-A connection between the hosts <b>moon</b> and <b>sun</b> is set up using IPsec transport mode.
-The authentication is based on X.509 certificates.
-In order to test the host-to-host tunnel <b>moon</b> pings <b>sun</b>.
+An IPsec <b>transport-mode</b> connection between the hosts <b>moon</b> and <b>sun</b> is
+successfully set up. <b>leftfirewall=yes</b> automatically inserts iptables-based firewall
+rules that let pass the decrypted IP packets. In order to test the host-to-host connection
+<b>moon</b> pings <b>sun</b>.
-moon::ipsec statusall::host-host.*TRANSPORT::YES
-sun::ipsec statusall::host-host.*TRANSPORT::YES
+moon::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
+sun::ipsec status::host-host.*INSTALLED.*TRANSPORT::YES
moon::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
leftnexthop=%direct
leftcert=moonCert.pem
leftid=@moon.strongswan.org
+ leftfirewall=yes
right=PH_IP_SUN
rightid=@sun.strongswan.org
type=transport
leftnexthop=%direct
leftcert=sunCert.pem
leftid=@sun.strongswan.org
+ leftfirewall=yes
right=PH_IP_MOON
rightid=@moon.strongswan.org
type=transport
+moon::iptables -v -n -L
+sun::iptables -v -n -L
moon::ipsec stop
sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
moon::ipsec start
sun::ipsec start
-moon::sleep 1
+moon::sleep 2
moon::ipsec up host-host
# All UML instances that are required for this test
#
UMLHOSTS="moon winnetou sun"
-
+
# Corresponding block diagram
#
DIAGRAM="m-w-s.png"
-
+
# UML instances on which tcpdump is to be started
#
TCPDUMPHOSTS="sun"
projects / thirdparty / strongswan.git / commitdiff
