| 123456789101112 |
- The roadwarriors <b>carol</b> and <b>dave</b> set up an IPv6 connection each
- to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
- containing <b>RFC 3779 IP address block constraints</b>. All three hosts set
- <b>rightsubnet=::/0</b> thus allowing the peers to narrow down the address range to
- their actual subnets or IP addresses. These unilaterally proposed traffic selectors
- must be validated by corresponding IP address block constraints.
- <p/>
- Upon the successful establishment of the IPv6 ESP tunnels, <b>leftfirewall=yes</b>
- automatically inserts ip6tables-based firewall rules that let pass the tunneled traffic.
- In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> send
- an IPv6 ICMP request to the client <b>alice</b> behind the gateway <b>moon</b>
- using the ping6 command.
|
