testing/tests/ikev2/host2host-transport-connmark/description.txt

   1 An IPsec <b>transport-mode</b> connection between the natted host <b>alice</b>
   2 and gateway <b>sun</b> is successfully set up. The client <b>venus</b> behind
   3 the same NAT as client <b>alice</b> also establishes the same <b>transport-mode</b>
   4 connection. <b>sun</b> uses the connmark plugin and a <b>%unique</b> mark on
   5 the CHILD_SAs to select the correct return path SA using connection tracking.
   6 This allows <b>sun</b> to talk to both nodes for client initiated flows, even
   7 if the SAs are actually both over <b>moon</b>.<br/>
   8 To test the connection, both hosts establish an SSH connection to <b>sun</b>.