL_TS].value = g_strdup("0.0.0.0/0");
 	ipsec_setting_kvs[IPSEC_CERT_TYPE].value = g_strdup("X509");
 	ipsec_setting_kvs[IPSEC_CERT_FLAG].value = g_strdup("CA");
-	ipsec_setting_kvs[IPSEC_CERT_DATA].value = __get_user_input("File path for CA cert");
-	ipsec_setting_kvs[IPSEC_CERT_PASS].value = __get_user_input("Certificate passwd");
+	ipsec_setting_kvs[IPSEC_CERT_DATA].value = g_strdup_printf("%s%s", CERT_EXAMPLES_DIR, CA_CERT);
+	//ipsec_setting_kvs[IPSEC_CERT_PASS].value = __get_user_input("Certificate passwd");
 	ipsec_setting_kvs[IPSEC_PKEY_TYPE].value = g_strdup("RSA");
-	ipsec_setting_kvs[IPSEC_PKEY_DATA].value = __get_user_input("File path for private key");
+	ipsec_setting_kvs[IPSEC_PKEY_DATA].value = g_strdup_printf("%s%s", CERT_EXAMPLES_DIR, CLIENT_PRIVATE_KEY);
 	return;
 }
 
@@ -685,7 +707,7 @@ int test_create_ipsec(gpointer data, ipsec_type_e type)
 	if (rv != VPN_ERROR_NONE)
 		return -1;
 
-	rv = __test_add();
+	rv = __test_add(type);
 	if (rv != VPN_ERROR_NONE)
 		return -1;
 
@@ -717,23 +739,32 @@ int test_create_ipsec(gpointer data, ipsec_type_e type)
 
 	return 1;
 }
+#endif
 
 int main(int argc, char **argv)
 {
-	gen_ipsec_settings_f gen_ipsec_settings[IPSEC_MAX];
 	GMainLoop *mainloop;
 
+#if defined(IPSEC_TEST)
+	gen_ipsec_settings_f gen_ipsec_settings[IPSEC_MAX];
+
 	gen_ipsec_settings[IPSEC_HYBRID_RSA] = __gen_ipsec_hybrid_rsa_kvs;
 	gen_ipsec_settings[IPSEC_XAUTH_PSK] = __gen_ipsec_xauth_psk_kvs;
 	gen_ipsec_settings[IPSEC_XAUTH_RSA] = __gen_ipsec_xauth_rsa_kvs;
 	gen_ipsec_settings[IPSEC_IKEV2_PSK] = __gen_ipsec_ikev2_psk_kvs;
 	gen_ipsec_settings[IPSEC_IKEV2_RSA] = __gen_ipsec_ikev2_rsa_kvs;
+#endif
 
 	mainloop = g_main_loop_new(NULL, FALSE);
 
 	GIOChannel *channel = g_io_channel_unix_new(0);
+#if defined(IPSEC_TEST)
 	g_io_add_watch(channel, (G_IO_IN|G_IO_ERR|G_IO_HUP|G_IO_NVAL),
 			test_thread, gen_ipsec_settings);
+#else
+	g_io_add_watch(channel, (G_IO_IN|G_IO_ERR|G_IO_HUP|G_IO_NVAL),
+			test_thread, NULL);
+#endif
 
 	printf("Test Thread created...\n");
 
@@ -773,11 +804,13 @@ gboolean test_thread(GIOChannel *source, GIOCondition condition, gpointer data)
 		printf("8\t- VPN Remove - Removes the VPN profile\n");
 		printf("9\t- VPN Connect - Connect the VPN profile\n");
 		printf("a\t- VPN Disconnect - Disconnect the VPN profile\n");
+#if defined(IPSEC_TEST)
 		printf("b\t- VPN Test Create IPSec Hybrid RSA - Create IPSec Hybrid RSA\n");
 		printf("c\t- VPN Test Create IPSec Xauth PSK - Create IPSec Xauth PSK\n");
 		printf("d\t- VPN Test Create IPSec Xauth RSA - Create IPSec Xauth RSA\n");
 		printf("e\t- VPN Test Create IPSec IKEv2 PSK - Create IPSec IKEv2 PSK\n");
 		printf("f\t- VPN Test Create IPSec IKEv2 RSA - Create IPSec IKEv2 RSA\n");
+#endif
 		printf("0\t- Exit\n");
 
 		printf("ENTER  - Show options menu.......\n");
@@ -814,6 +847,7 @@ gboolean test_thread(GIOChannel *source, GIOCondition condition, gpointer data)
 	case 'a':
 		rv = test_vpn_disconnect();
 		break;
+#if defined(IPSEC_TEST)
 	case 'b':
 		rv = test_create_ipsec(data, IPSEC_HYBRID_RSA);
 		break;
@@ -829,6 +863,7 @@ gboolean test_thread(GIOChannel *source, GIOCondition condition, gpointer data)
 	case 'f':
 		rv = test_create_ipsec(data, IPSEC_IKEV2_RSA);
 		break;
+#endif
 	default:
 		break;
 	}
-- 
2.34.1