File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / swanctl / rw-psk-ppk / description.txt
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:48 2020 UTC (4 years, 5 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
and <b>Fully Qualified Domain Names</b> and includes a <b>Postquantum Preshared Key (PPK)</b>
that's also mixed into the derived key material. The PPK_ID used by <b>dave</b> is
unknown to <b>moon</b> but since both peers don't enforce the use of a PPK they fall back
to regular authentication by use of the authentication data provided in the NO_PPK_AUTH
notify.
Upon the successful establishment of the IPsec tunnels,
<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
let pass the tunneled traffic. In order to test both tunnel and firewall, both
<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>