diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-09-18 07:41:54 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2006-09-18 07:41:54 +0000 |
| commit | 957115957a805c62f80d08ef61760195b1bff37a (patch) | |
| tree | 5ac362ecb824fd1791f77e85a6fb9ada712d3bc2 /testing/tests/ikev2/net2net-start | |
| parent | f9aa9e2977b4415251ac011d202b4830af442134 (diff) | |
| download | strongswan-957115957a805c62f80d08ef61760195b1bff37a.tar.bz2 strongswan-957115957a805c62f80d08ef61760195b1bff37a.tar.xz | |
enabled firewall support
Diffstat (limited to 'testing/tests/ikev2/net2net-start')
5 files changed, 13 insertions, 4 deletions
diff --git a/testing/tests/ikev2/net2net-start/description.txt b/testing/tests/ikev2/net2net-start/description.txt index b2b897cb4..f5320685e 100644 --- a/testing/tests/ikev2/net2net-start/description.txt +++ b/testing/tests/ikev2/net2net-start/description.txt @@ -3,3 +3,6 @@ respectively, is automatically established by means of the setting <b>auto=start</b> in ipsec.conf. The connection is tested by client <b>alice</b> behind gateway <b>moon</b> pinging the client <b>bob</b> located behind gateway <b>sun</b>. +<p> +<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules +that let pass the tunneled traffic. diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf index 66c77fdfe..a96cde351 100755 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf @@ -9,12 +9,12 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 - leftnexthop=%direct keyexchange=ikev2 conn net-net left=PH_IP_MOON leftsubnet=10.1.0.0/16 + leftnexthop=%direct leftcert=moonCert.pem leftid=@moon.strongswan.org leftfirewall=yes diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf index 32697a87a..ec127a487 100755 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf @@ -9,14 +9,16 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn net-net left=PH_IP_SUN leftcert=sunCert.pem leftid=@sun.strongswan.org leftsubnet=10.2.0.0/16 + leftnexthop=%direct + leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org rightsubnet=10.1.0.0/16 - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/net2net-start/posttest.dat b/testing/tests/ikev2/net2net-start/posttest.dat index dff181797..52979508d 100644 --- a/testing/tests/ikev2/net2net-start/posttest.dat +++ b/testing/tests/ikev2/net2net-start/posttest.dat @@ -1,2 +1,6 @@ +moon::iptables -v -n -L +sun::iptables -v -n -L moon::ipsec stop sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/net2net-start/pretest.dat b/testing/tests/ikev2/net2net-start/pretest.dat index 334465b8f..6e41d5245 100644 --- a/testing/tests/ikev2/net2net-start/pretest.dat +++ b/testing/tests/ikev2/net2net-start/pretest.dat @@ -1,5 +1,5 @@ -moon::echo 1 > /proc/sys/net/ipv4/ip_forward -sun::echo 1 > /proc/sys/net/ipv4/ip_forward +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null sun::ipsec start sun::sleep 2 moon::ipsec start |