Annotation of embedaddon/strongswan/testing/tests/ikev1/dynamic-responder/description.txt, revision 1.1
1.1 ! misho 1: The peers <b>carol</b> and <b>moon</b> both have dynamic IP addresses, so that the remote end
! 2: is defined symbolically by <b>right=<hostname></b>. The ipsec starter resolves the
! 3: fully-qualified hostname into the current IP address via a DNS lookup (simulated by an
! 4: /etc/hosts entry). Since the peer IP addresses are expected to change over time, the option
! 5: <b>rightallowany=yes</b> will allow an IKE main mode rekeying to arrive from an arbitrary
! 6: IP address under the condition that the peer identity remains unchanged. When this happens
! 7: the old tunnel is replaced by an IPsec connection to the new origin.
! 8: <p>
! 9: In this scenario <b>moon</b> first initiates a tunnel to <b>carol</b>. After some time
! 10: the responder <b>carol</b> suddenly changes her IP address and restarts the connection to
! 11: <b>moon</b> without deleting the old tunnel first (simulated by iptables blocking IKE packets
! 12: to and from <b>carol</b> and starting the connection from host <b>dave</b> using
! 13: <b>carol</b>'s identity).
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / ikev1 / dynamic-responder