ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

adapted description to IKEv2

This commit is contained in:
Andreas Steffen 2012-06-22 09:53:25 +02:00
parent aa8898bc45
commit fc16296391
3 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testing/tests/ikev2/dynamic-initiator/description.txt
View File

@ -2,7 +2,7 @@ The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that t
is defined symbolically by <b>right=&lt;hostname&gt;</b>. The ipsec starter resolves the
fully-qualified hostname into the current IP address via a DNS lookup (simulated by an
/etc/hosts entry). Since the peer IP addresses are expected to change over time, the option
<b>rightallowany=yes</b> will allow an IKE main mode rekeying to arrive from an arbitrary
<b>rightallowany=yes</b> will allow an IKE_SA rekeying to arrive from an arbitrary
IP address under the condition that the peer identity remains unchanged. When this happens
the old tunnel is replaced by an IPsec connection to the new origin.
<p>

2
testing/tests/ikev2/dynamic-responder/description.txt
View File

@ -2,7 +2,7 @@ The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that t
is defined symbolically by <b>right=&lt;hostname&gt;</b>. The ipsec starter resolves the
fully-qualified hostname into the current IP address via a DNS lookup (simulated by an
/etc/hosts entry). Since the peer IP addresses are expected to change over time, the option
<b>rightallowany=yes</b> will allow an IKE main mode rekeying to arrive from an arbitrary
<b>rightallowany=yes</b> will allow an IKE_SA rekeying to arrive from an arbitrary
IP address under the condition that the peer identity remains unchanged. When this happens
the old tunnel is replaced by an IPsec connection to the new origin.
<p>

7
testing/tests/ikev2/dynamic-two-peers/description.txt
View File

@ -3,10 +3,9 @@ so that the remote end is defined symbolically by <b>right=%&lt;hostname&gt;</b>
The ipsec starter resolves the fully-qualified hostname into the current IP address
via a DNS lookup (simulated by an /etc/hosts entry). Since the peer IP addresses are
expected to change over time, the prefix '%' is used as an implicit alternative to the
explicit <b>rightallowany=yes</b> option which will allow an IKE
main mode rekeying to arrive from an arbitrary IP address under the condition that
the peer identity remains unchanged. When this happens the old tunnel is replaced
by an IPsec connection to the new origin.
explicit <b>rightallowany=yes</b> option which will allow an IKE_SA rekeying to arrive
from an arbitrary IP address under the condition that the peer identity remains unchanged.
When this happens the old tunnel is replaced by an IPsec connection to the new origin.
<p>
In this scenario both <b>carol</b> and <b>dave</b> initiate a tunnel to
<b>moon</b> which has a named connection definition for each peer. Although