projects / thirdparty / strongswan.git / blame
| Commit | Line | Data |
|---|---|---|
| 5aab3759 | 1 | The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>openssl</b> |
| 1cab8ed5 | 2 | plugin based on the <b>OpenSSL</b> library for all cryptographical and X.509 |
| bd371cca | 3 | certificate functions whereas roadwarrior <b>dave</b> uses the default <b>strongSwan</b> |
| 1cab8ed5 | 4 | cryptographical plugins <b>aes des sha1 sha2 hmac gmp x509</b> plus the <b>openssl</b> |
| bd371cca | 5 | plugin for the Elliptic Curve Diffie-Hellman groups only. |
| 5aab3759 | 6 | <p> |
| 1cab8ed5 | 7 | The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each |
| 5aab3759 AS |
8 | to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>. |
| 9 | <b>carol</b> proposes the DH groups ECP_192 and ECP_224 whereas <b>dave</b> proposes | |
| 10 | ECP_192 and ECP_256. Since <b>moon</b> does not support ECP_192 the roadwarriors | |
| 11 | fall back to ECP_224 and ECP_256, respectively. | |
| 12 | <p> | |
| 1cab8ed5 AS |
13 | Upon the successful establishment of the IPsec tunnels, the updown script automatically |
| 14 | inserts iptables-based firewall rules that let pass the tunneled traffic. | |
| 5aab3759 AS |
15 | In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping |
| 16 | the client <b>alice</b> behind the gateway <b>moon</b>. | |
| 17 |