Annotation of embedaddon/strongswan/testing/tests/libipsec/net2net-cert-ipv6/description.txt, revision 1.1
1.1 ! misho 1: A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> is set up.
! 2: The authentication is based on <b>X.509 certificates</b> and the <b>kernel-libipsec</b>
! 3: plugin is used for userland IPsec ESP encryption.
! 4: <p/>
! 5: Upon the successful establishment of the IPsec tunnel, an updown script automatically
! 6: inserts iptables-based firewall rules that let pass the traffic tunneled via the
! 7: <b>ipsec0</b> tun interface. In order to test both tunnel and firewall, client <b>alice</b>
! 8: behind gateway <b>moon</b> pings client <b>bob</b> located behind gateway <b>sun</b>.
! 9: <p/>
! 10: This scenario is mainly to test how fragmented IPv6 packets are handled (e.g. determining
! 11: the protocol via IPv6 extension headers). Three pings are required due to PMTUD, the first
! 12: is rejected by <b>moon</b>, so <b>alice</b> adjusts the MTU. The second gets through,
! 13: but the response is rejected by <b>sun</b>, so <b>bob</b> will adjust the MTU. The third
! 14: finally is successful.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / libipsec / net2net-cert-ipv6