sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
strongswan/testing/tests/ipv6/rw-rfc3779-ikev2/description.txt
Andreas Steffen 7c697964d3 added three RFC 3779 scenarios
2009-12-25 11:20:59 +01:00

13 lines
832 B
Plaintext
Raw Blame History

The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
containing <b>RFC 3779 IP address block constraints</b>. All three hosts set
<b>rightsubnet=::/0</b> thus allowing the peers to narrow down the address range to
their actual subnets or IP addresses. These unilaterally proposed traffic selectors
must be validated by corresponding IP address block constraints.
<p/>
Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
using the ping6 command.
Reference in New Issue View Git Blame Copy Permalink