ipv6-host2host scenario added
This commit is contained in:
parent
fc0afb6810
commit
71c80765a5
|
@ -0,0 +1,3 @@
|
|||
An IPv6 ESP connection between the hosts <b>moon</b> and <b>sun</b> is successfully set up.
|
||||
The authentication is based on X.509 certificates. In order to test the host-to-host tunnel
|
||||
<b>moon</b> sends an IPv6 ICMP request to <b>sun</b> using the ping6 command.
|
|
@ -0,0 +1,5 @@
|
|||
moon::ipsec status::host-host.*STATE_QUICK_I2.*IPsec SA established::YES
|
||||
sun::ipsec status::host-host.*STATE_QUICK_R2.*IPsec SA established::YES
|
||||
moon::ping6 -c 1 ip6-sun.strongswan.org::64 bytes from ip6-sun.strongswan.org: icmp_seq=1::YES
|
||||
sun::tcpdump::00:01 >.*00:02, ethertype IPv6.*length 194::YES
|
||||
sun::tcpdump::00:02 >.*00:01, ethertype IPv6.*length 194::YES
|
|
@ -0,0 +1,33 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
version 2.0 # conforms to second version of ipsec.conf specification
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
|
||||
conn net-net
|
||||
also=host-host
|
||||
leftsubnet=fec1::0/16
|
||||
rightsubnet=fec2::0/16
|
||||
|
||||
conn host-host
|
||||
left=PH_IP6_MOON
|
||||
leftnexthop=0::0
|
||||
leftcert=moonCert.pem
|
||||
leftid=@moon.strongswan.org
|
||||
leftfirewall=yes
|
||||
right=PH_IP6_SUN
|
||||
rightnexthop=0::0
|
||||
rightid=@sun.strongswan.org
|
||||
#keyexchange=ikev2
|
||||
auto=add
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
# /etc/ipsec.conf - strongSwan IPsec configuration file
|
||||
|
||||
version 2.0 # conforms to second version of ipsec.conf specification
|
||||
|
||||
config setup
|
||||
plutodebug=control
|
||||
crlcheckinterval=180
|
||||
strictcrlpolicy=no
|
||||
charonstart=no
|
||||
|
||||
conn %default
|
||||
ikelifetime=60m
|
||||
keylife=20m
|
||||
rekeymargin=3m
|
||||
keyingtries=1
|
||||
|
||||
conn net-net
|
||||
also=host-host
|
||||
leftsubnet=fec2::0/16
|
||||
rightsubnet=fec1::0/16
|
||||
|
||||
conn host-host
|
||||
left=PH_IP6_SUN
|
||||
leftnexthop=0::0
|
||||
leftcert=sunCert.pem
|
||||
leftid=@sun.strongswan.org
|
||||
leftfirewall=yes
|
||||
right=PH_IP6_MOON
|
||||
rightnexthop=0::0
|
||||
rightid=@moon.strongswan.org
|
||||
auto=add
|
|
@ -0,0 +1,2 @@
|
|||
moon::ipsec stop
|
||||
sun::ipsec stop
|
|
@ -0,0 +1,4 @@
|
|||
moon::ipsec start
|
||||
sun::ipsec start
|
||||
moon::sleep 2
|
||||
moon::ipsec up host-host
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# This configuration file provides information on the
|
||||
# UML instances used for this test
|
||||
|
||||
# All UML instances that are required for this test
|
||||
#
|
||||
UMLHOSTS="moon winnetou sun"
|
||||
|
||||
# Corresponding block diagram
|
||||
#
|
||||
DIAGRAM="m-w-s.png"
|
||||
|
||||
# UML instances on which tcpdump is to be started
|
||||
#
|
||||
TCPDUMPHOSTS="sun"
|
||||
|
||||
# UML instances on which IPsec is started
|
||||
# Used for IPsec logging purposes
|
||||
#
|
||||
IPSECHOSTS="moon sun"
|
Loading…
Reference in New Issue