Annotation of embedaddon/strongswan/testing/tests/route-based/net2net-xfrmi-ike/description.txt, revision 1.1.1.1
1.1 misho 1: One connection with two CHILD_SAs between the hosts and subnet behind the
2: gateways <b>moon</b> and <b>sun</b>, respectively, are set up using XFRM
3: interfaces.
4: <p/>
5: The gateways use <b>route-based forwarding</b> with <b>XFRM interfaces</b>, with
6: firewall rules to allow traffic to pass. Both peers use connection-defined
7: interface IDs so all CHILD_SAs share the same XFRM interface. The IKE daemon
8: does not install routes for CHILD_SAs with outbound interface ID, so routes for
9: the target subnets are installed statically or via updown events.
10: <p/>
11: Both gateways use separate interfaces for in- and outbound traffic (which is
12: completely optional and mainly for testing purposes, a single interface will
13: usually be enough). Gateway <b>moon</b> creates them before initiating the
14: connection, while gateway <b>sun</b> dynamically creates the interfaces via
15: ike-updown event using the passed unique generated interface IDs.
16: <p/>
17: Clients <b>alice</b> and <b>venus</b> behind gateway <b>moon</b> ping client
18: <b>bob</b> located behind gateway <b>sun</b>.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / route-based / net2net-xfrmi-ike