mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
15 lines
762 B
Plaintext
15 lines
762 B
Plaintext
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
|
|
to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b>
|
|
with <b>Prime Order Subgroups</b>.
|
|
<p/>
|
|
<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas
|
|
<b>dave</b> proposes MODP_2048_224 and MODP_2048_256.
|
|
Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to
|
|
MODP_1024_160 and MODP_2048_256, respectively.
|
|
<p/>
|
|
Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
|
|
automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
|
|
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
|
|
the client <b>alice</b> behind the gateway <b>moon</b>.
|
|
|