sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

Minor changes in swanctl scenarios

Browse Source
This commit is contained in:
Andreas Steffen 2014-06-18 14:35:36 +02:00
parent 927dff2366
commit 4402bae77d
7 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testing/tests/swanctl/ip-pool-db/description.txt
View File

@ -4,7 +4,7 @@ by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assi
addresses from a pool named <b>bigpool</b> that was created in an SQL database by the command
<b>ipsec pool --name bigpool --start 10.3.0.1 --end 10.3.3.232 --timeout 0</b>.
<p>
<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass the
The updown script automatically inserts iptables-based firewall rules that let pass the
tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping the client
<b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two pings will be the
virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.

2
testing/tests/swanctl/ip-pool/description.txt
View File

@ -4,7 +4,7 @@ by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assi
IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
increasing order.
<p>
<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
<b>The updown script automatically inserts iptables-based firewall rules that let pass
the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.

2
testing/tests/swanctl/net2net-cert/description.txt
View File

@ -1,6 +1,6 @@
A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
The authentication is based on <b>X.509 certificates</b>. Upon the successful
establishment of the IPsec tunnel, the updown scripts automatically
establishment of the IPsec tunnel, the updown script automatically
inserts iptables-based firewall rules that let pass the tunneled traffic.
In order to test both tunnel and firewall, client <b>alice</b> behind gateway <b>moon</b>
pings client <b>bob</b> located behind gateway <b>sun</b>.

1
testing/tests/swanctl/net2net-cert/hosts/moon/etc/swanctl/swanctl.conf
View File

@ -26,6 +26,7 @@ connections {
}
version = 2
mobike = no
reauth_time = 60m
rekey_time = 20m
proposals = aes128-sha256-modp2048

1
testing/tests/swanctl/net2net-cert/hosts/sun/etc/swanctl/swanctl.conf
View File

@ -26,6 +26,7 @@ connections {
}
version = 2
mobike = no
reauth_time = 60m
rekey_time = 20m
proposals = aes128-sha256-modp2048

2
testing/tests/swanctl/rw-cert/description.txt
View File

@ -1,6 +1,6 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>.
Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
Upon the successful establishment of the IPsec tunnels, the updown script
automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
the client <b>alice</b> behind the gateway <b>moon</b>.

3
testing/tests/swanctl/rw-psk-fqdn/hosts/carol/etc/swanctl/swanctl.conf
View File

@ -34,7 +34,8 @@ secrets {
ike-moon {
id = moon.strongswan.org
secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
# hex value equal to base64 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
secret = 0x16964066a10de938bdb2ab7864fe4459cab1
}
}