An IPv6 ESP tunnel connection between the gateways <b>moon</b> and <b>sun</b> is
successfully set up. It connects the two subnets hiding behind their respective
gateways. The authentication is based on <b>X.509 certificates</b> containing
<b>RFC 3779 IP address block constraints</b>. Both <b>moon</b> and <b>sun</b> set
<b>rightsubnet=::/0</b> thus allowing the peers to narrow down the address range
to their actual subnets <b>fec1::/16</b> and <b>fec2::/16</b>, respectively.
These unilaterally proposed traffic selectors must be validated by corresponding
IP address block constraints.
<p/>
Upon the successful establishment of the IPsec tunnel, automatically inserted
ip6tables-based firewall rules let pass the tunneled traffic. In order to test
both the net-to-net tunnel and the firewall rules, client <b>alice</b> behind
<b>moon</b> sends an IPv6 ICMP request to client <b>bob</b> behind <b>sun</b>
using the ping6 command.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / ipv6 / net2net-rfc3779-ikev2