mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
7c5a2974b9
For documentation purposes the new folders ikev1-algs, ikev2-algs, ikev1-multi-ca and ikev2-multi-ca have been created. Most of the test cases have now been converted to the vici interface. The remaining legacy stroke scenarios yet to be converted have been put into the ikev2-stroke-bye folder. For documentation purposes some legacy stroke scenarios will be kept in the ikev1-stroke, ikev2-stroke and ipv6-stroke folders.
12 lines
728 B
Plaintext
12 lines
728 B
Plaintext
The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
|
|
<b>venus</b> by means of two different Intermediate CAs. Access to
|
|
<b>alice</b> is granted to users presenting a certificate issued by the Research CA
|
|
whereas <b>venus</b> can only be reached with a certificate issued by the
|
|
Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from
|
|
the Research CA and Sales CA, respectively. Therefore <b>carol</b> can access
|
|
<b>alice</b> and <b>dave</b> can reach <b>venus</b>.
|
|
<p>
|
|
By setting <b>revocation = strict</b> the CRLs from the strongSwan, Research and
|
|
Sales CAs must be fetched from the LDAP server <b>winnetou</b> first, before the
|
|
connection setups can be successfully completed.
|