Add a road-warrior test case requesting both an IPv4 and an IPv6 virtual address
This commit is contained in:
parent
7ee37114c9
commit
56ea95195a
|
@ -0,0 +1,5 @@
|
|||
The host <b>carol</b> sets up a tunnel connection to gateway <b>moon</b>. It requests
|
||||
both an IPv4 and an IPv6 <b>virtual IP</b> via the IKEv2 configuration payload by using
|
||||
<b>leftsourceip=%config4,%config6</b>. Gateway <b>moon</b> assigns virtual IPs addresses
|
||||
from two in-memory pools using the <b>rightsourceip</b> option. The established tunnel
|
||||
carries both IPv4 and IPv6 in an IPv4 encapsulated tunnel.
|
|
@ -0,0 +1,9 @@
|
|||
carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
|
||||
carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
|
||||
moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
|
||||
carol::cat /var/log/daemon.log::installing new virtual IP 10.3.0.1::YES
|
||||
carol::cat /var/log/daemon.log::installing new virtual IP fec3:\:1::YES
|
||||
carol::cat /var/log/daemon.log::TS 10.3.0.1/32 fec3:\:1/128 === 10.1.0.0/16 fec1:\:/16::YES
|
||||
carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
|
||||
carol::ping6 -c 1 ip6-alice.strongswan.org::64 bytes from ip6-alice.strongswan.org: icmp_seq=1::YES
|
|
@ -0,0 +1,20 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
|
||||
conn home
|
||||
left=PH_IP_CAROL
|
||||
leftsourceip=%config4,%config6
|
||||
leftcert=carolCert.pem
|
||||
leftid=carol@strongswan.org
|
||||
right=PH_IP_MOON
|
||||
rightid=@moon.strongswan.org
|
||||
rightsubnet=0.0.0.0/0,::/0
|
||||
auto=add
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
config setup
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
|
||||
conn rw
|
||||
left=PH_IP_MOON
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftsubnet=10.1.0.0/16,fec1::0/16
|
||||
rightsourceip=10.3.0.0/28,fec3::/120
|
||||
right=%any
|
||||
auto=add
|
|
@ -0,0 +1,5 @@
|
|||
# /etc/strongswan.conf - strongSwan configuration file
|
||||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
alice::ip -6 route del default via fec1:\:1
|
||||
carol::ipsec stop
|
||||
moon::echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
|
||||
moon::ipsec stop
|
||||
moon::conntrack -F
|
|
@ -0,0 +1,6 @@
|
|||
alice::ip -6 route add default via fec1:\:1
|
||||
moon::echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
|
||||
moon::ipsec start
|
||||
carol::ipsec start
|
||||
carol::sleep 2
|
||||
carol::ipsec up home
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# This configuration file provides information on the
|
||||
# UML instances used for this test
|
||||
|
||||
# All UML instances that are required for this test
|
||||
#
|
||||
UMLHOSTS="alice moon carol winnetou"
|
||||
|
||||
# Corresponding block diagram
|
||||
#
|
||||
DIAGRAM="a-m-c.png"
|
||||
|
||||
# UML instances on which tcpdump is to be started
|
||||
#
|
||||
TCPDUMPHOSTS="carol"
|
||||
|
||||
# UML instances on which IPsec is started
|
||||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon carol"
|
Loading…
Reference in New Issue