diff options
Diffstat (limited to 'testing/tests/ikev2/host2host-cert')
5 files changed, 12 insertions, 3 deletions
diff --git a/testing/tests/ikev2/host2host-cert/description.txt b/testing/tests/ikev2/host2host-cert/description.txt index 547fba754..6be21bf8f 100644 --- a/testing/tests/ikev2/host2host-cert/description.txt +++ b/testing/tests/ikev2/host2host-cert/description.txt @@ -1,3 +1,4 @@ A connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up. -The authentication is based on X.509 certificates. +The authentication is based on X.509 certificates. <b>leftfirewall=yes</b> automatically +inserts iptables-based firewall rules that let pass the tunneled traffic. In order to test the host-to-host tunnel <b>moon</b> pings <b>sun</b>. diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf index e15faa133..5ace1ba64 100755 --- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf @@ -9,13 +9,14 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn host-host left=PH_IP_MOON leftnexthop=%direct leftcert=moonCert.pem leftid=@moon.strongswan.org + leftfirewall=yes right=PH_IP_SUN rightid=@sun.strongswan.org - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf index 311aa00ef..d127fda46 100755 --- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf @@ -9,13 +9,14 @@ conn %default keylife=20m rekeymargin=3m keyingtries=1 + keyexchange=ikev2 conn host-host left=PH_IP_SUN leftnexthop=%direct leftcert=sunCert.pem leftid=@sun.strongswan.org + leftfirewall=yes right=PH_IP_MOON rightid=@moon.strongswan.org - keyexchange=ikev2 auto=add diff --git a/testing/tests/ikev2/host2host-cert/posttest.dat b/testing/tests/ikev2/host2host-cert/posttest.dat index dff181797..52979508d 100644 --- a/testing/tests/ikev2/host2host-cert/posttest.dat +++ b/testing/tests/ikev2/host2host-cert/posttest.dat @@ -1,2 +1,6 @@ +moon::iptables -v -n -L +sun::iptables -v -n -L moon::ipsec stop sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/host2host-cert/pretest.dat b/testing/tests/ikev2/host2host-cert/pretest.dat index 3cf9fe3d2..52a519698 100644 --- a/testing/tests/ikev2/host2host-cert/pretest.dat +++ b/testing/tests/ikev2/host2host-cert/pretest.dat @@ -1,3 +1,5 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null moon::ipsec start sun::ipsec start moon::sleep 1 |