mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-06 00:00:47 -04:00
12 lines
803 B
Plaintext
12 lines
803 B
Plaintext
A tunnel that will connect the subnets behind the gateways <b>moon</b>
|
|
and <b>sun</b>, respectively, is preconfigured by installing a trap policy
|
|
on gateway <b>moon</b> by means of the setting <b>start_action = trap</b> in swanctl.conf.
|
|
A subsequent ping issued by client <b>alice</b> behind gateway <b>moon</b> to
|
|
<b>bob</b> located behind gateway <b>sun</b> triggers an acquire and
|
|
leads to the automatic establishment of the subnet-to-subnet tunnel.
|
|
<p/>
|
|
Upon the successful establishment of the IPsec tunnel, an updown script automatically
|
|
inserts iptables-based firewall rules that let pass the traffic tunneled via the
|
|
<b>ipsec0</b> tun interface. In order to test both tunnel and firewall, client <b>alice</b>
|
|
behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
|