From fc1629639128f2955d47e7ec4567957e2102695e Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 22 Jun 2012 09:53:25 +0200 Subject: adapted description to IKEv2 --- testing/tests/ikev2/dynamic-initiator/description.txt | 2 +- testing/tests/ikev2/dynamic-responder/description.txt | 2 +- testing/tests/ikev2/dynamic-two-peers/description.txt | 7 +++---- 3 files changed, 5 insertions(+), 6 deletions(-) (limited to 'testing') diff --git a/testing/tests/ikev2/dynamic-initiator/description.txt b/testing/tests/ikev2/dynamic-initiator/description.txt index 319ed631d..e74ee1569 100644 --- a/testing/tests/ikev2/dynamic-initiator/description.txt +++ b/testing/tests/ikev2/dynamic-initiator/description.txt @@ -2,7 +2,7 @@ The peers carol and moon both have dynamic IP addresses, so that t is defined symbolically by right=<hostname>. The ipsec starter resolves the fully-qualified hostname into the current IP address via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are expected to change over time, the option -rightallowany=yes will allow an IKE main mode rekeying to arrive from an arbitrary +rightallowany=yes will allow an IKE_SA rekeying to arrive from an arbitrary IP address under the condition that the peer identity remains unchanged. When this happens the old tunnel is replaced by an IPsec connection to the new origin.

diff --git a/testing/tests/ikev2/dynamic-responder/description.txt b/testing/tests/ikev2/dynamic-responder/description.txt index 76471a973..881d3324c 100644 --- a/testing/tests/ikev2/dynamic-responder/description.txt +++ b/testing/tests/ikev2/dynamic-responder/description.txt @@ -2,7 +2,7 @@ The peers carol and moon both have dynamic IP addresses, so that t is defined symbolically by right=<hostname>. The ipsec starter resolves the fully-qualified hostname into the current IP address via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are expected to change over time, the option -rightallowany=yes will allow an IKE main mode rekeying to arrive from an arbitrary +rightallowany=yes will allow an IKE_SA rekeying to arrive from an arbitrary IP address under the condition that the peer identity remains unchanged. When this happens the old tunnel is replaced by an IPsec connection to the new origin.

diff --git a/testing/tests/ikev2/dynamic-two-peers/description.txt b/testing/tests/ikev2/dynamic-two-peers/description.txt index 56a1c0754..a1616011e 100644 --- a/testing/tests/ikev2/dynamic-two-peers/description.txt +++ b/testing/tests/ikev2/dynamic-two-peers/description.txt @@ -3,10 +3,9 @@ so that the remote end is defined symbolically by right=%<hostname> The ipsec starter resolves the fully-qualified hostname into the current IP address via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are expected to change over time, the prefix '%' is used as an implicit alternative to the -explicit rightallowany=yes option which will allow an IKE -main mode rekeying to arrive from an arbitrary IP address under the condition that -the peer identity remains unchanged. When this happens the old tunnel is replaced -by an IPsec connection to the new origin. +explicit rightallowany=yes option which will allow an IKE_SA rekeying to arrive +from an arbitrary IP address under the condition that the peer identity remains unchanged. +When this happens the old tunnel is replaced by an IPsec connection to the new origin.

In this scenario both carol and dave initiate a tunnel to moon which has a named connection definition for each peer. Although -- cgit v1.2.3