mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-06 00:00:47 -04:00
7c5a2974b9
For documentation purposes the new folders ikev1-algs, ikev2-algs, ikev1-multi-ca and ikev2-multi-ca have been created. Most of the test cases have now been converted to the vici interface. The remaining legacy stroke scenarios yet to be converted have been put into the ikev2-stroke-bye folder. For documentation purposes some legacy stroke scenarios will be kept in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
13 lines
780 B
Plaintext
Executable File
13 lines
780 B
Plaintext
Executable File
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
|
|
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
|
|
and includes a <b>Postquantum Preshared Key (PPK)</b> that's also mixed into the
|
|
derived key material. The PPK_ID used by <b>dave</b> is unknown to <b>moon</b>
|
|
but since both peers don't enforce the use of a PPK they fall back to regular
|
|
authentication by use of the authentication data provided in the NO_PPK_AUTH
|
|
notify.
|
|
<p/>
|
|
Upon the successful establishment of the IPsec tunnels, the updown script
|
|
automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
|
|
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
|
|
the client <b>alice</b> behind the gateway <b>moon</b>.
|