From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 9 Jul 2010 07:35:02 +0000 (+0200)
Subject: some changes to the ikev2/nat-two-rw-mark scenario
X-Git-Tag: 4.4.1~100
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bcf608c848923ab7e292941beca6dc69c5ff2634;p=thirdparty%2Fstrongswan.git

some changes to the ikev2/nat-two-rw-mark scenario
---

diff --git a/testing/tests/ikev2/nat-two-rw-mark/description.txt b/testing/tests/ikev2/nat-two-rw-mark/description.txt
index 7e844a5335..4b9f43404d 100644
--- a/testing/tests/ikev2/nat-two-rw-mark/description.txt
+++ b/testing/tests/ikev2/nat-two-rw-mark/description.txt
@@ -5,8 +5,10 @@ after ESP decryption to map these subnets to 10.3.0.10 and 10.3.0.20, respective
 <p/>
 In order to differentiate between the tunnels to <b>alice</b> and <b>venus</b>, respectively,
 <b>XFRM marks</b> are defined for both the inbound and outbound IPsec SAs and policies using
-the <b>mark=</b> ipsec.conf parameter. <b>iptables -t mangle</b> rules are then used in the PREROUTING
-chain to mark the traffic to and from <b>alice</b> and <b>venus</b>, respectively.
+the <b>mark</b> parameter in ipsec.conf.
+<p/>
+<b>iptables -t mangle</b> rules are then used in the PREROUTING chain to mark the traffic to
+and from <b>alice</b> and <b>venus</b>, respectively.
 <p/>
 <b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
 the tunneled traffic. In order to test the tunnel, the NAT-ed hosts <b>alice</b> and <b>venus</b>
diff --git a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat b/testing/tests/ikev2/nat-two-rw-mark/posttest.dat
index 205f644a77..df49eb777f 100644
--- a/testing/tests/ikev2/nat-two-rw-mark/posttest.dat
+++ b/testing/tests/ikev2/nat-two-rw-mark/posttest.dat
@@ -6,6 +6,4 @@ venus::/etc/init.d/iptables stop 2> /dev/null
 sun::/etc/init.d/iptables stop 2> /dev/null
 moon::iptables -t nat -F
 moon::conntrack -F
-sun::iptables -t mangle -F
-sun::iptables -t nat -F
 sun::conntrack -F