sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-12-15 00:00:26 -05:00
Code Issues Projects Releases Wiki Activity

adapted ikev2/ip-pool-wish scenario to the new stroke ip pool function

Browse Source
This commit is contained in:
Andreas Steffen 2009-01-08 21:41:07 +00:00
parent 01a8b40b99
commit 6c8c268009
5 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
testing/tests/ikev2/ip-pool-wish/description.txt
View File

@ -1,8 +1,8 @@
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
Both <b>carol</b> and <b>dave</b> request the same <b>virtual IP</b> via the IKEv2
configuration payload by using the <b>leftsourceip=PH_IP_DAVE1</b> parameter. On a first-come,
first-served basis, <b>dave</b> gets <b>PH_IP_DAVE1</b> from the simple address pool managed
by gateway <b>moon</b> and <b>carol</b> gets the first free address <b>PH_IP_CAROL1</b>
configuration payload by using the <b>leftsourceip=PH_IP_CAROL1</b> parameter. On a first-come,
first-served basis, <b>carol</b> gets <b>PH_IP_CAROL1</b> from the simple address pool managed
by gateway <b>moon</b> and <b>dave</b> gets the next free address <b>PH_IP_DAVE1</b>
from the pool.
<p>
<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass

2
testing/tests/ikev2/ip-pool-wish/evaltest.dat
View File

@ -9,7 +9,7 @@ dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
dave::ipsec status::home.*INSTALLED::YES
dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::cat /var/log/daemon.log::adding virtual IP address pool::YES
moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_DAVE1::YES
moon::cat /var/log/daemon.log::peer requested virtual IP PH_IP_CAROL1::YES
moon::cat /var/log/daemon.log::assigning virtual IP::YES
moon::ipsec status::rw.*ESTABLISHED.*carol@strongswan.org::YES
moon::ipsec status::rw.*ESTABLISHED.*dave@strongswan.org::YES

2
testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/ipsec.conf
View File

@ -14,7 +14,7 @@ conn %default
conn home
left=PH_IP_CAROL
leftsourceip=PH_IP_DAVE1
leftsourceip=PH_IP_CAROL1
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftfirewall=yes

2
testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/ipsec.conf
View File

@ -14,7 +14,7 @@ conn %default
conn home
left=PH_IP_DAVE
leftsourceip=PH_IP_DAVE1
leftsourceip=PH_IP_CAROL1
leftcert=daveCert.pem
leftid=dave@strongswan.org
leftfirewall=yes

6
testing/tests/ikev2/ip-pool-wish/pretest.dat
View File

@ -1,10 +1,10 @@
moon::/etc/init.d/iptables start 2> /dev/null
carol::/etc/init.d/iptables start 2> /dev/null
dave::/etc/init.d/iptables start 2> /dev/null
dave::ipsec start
carol::ipsec start
dave::ipsec start
moon::ipsec start
dave::sleep 2
dave::ipsec up home
carol::sleep 2
carol::ipsec up home
dave::ipsec up home
dave::sleep 1