The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
containing <b>RFC 3779 IP address block constraints</b>. All three hosts set
<b>rightsubnet=::/0</b> thus allowing the peers to narrow down the address range to
their actual subnets or IP addresses. These unilaterally proposed traffic selectors
must be validated by corresponding IP address block constraints.
<p/>
Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
using the ping6 command.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / ipv6 / rw-rfc3779-ikev2