- import of strongswan-2.7.0

- applied patch for charon

1 files changed, 13 insertions, 0 deletions

diff --git a/testing/tests/protoport-pass/description.txt b/testing/tests/protoport-pass/description.txt
new file mode 100644
index 000000000..63744fa47
--- /dev/null
+++ b/testing/tests/protoport-pass/description.txt
@@ -0,0 +1,13 @@
+The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
+Using the <b>left|rightprotoport</b> selectors, the IPsec tunnel is
+restricted to the ICMP protocol. Upon the successful establishment of the
+IPsec tunnel, <b>firewall=yes</b> automatically inserts iptables-based
+firewall rules that let pass the tunneled ICMP traffic. In order to test
+both tunnel and firewall, <b>carol</b> pings the client <b>alice</b> behind
+the gateway <b>moon</b> as well as the inner interface of the gateway.
+For the latter ping <b>lefthostaccess=yes</b> is required.
+<p>
+By default, the native IPsec stack of the Linux 2.6 kernel transmits
+protocols and ports not covered by any IPsec SA in the clear. Thus by
+selectively opening the firewalls, <b>carol</b> sets up an SSH session to
+<b>alice</b> that is not going through the tunnel.