From: Andreas Steffen Date: Fri, 22 Jun 2012 07:53:25 +0000 (+0200) Subject: adapted description to IKEv2 X-Git-Tag: 5.0.0~84 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc1629639128f2955d47e7ec4567957e2102695e;p=thirdparty%2Fstrongswan.git adapted description to IKEv2 --- diff --git a/testing/tests/ikev2/dynamic-initiator/description.txt b/testing/tests/ikev2/dynamic-initiator/description.txt index 319ed631d1..e74ee15695 100644 --- a/testing/tests/ikev2/dynamic-initiator/description.txt +++ b/testing/tests/ikev2/dynamic-initiator/description.txt @@ -2,7 +2,7 @@ The peers carol and moon both have dynamic IP addresses, so that t is defined symbolically by right=<hostname>. The ipsec starter resolves the fully-qualified hostname into the current IP address via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are expected to change over time, the option -rightallowany=yes will allow an IKE main mode rekeying to arrive from an arbitrary +rightallowany=yes will allow an IKE_SA rekeying to arrive from an arbitrary IP address under the condition that the peer identity remains unchanged. When this happens the old tunnel is replaced by an IPsec connection to the new origin.

diff --git a/testing/tests/ikev2/dynamic-responder/description.txt b/testing/tests/ikev2/dynamic-responder/description.txt index 76471a9733..881d3324c9 100644 --- a/testing/tests/ikev2/dynamic-responder/description.txt +++ b/testing/tests/ikev2/dynamic-responder/description.txt @@ -2,7 +2,7 @@ The peers carol and moon both have dynamic IP addresses, so that t is defined symbolically by right=<hostname>. The ipsec starter resolves the fully-qualified hostname into the current IP address via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are expected to change over time, the option -rightallowany=yes will allow an IKE main mode rekeying to arrive from an arbitrary +rightallowany=yes will allow an IKE_SA rekeying to arrive from an arbitrary IP address under the condition that the peer identity remains unchanged. When this happens the old tunnel is replaced by an IPsec connection to the new origin.

diff --git a/testing/tests/ikev2/dynamic-two-peers/description.txt b/testing/tests/ikev2/dynamic-two-peers/description.txt index 56a1c07548..a1616011e5 100644 --- a/testing/tests/ikev2/dynamic-two-peers/description.txt +++ b/testing/tests/ikev2/dynamic-two-peers/description.txt @@ -3,10 +3,9 @@ so that the remote end is defined symbolically by right=%<hostname> The ipsec starter resolves the fully-qualified hostname into the current IP address via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are expected to change over time, the prefix '%' is used as an implicit alternative to the -explicit rightallowany=yes option which will allow an IKE -main mode rekeying to arrive from an arbitrary IP address under the condition that -the peer identity remains unchanged. When this happens the old tunnel is replaced -by an IPsec connection to the new origin. +explicit rightallowany=yes option which will allow an IKE_SA rekeying to arrive +from an arbitrary IP address under the condition that the peer identity remains unchanged. +When this happens the old tunnel is replaced by an IPsec connection to the new origin.

In this scenario both carol and dave initiate a tunnel to moon which has a named connection definition for each peer. Although