mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
760d7c9b4f
The network namespace scenario requires a kernel patch in 4.19 and 4.20 kernels (the fix is included in 5.0 kernels).
13 lines
508 B
Plaintext
13 lines
508 B
Plaintext
moon::iptables-restore < /etc/iptables.rules
|
|
sun::iptables-restore < /etc/iptables.rules
|
|
moon::/usr/local/libexec/ipsec/xfrmi -n xfrm-moon -i 42 -d eth0
|
|
moon::ip link set xfrm-moon up
|
|
moon::ip route add 10.2.0.0/16 dev xfrm-moon
|
|
moon::iptables -A FORWARD -i xfrm-moon -j ACCEPT
|
|
moon::iptables -A FORWARD -o xfrm-moon -j ACCEPT
|
|
moon::systemctl start strongswan-swanctl
|
|
sun::systemctl start strongswan-swanctl
|
|
moon::expect-connection gw-gw
|
|
sun::expect-connection gw-gw
|
|
moon::swanctl --initiate --child net-net
|