Return to description.txt CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / route-based / net2net-xfrmi |
1.1 misho 1: A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b> 2: is set up using XFRM interfaces. 3: <p/> 4: The gateways use <b>route-based forwarding</b> with <b>XFRM interfaces</b>, with 5: firewall rules to allow traffic to pass. The IPsec traffic selector used is 6: 0.0.0.0/0, however, specific routing is achieved with routes on the XFRM 7: interfaces. The IKE daemon does not install routes for CHILD_SAs with outbound 8: interface ID, so static routes are installed for the target subnets. 9: <p/> 10: Both gateways use separate interfaces for in- and outbound traffic (which is 11: completely optional and mainly for testing purposes, a single interface will 12: usually be enough). Gateway <b>moon</b> creates them before initiating the 13: connection, while gateway <b>sun</b> dynamically creates the interfaces via 14: updown script using the passed unique generated interface IDs. 15: <p/> 16: Client <b>alice</b> behind gateway <b>moon</b> pings client <b>bob</b> located 17: behind gateway <b>sun</b>.